ach-master.git
6 years agoadded nginx "test with" debian version
cm [Wed, 4 Dec 2013 10:32:54 +0000 (11:32 +0100)]
added nginx "test with" debian version

7 years agoshorten section title, make clear what is meant by SSL/TLS in the ASA section
Aaron Zauner [Tue, 3 Dec 2013 21:04:47 +0000 (22:04 +0100)]
shorten section title, make clear what is meant by SSL/TLS in the ASA section

7 years agoeasy-rsa can do 4096bit keys, been there done that, we should recommend it for VPNs
Aaron Zauner [Tue, 3 Dec 2013 21:02:57 +0000 (22:02 +0100)]
easy-rsa can do 4096bit keys, been there done that, we should recommend it for VPNs

7 years agoreorder openssh KEX algorithms by relevance of security decending
Aaron Zauner [Tue, 3 Dec 2013 20:32:16 +0000 (21:32 +0100)]
reorder openssh KEX algorithms by relevance of security decending

7 years agocorrect nomenclature on galloi counter mode
Aaron Zauner [Tue, 3 Dec 2013 20:18:52 +0000 (21:18 +0100)]
correct nomenclature on galloi counter mode

7 years agoadded openssh ServerKeyBits (set to 4096)
Aaron Zauner [Tue, 3 Dec 2013 17:40:05 +0000 (18:40 +0100)]
added openssh ServerKeyBits (set to 4096)

7 years agonsa does not get credits!
Aaron Zauner [Tue, 3 Dec 2013 15:47:57 +0000 (16:47 +0100)]
nsa does not get credits!

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Tue, 3 Dec 2013 15:40:47 +0000 (16:40 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoadd acknowledgement section
Aaron Zauner [Tue, 3 Dec 2013 15:40:46 +0000 (16:40 +0100)]
add acknowledgement section

7 years agopush the notes for the next steps
Aaron Kaplan [Mon, 2 Dec 2013 22:51:07 +0000 (23:51 +0100)]
push the notes for the next steps

7 years agotweak cipher string variant B
Aaron Kaplan [Mon, 2 Dec 2013 22:40:14 +0000 (23:40 +0100)]
tweak cipher string variant B

7 years agoitemize
Aaron Kaplan [Mon, 2 Dec 2013 22:40:05 +0000 (23:40 +0100)]
itemize

7 years agocomment out an old section which we simply kept before since it has a nice table...
Aaron Kaplan [Mon, 2 Dec 2013 20:44:09 +0000 (21:44 +0100)]
comment out an old section which we simply kept before since it has a nice table formatting example.

7 years agonarrow down scope a bit
Aaron Kaplan [Mon, 2 Dec 2013 20:33:52 +0000 (21:33 +0100)]
narrow down scope a bit

7 years agoremove the paragraph about NIST
Aaron Kaplan [Mon, 2 Dec 2013 20:30:46 +0000 (21:30 +0100)]
remove the paragraph about NIST

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 2 Dec 2013 20:06:53 +0000 (21:06 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoadded subsection text and justification for Cisco ASA
Aaron Zauner [Mon, 2 Dec 2013 20:06:47 +0000 (21:06 +0100)]
added subsection text and justification for Cisco ASA

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 2 Dec 2013 20:04:19 +0000 (21:04 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoalso put the presentation into git
Aaron Kaplan [Mon, 2 Dec 2013 20:00:06 +0000 (21:00 +0100)]
also put the presentation into git

7 years agomake sure that every "make pdf" re-generates the git info in the
Aaron Kaplan [Mon, 2 Dec 2013 19:58:41 +0000 (20:58 +0100)]
make sure that every "make pdf" re-generates the git info in the
pages' footer

7 years agoImproved Markdown Formatting of FAQ
Pepi Zawodsky [Mon, 2 Dec 2013 19:57:07 +0000 (20:57 +0100)]
Improved Markdown Formatting of FAQ

7 years agoImproved Markdown Formatting of README
Pepi Zawodsky [Mon, 2 Dec 2013 19:54:08 +0000 (20:54 +0100)]
Improved Markdown Formatting of README

7 years agoremark on the strength of 3DES
Aaron Kaplan [Mon, 2 Dec 2013 19:38:49 +0000 (20:38 +0100)]
remark on the strength of 3DES

7 years agowhite paper -> "guide"
Aaron Kaplan [Mon, 2 Dec 2013 19:38:19 +0000 (20:38 +0100)]
white paper -> "guide"

