ach-master.git
5 years agoMerge pull request #55 from krono/configfiles-and-latex
Aaron Zauner [Sat, 5 Apr 2014 17:59:21 +0000 (19:59 +0200)]
Merge pull request #55 from krono/configfiles-and-latex

Configfiles and latex

5 years agoMerge pull request #52 from bong0/master
Aaron Zauner [Sat, 5 Apr 2014 17:31:08 +0000 (19:31 +0200)]
Merge pull request #52 from bong0/master

I hopefully clarified what my report cipher name deprecation is about

5 years agoActually strip an image
Tobias Pape [Tue, 25 Mar 2014 16:54:55 +0000 (17:54 +0100)]
Actually strip an image

5 years agoSimplify an image
Tobias Pape [Tue, 25 Mar 2014 16:46:23 +0000 (17:46 +0100)]
Simplify an image

5 years agoSplit configfiles out of TeX document.
Tobias Pape [Tue, 25 Mar 2014 02:59:49 +0000 (03:59 +0100)]
Split configfiles out of TeX document.

This gives us the possibilty to give complete, downloadable
examles; All config files are linked to a modifieable URL,
the default being https://bettercrypto.org/static/configuration/...

Next step: replace ciphersuite automatically in those config files?

Most configfiles are based on their Debian Wheezy, sometime Jessie,
defaults.

5 years agoNicer tables
Tobias Pape [Tue, 25 Mar 2014 02:51:04 +0000 (03:51 +0100)]
Nicer tables

5 years agoUse OpenSans and SourceCode Pro from our own texmf
Tobias Pape [Tue, 25 Mar 2014 02:46:58 +0000 (03:46 +0100)]
Use OpenSans and SourceCode Pro from our own texmf

We pick it up automatically in the Makefile

5 years agoMake it easier to select draft/final
Tobias Pape [Tue, 25 Mar 2014 02:24:36 +0000 (03:24 +0100)]
Make it easier to select draft/final

5 years agoMerge pull request #54 from nagua/OpenSSH-Curve25519
Aaron Zauner [Sun, 23 Mar 2014 23:56:42 +0000 (00:56 +0100)]
Merge pull request #54 from nagua/OpenSSH-Curve25519

OpenSSH 6.6p1 Ciphers, MAC, Kex changes

5 years agoAdded myself to Acknowledgements
Nicolas Riebesel [Sun, 23 Mar 2014 22:58:30 +0000 (23:58 +0100)]
Added myself to Acknowledgements

5 years agoOpenSSH 6.6p1 Ciphers, MAC, Kex changes
Nicolas Riebesel [Sun, 23 Mar 2014 22:46:28 +0000 (23:46 +0100)]
OpenSSH 6.6p1 Ciphers, MAC, Kex changes

* New tested configuration for OpenSSH 6.6p1
* Added curve25519-sha256@libssh.org to KexAlgorithms (6.6p1)
* Added chacha20-poly1305@openssh.com to Ciphers (6.6p1)
* Added umac-128-etm@openssh.com and hmac-ripemd160 to MAC (6.6p1)

5 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 3 Mar 2014 19:20:21 +0000 (19:20 +0000)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

5 years agomake a note on RSA
Aaron Kaplan [Mon, 3 Mar 2014 19:20:04 +0000 (19:20 +0000)]
make a note on RSA

5 years agoSuggestion: Add SSL/TLS versions supported by MS IIS
Pepi Zawodsky [Thu, 27 Feb 2014 21:59:44 +0000 (22:59 +0100)]
Suggestion: Add SSL/TLS versions supported by MS IIS

5 years agoremoved Opera 17 from the list of supported browsers for Cipher A (thanks interfaSys...
Adi Kriegisch [Tue, 25 Feb 2014 08:49:49 +0000 (09:49 +0100)]
removed Opera 17 from the list of supported browsers for Cipher A (thanks interfaSys Sàrl for testing)

5 years agofixed CipherA compatibility (thanks interfaSys Sàrl) and added a reference to choosin...
Adi Kriegisch [Mon, 24 Feb 2014 17:28:44 +0000 (18:28 +0100)]
fixed CipherA compatibility (thanks interfaSys Sàrl) and added a reference to choosing ones own cipher suite