7 years agoadd a section on how to read this guide
Aaron Kaplan [Mon, 2 Dec 2013 19:38:00 +0000 (20:38 +0100)]
add a section on how to read this guide

7 years agoadd Berg San . Thanks for the DB section
Aaron Kaplan [Mon, 2 Dec 2013 17:52:51 +0000 (18:52 +0100)]
add Berg San . Thanks for the DB section

7 years agofix one todo from disclaimer.tex
Aaron Kaplan [Mon, 2 Dec 2013 11:08:39 +0000 (12:08 +0100)]
fix one todo from disclaimer.tex

7 years agorewrite openvpn section according to TODOs
cm [Sat, 30 Nov 2013 23:42:36 +0000 (00:42 +0100)]
rewrite openvpn section according to TODOs

7 years agoRemoved add_header X-Frame-Options DENY by suggestion of Christian Mock since it...
Pepi Zawodsky [Fri, 29 Nov 2013 18:52:19 +0000 (19:52 +0100)]
Removed add_header X-Frame-Options DENY by suggestion of Christian Mock since it is security- but not crypto related.

7 years agoFix typo (thanks to Adi)
Ralf Schlatterbeck [Fri, 29 Nov 2013 10:37:07 +0000 (11:37 +0100)]
Fix typo (thanks to Adi)

7 years agoCorrected misspelled namex
Pepi Zawodsky [Thu, 28 Nov 2013 14:36:36 +0000 (15:36 +0100)]
Corrected misspelled namex

7 years agominor formatting of a footnote: { } was missing
Aaron Kaplan [Thu, 28 Nov 2013 14:26:10 +0000 (15:26 +0100)]
minor formatting of a footnote: { } was missing

7 years agoadded section RNGs which was written by Ralf Schlatterbeck.
Aaron Kaplan [Thu, 28 Nov 2013 14:23:46 +0000 (15:23 +0100)]
added section RNGs which was written by Ralf Schlatterbeck.
Pls. review

7 years agoAdded nginx settings for DH parameters recommending at least the same bit length...
Pepi Zawodsky [Thu, 28 Nov 2013 13:13:15 +0000 (14:13 +0100)]
Added nginx settings for DH parameters recommending at least the same bit length as the RSA key used. Like Apache 2.4 implicily handles this.

7 years agonginx does't allow ssl_protocols to be excluded, only to be included. Our given examp...
Pepi Zawodsky [Thu, 28 Nov 2013 13:01:15 +0000 (14:01 +0100)]
nginx does't allow ssl_protocols to be excluded, only to be included. Our given example would be better but does not actually work in nginx (1.4.4, current stable as of 2013-11-28 14:00 CET). Corrected example to a working syntax.

7 years agoChanges nginx ECC curve selection example to the least-bad but actually widely suppor...
Pepi Zawodsky [Thu, 28 Nov 2013 12:58:15 +0000 (13:58 +0100)]
Changes nginx ECC curve selection example to the least-bad but actually widely supported curve which is secp384r1. The former sectk571k1 (Koblitz curve) would be a lot better, but is supported almost nowhere.

7 years agoinital introduction to the ssl libs section
Adi Kriegisch [Wed, 27 Nov 2013 15:02:57 +0000 (16:02 +0100)]
inital introduction to the ssl libs section

7 years agoapplied Berg San's patch from the mailing list as of 2013/11/26 19:23 UTC+2
Aaron Kaplan [Tue, 26 Nov 2013 19:19:12 +0000 (20:19 +0100)]
applied Berg San's patch from the mailing list as of 2013/11/26 19:23 UTC+2
+ Minor formatting improvement

7 years agoSplitting Cipher Suites section in multiple files
David Durvaux [Tue, 26 Nov 2013 17:05:56 +0000 (18:05 +0100)]
Splitting Cipher Suites section in multiple files

7 years agomodified crypto map to reflect cipher settings
Aaron Zauner [Tue, 26 Nov 2013 14:41:14 +0000 (15:41 +0100)]
modified crypto map to reflect cipher settings

7 years agoadded Cisco ASA IPsec + SSL VPN Settings
Aaron Zauner [Tue, 26 Nov 2013 13:57:05 +0000 (14:57 +0100)]
added Cisco ASA IPsec + SSL VPN Settings

7 years agoadded list on DH groups and bit security
Aaron Zauner [Tue, 26 Nov 2013 13:39:48 +0000 (14:39 +0100)]
added list on DH groups and bit security

7 years agoforgot a '"' while including "./practical_settings/proxy_solutions.tex" via \input{}
Aaron Kaplan [Tue, 26 Nov 2013 10:41:03 +0000 (11:41 +0100)]
forgot a '"' while including "./practical_settings/proxy_solutions.tex" via \input{}

7 years agofixes after practical settings refactoring
Wolfgang Breyha [Tue, 26 Nov 2013 10:32:42 +0000 (11:32 +0100)]
fixes after practical settings refactoring

7 years agoAdd missing files
David Durvaux [Tue, 26 Nov 2013 08:16:11 +0000 (09:16 +0100)]
Add missing files

7 years agoRefactor practical_settings to spli subsection in files
David Durvaux [Tue, 26 Nov 2013 06:19:44 +0000 (07:19 +0100)]
Refactor practical_settings to spli subsection in files

7 years agorephrasing
Aaron Kaplan [Tue, 26 Nov 2013 00:25:56 +0000 (01:25 +0100)]
rephrasing

7 years ago\newpage before a new section
Aaron Kaplan [Tue, 26 Nov 2013 00:23:50 +0000 (01:23 +0100)]
\newpage before a new section
erphrase abstract

7 years agoadd \newpage
Aaron Kaplan [Tue, 26 Nov 2013 00:11:54 +0000 (01:11 +0100)]
add \newpage

7 years agorephrase slightly
Aaron Kaplan [Tue, 26 Nov 2013 00:11:36 +0000 (01:11 +0100)]
rephrase slightly

7 years agore-format the new section as \begin{description} element.
Aaron Kaplan [Mon, 25 Nov 2013 23:26:15 +0000 (00:26 +0100)]
re-format the new section as \begin{description} element.
Feel free to change it if it should look differently.
Replaced quoting characters by real LaTeX quotation characters "``" and "''"

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Daniel Kovacic [Mon, 25 Nov 2013 22:25:04 +0000 (23:25 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agosection 8 very first proposal without sources and proper tex
Daniel Kovacic [Mon, 25 Nov 2013 22:23:41 +0000 (23:23 +0100)]
section 8 very first proposal without sources and proper tex

7 years agogive the other VPN subsections the structure based on template.tex
Aaron Kaplan [Mon, 25 Nov 2013 21:56:41 +0000 (22:56 +0100)]
give the other VPN subsections the structure based on template.tex

7 years agoadd radius
Aaron Kaplan [Mon, 25 Nov 2013 21:53:14 +0000 (22:53 +0100)]
add radius

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 25 Nov 2013 21:51:11 +0000 (22:51 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agostructure according to template.tex
Aaron Kaplan [Mon, 25 Nov 2013 21:50:49 +0000 (22:50 +0100)]
structure according to template.tex

7 years agomore clarification on SSH configuration
Aaron Zauner [Mon, 25 Nov 2013 21:48:46 +0000 (22:48 +0100)]
more clarification on SSH configuration

7 years agofix the formatting of template.tex (stupid \mbox{}s )
Aaron Kaplan [Mon, 25 Nov 2013 21:47:30 +0000 (22:47 +0100)]
fix the formatting of template.tex (stupid \mbox{}s )

7 years agomv SSH OpenSSH
Aaron Zauner [Mon, 25 Nov 2013 21:40:47 +0000 (22:40 +0100)]
mv SSH OpenSSH

7 years agonow just called "ipsec"
Aaron Zauner [Mon, 25 Nov 2013 21:37:52 +0000 (22:37 +0100)]
now just called "ipsec"

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 25 Nov 2013 21:37:01 +0000 (22:37 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoadd ssl libs section
Aaron Kaplan [Mon, 25 Nov 2013 21:36:50 +0000 (22:36 +0100)]
add ssl libs section

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 25 Nov 2013 21:33:18 +0000 (22:33 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoreference to ssh-dss discussion/bug report added
Aaron Zauner [Mon, 25 Nov 2013 21:33:13 +0000 (22:33 +0100)]
reference to ssh-dss discussion/bug report added

7 years agoone todo less :)
Aaron Kaplan [Mon, 25 Nov 2013 21:30:24 +0000 (22:30 +0100)]
one todo less :)

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 25 Nov 2013 21:27:38 +0000 (22:27 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoclarification on DSA exclusion from openssh settings added
Aaron Zauner [Mon, 25 Nov 2013 21:27:33 +0000 (22:27 +0100)]
clarification on DSA exclusion from openssh settings added