5 years agoadd Alexander Würstlein to authors, we'll need references to affiliation with supersc...
Aaron Zauner [Sun, 23 Feb 2014 19:44:31 +0000 (20:44 +0100)]
add Alexander Würstlein to authors, we'll need references to affiliation with superscript or similar soon

6 years agocreated a new old clients subsection for web servers and moved config hints in there
Adi Kriegisch [Mon, 17 Feb 2014 23:08:17 +0000 (00:08 +0100)]
created a new old clients subsection for web servers and moved config hints in there

6 years agomerging kerberos pull req. by @arwarw via github
Aaron Zauner [Fri, 14 Feb 2014 17:19:38 +0000 (18:19 +0100)]
merging kerberos pull req. by @arwarw via github

6 years agolistlisting is wrong
Alexander Wuerstlein [Fri, 14 Feb 2014 16:33:54 +0000 (17:33 +0100)]
listlisting is wrong

6 years agotypo: one more comma and an unescaped #
Alexander Wuerstlein [Fri, 14 Feb 2014 16:18:49 +0000 (17:18 +0100)]
typo: one more comma and an unescaped #

6 years agotypo: missing commata
Alexander Wuerstlein [Fri, 14 Feb 2014 15:44:01 +0000 (16:44 +0100)]
typo: missing commata

6 years agotypo: missing string name in security.bib
Alexander Wuerstlein [Fri, 14 Feb 2014 15:42:04 +0000 (16:42 +0100)]
typo: missing string name in security.bib

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Fri, 14 Feb 2014 13:45:59 +0000 (14:45 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agoadd presentations from the TF-CSIRT TERENA meeting
Aaron Kaplan [Fri, 14 Feb 2014 13:45:05 +0000 (14:45 +0100)]
add presentations from the TF-CSIRT TERENA meeting

6 years agoBibtex all urls included in comments
Alexander Wuerstlein [Thu, 13 Feb 2014 23:46:26 +0000 (00:46 +0100)]
Bibtex all urls included in comments

6 years agopostfix master.cf: remove spaces
cm [Wed, 12 Feb 2014 19:31:57 +0000 (20:31 +0100)]
postfix master.cf: remove spaces

6 years agoAdded StartTLS.info website for mail servers.
Pepi Zawodsky [Wed, 12 Feb 2014 18:25:17 +0000 (19:25 +0100)]
Added StartTLS.info website for mail servers.

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Wed, 12 Feb 2014 10:49:55 +0000 (11:49 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agoadd some notes
Aaron Kaplan [Wed, 12 Feb 2014 10:49:45 +0000 (11:49 +0100)]
add some notes

6 years agoMerge pull request #53 from hansenerd/master
Aaron Zauner [Wed, 12 Feb 2014 08:26:03 +0000 (09:26 +0100)]
Merge pull request #53 from hansenerd/master

fix nginx Strict-Transport-Security example directive.

6 years agofix nginx Strict-Transport-Security example directive.
Christoph Gebhardt [Tue, 11 Feb 2014 23:02:28 +0000 (00:02 +0100)]
fix nginx Strict-Transport-Security example directive.

6 years agoAdded more details to the OpenVPN warnings.
Pepi Zawodsky [Tue, 11 Feb 2014 19:26:56 +0000 (20:26 +0100)]
Added more details to the OpenVPN warnings.

6 years agofixed typo
Julian [Tue, 11 Feb 2014 19:21:57 +0000 (20:21 +0100)]
fixed typo

6 years agoadded clarification on openvpn deprecation messages
Julian [Tue, 11 Feb 2014 19:21:21 +0000 (20:21 +0100)]
added clarification on openvpn deprecation messages

6 years agoAdded bug report by @bong0 for OpenVPN 2.3.2
Pepi Zawodsky [Tue, 11 Feb 2014 18:41:42 +0000 (19:41 +0100)]
Added bug report by @bong0 for OpenVPN 2.3.2

6 years agomore URLs converted to https
Viktor Szakats [Wed, 5 Feb 2014 20:04:30 +0000 (21:04 +0100)]
more URLs converted to https
removed duplicate link to http://checktls.com in command-line tool section
openssl.net -> openssl.org + https

6 years agoadded 'SSLStrictSNIVHostCheck off' to Apache SNI trick section
Adi Kriegisch [Mon, 3 Feb 2014 22:59:35 +0000 (23:59 +0100)]
added 'SSLStrictSNIVHostCheck off' to Apache SNI trick section

6 years agofix 'typo'
Adi Kriegisch [Mon, 3 Feb 2014 22:45:08 +0000 (23:45 +0100)]
fix 'typo'

6 years agoadded SNI trick to catch old browsers (apache)
Adi Kriegisch [Mon, 3 Feb 2014 22:36:48 +0000 (23:36 +0100)]
added SNI trick to catch old browsers (apache)

6 years agoadded SNI trick to catch old browsers (nginx)
Adi Kriegisch [Mon, 3 Feb 2014 21:30:20 +0000 (22:30 +0100)]
added SNI trick to catch old browsers (nginx)

6 years agoadded tinc as per push request on GitHub by VanNostrand - reformatted to our TeX...
Aaron Zauner [Mon, 3 Feb 2014 11:06:03 +0000 (12:06 +0100)]
added tinc as per push request on GitHub by VanNostrand - reformatted to our TeX layout, got rid of text that won\'t make sense in the paper (openssl stuff, already mentioned a lot in the paper)

6 years agoMerge pull request #48 from vszakats/use-more-https-urls
Aaron Zauner [Mon, 3 Feb 2014 10:36:27 +0000 (02:36 -0800)]
Merge pull request #48 from vszakats/use-more-https-urls

use https for all IETF URLs

6 years agoMerge pull request #49 from berq/master
Aaron Zauner [Mon, 3 Feb 2014 10:33:41 +0000 (02:33 -0800)]
Merge pull request #49 from berq/master

DBs.tex TODO

6 years agoFix copy&paste error
Alexander Wuerstlein [Sun, 2 Feb 2014 19:49:19 +0000 (20:49 +0100)]
Fix copy&paste error

6 years agoFix copy&paste error
Alexander Wuerstlein [Sun, 2 Feb 2014 19:47:38 +0000 (20:47 +0100)]
Fix copy&paste error

6 years agoChange "other protocols" to infrastructure recomm.
Alexander Wuerstlein [Sun, 2 Feb 2014 19:38:27 +0000 (20:38 +0100)]
Change "other protocols" to infrastructure recomm.

Give more general advice on a wider range of problems.
Changes suggested by pforai and azet.

6 years agoremark on passwords
Alexander Wuerstlein [Sun, 2 Feb 2014 19:37:45 +0000 (20:37 +0100)]
remark on passwords

6 years agoChange "other protocols" section to more general infrastructure recommendations
Alexander Wuerstlein [Sun, 2 Feb 2014 19:27:57 +0000 (20:27 +0100)]
Change "other protocols" section to more general infrastructure recommendations

6 years agoChange "other protocols" section to more general infrastructure recommendations
Alexander Wuerstlein [Sun, 2 Feb 2014 19:26:15 +0000 (20:26 +0100)]
Change "other protocols" section to more general infrastructure recommendations

6 years agos/IMB/IBM/
berq [Thu, 30 Jan 2014 19:02:39 +0000 (20:02 +0100)]
s/IMB/IBM/

6 years agoDone the things in the todo.md
berq [Thu, 30 Jan 2014 18:58:37 +0000 (19:58 +0100)]
Done the things in the todo.md

6 years agouse https for all IETF URLs
Viktor Szakats [Thu, 30 Jan 2014 13:19:29 +0000 (14:19 +0100)]
use https for all IETF URLs

6 years agoAdded task for improving the wording of the mailing list site
Pepi Zawodsky [Wed, 29 Jan 2014 20:09:52 +0000 (21:09 +0100)]
Added task for improving the wording of the mailing list site

6 years agoexclude ICS systems
Aaron Kaplan [Mon, 27 Jan 2014 09:09:15 +0000 (10:09 +0100)]
exclude ICS systems

6 years agoTODO Bugfix: Apache should recommend redirect instead of rewrite.
Pepi Zawodsky [Tue, 21 Jan 2014 23:58:04 +0000 (00:58 +0100)]
TODO Bugfix: Apache should recommend redirect instead of rewrite.

6 years agorm -f is as good as if [ -f ... ] ; then rm ...
Aaron Kaplan [Tue, 21 Jan 2014 00:29:26 +0000 (01:29 +0100)]
rm -f is as good as if [ -f ... ] ; then rm ...