7 years agoopenvpn: tls-cipher differences 2.2/2.3
cm [Mon, 25 Nov 2013 21:23:11 +0000 (22:23 +0100)]
openvpn: tls-cipher differences 2.2/2.3

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 25 Nov 2013 21:20:38 +0000 (22:20 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agore-formated the OpenVPN section to fit template.tex
Aaron Kaplan [Mon, 25 Nov 2013 21:20:09 +0000 (22:20 +0100)]
re-formated the OpenVPN section to fit template.tex

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 25 Nov 2013 21:17:35 +0000 (22:17 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agobetter wording in PPTP section
Aaron Zauner [Mon, 25 Nov 2013 21:17:31 +0000 (22:17 +0100)]
better wording in PPTP section

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 25 Nov 2013 21:05:39 +0000 (22:05 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 25 Nov 2013 21:05:30 +0000 (22:05 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoremove german-only links
Aaron Zauner [Mon, 25 Nov 2013 21:05:26 +0000 (22:05 +0100)]
remove german-only links

7 years agochange the section of mysql and postgresql
Aaron Kaplan [Mon, 25 Nov 2013 21:03:52 +0000 (22:03 +0100)]
change the section of mysql and postgresql
just format it in the same structure as template.tex

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Adi Kriegisch [Mon, 25 Nov 2013 21:03:16 +0000 (22:03 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agofixed url
Adi Kriegisch [Mon, 25 Nov 2013 21:02:30 +0000 (22:02 +0100)]
fixed url

7 years agoremove duplicate wording
Aaron Zauner [Mon, 25 Nov 2013 21:02:03 +0000 (22:02 +0100)]
remove duplicate wording

7 years agomore openvpn
cm [Mon, 25 Nov 2013 20:53:23 +0000 (21:53 +0100)]
more openvpn

7 years agoadded text about ILOs
Aaron Kaplan [Mon, 25 Nov 2013 20:50:59 +0000 (21:50 +0100)]
added text about ILOs

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 25 Nov 2013 20:36:37 +0000 (21:36 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoadded AES-GCM and UMAC (encrypt-then-mac only!)
Aaron Zauner [Mon, 25 Nov 2013 20:01:43 +0000 (21:01 +0100)]
added AES-GCM and UMAC (encrypt-then-mac only!)

7 years agoopenvpn section
cm [Mon, 25 Nov 2013 19:44:19 +0000 (20:44 +0100)]
openvpn section

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
cm [Mon, 25 Nov 2013 19:43:59 +0000 (20:43 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoopenvpn section
cm [Mon, 25 Nov 2013 19:25:43 +0000 (20:25 +0100)]
openvpn section

7 years agoopenvpn section
cm [Mon, 25 Nov 2013 19:25:43 +0000 (20:25 +0100)]
openvpn section

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 25 Nov 2013 19:18:22 +0000 (20:18 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Daniel Kovacic [Mon, 25 Nov 2013 18:20:42 +0000 (19:20 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoforward secrecy: its the server key!
cm [Mon, 25 Nov 2013 16:46:36 +0000 (17:46 +0100)]
forward secrecy: its the server key!

7 years agoupdated iis todo list
Daniel Kovacic [Sun, 24 Nov 2013 15:41:00 +0000 (16:41 +0100)]
updated iis todo list

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Sat, 23 Nov 2013 15:44:57 +0000 (16:44 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agocyrus corrections
Wolfgang Breyha [Sat, 23 Nov 2013 15:40:32 +0000 (16:40 +0100)]
cyrus corrections

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Fri, 22 Nov 2013 21:53:53 +0000 (22:53 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

7 years agoadded screenshots
cm [Fri, 22 Nov 2013 20:27:55 +0000 (21:27 +0100)]
added screenshots

7 years agowrote PPTP section
cm [Fri, 22 Nov 2013 20:22:37 +0000 (21:22 +0100)]
wrote PPTP section

7 years agowrote checkpoint firewall ipsec section
cm [Fri, 22 Nov 2013 20:06:30 +0000 (21:06 +0100)]
wrote checkpoint firewall ipsec section

7 years agocipher_suites: add section label
cm [Fri, 22 Nov 2013 19:29:58 +0000 (20:29 +0100)]
cipher_suites: add section label
practical_settings: rework IPSEC general section according to TODOs

7 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Fri, 22 Nov 2013 18:56:22 +0000 (19:56 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master