6 years agoMerge branch 'master' of github.com:sebix/Applied-Crypto-Hardening into sebix-master
Aaron Kaplan [Mon, 20 Jan 2014 23:26:54 +0000 (00:26 +0100)]
Merge branch 'master' of github.com:sebix/Applied-Crypto-Hardening into sebix-master

6 years agoRevert "Updated make clean to prevent incorrect failures"
Aaron Kaplan [Mon, 20 Jan 2014 23:23:52 +0000 (00:23 +0100)]
Revert "Updated make clean to prevent incorrect failures"

This reverts commit 4a5f09431ac311fd13a553e03cf534903467daee.

6 years agonotes
Aaron Kaplan [Mon, 20 Jan 2014 23:21:10 +0000 (00:21 +0100)]
notes

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 20 Jan 2014 22:21:23 +0000 (23:21 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agonotes
Aaron Kaplan [Mon, 20 Jan 2014 22:21:11 +0000 (23:21 +0100)]
notes

6 years agoUpdated make clean to prevent incorrect failures
Pepi Zawodsky [Mon, 20 Jan 2014 21:03:16 +0000 (22:03 +0100)]
Updated make clean to prevent incorrect failures

6 years agonotes
Aaron Kaplan [Mon, 20 Jan 2014 20:38:05 +0000 (21:38 +0100)]
notes

6 years agokeep notes
Aaron Kaplan [Mon, 20 Jan 2014 20:21:33 +0000 (21:21 +0100)]
keep notes

6 years agodon't forget things we said during the meeting. put it into TODO.md
Aaron Kaplan [Mon, 20 Jan 2014 19:25:29 +0000 (20:25 +0100)]
don't forget things we said during the meeting. put it into TODO.md

6 years agoadd feedback by Tobias pape
Aaron Kaplan [Mon, 20 Jan 2014 18:53:16 +0000 (19:53 +0100)]
add feedback by Tobias pape

6 years agoSpell checking (used aspell, and dict.cc and wikipedia for reference)
sebix [Mon, 20 Jan 2014 17:44:08 +0000 (18:44 +0100)]
Spell checking (used aspell, and dict.cc and wikipedia for reference)

6 years agowarning in SSH-section about connection problems (has also been requested on mailinglist)
sebix [Mon, 20 Jan 2014 17:41:57 +0000 (18:41 +0100)]
warning in SSH-section about connection problems (has also been requested on mailinglist)

6 years agoMerge branch 'master' into kerberos
Alexander Wuerstlein [Sun, 19 Jan 2014 13:36:22 +0000 (14:36 +0100)]
Merge branch 'master' into kerberos

Conflicts:
src/practical_settings/kerberos.tex

6 years agoAdjusting listing box margin, was too for using texlive 2013, I had 2012
sebix [Sat, 18 Jan 2014 21:22:06 +0000 (22:22 +0100)]
Adjusting listing box margin, was too for using texlive 2013, I had 2012

6 years agoRevert paragraphDiamond
sebix [Fri, 17 Jan 2014 21:53:37 +0000 (22:53 +0100)]
Revert paragraphDiamond

6 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
sebix [Fri, 17 Jan 2014 11:02:48 +0000 (12:02 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
and adjust the LaTeX code

Conflicts:
src/practical_settings/mailserver.tex
src/practical_settings/vpn.tex

6 years agoMerge pull request #46 from oglueck/master
Aaron Zauner [Fri, 17 Jan 2014 10:09:05 +0000 (02:09 -0800)]
Merge pull request #46 from oglueck/master

add Openswan

6 years agoadd Openswan
Ortwin Glück [Thu, 16 Jan 2014 16:16:09 +0000 (17:16 +0100)]
add Openswan

6 years agopostfix: docs are wrong, loglevel must be >= 1
cm [Thu, 16 Jan 2014 14:09:57 +0000 (15:09 +0100)]
postfix: docs are wrong, loglevel must be >= 1

6 years agoAdd information on ECDH-params for lighttpd
sebix [Sat, 11 Jan 2014 21:43:03 +0000 (22:43 +0100)]
Add information on ECDH-params for lighttpd

6 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
sebix [Sat, 11 Jan 2014 21:41:58 +0000 (22:41 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

6 years agominor change
Aaron Kaplan [Sat, 11 Jan 2014 21:11:44 +0000 (22:11 +0100)]
minor change

6 years agorename TODO.txt to TODO.md so that it is easier to read on github
Aaron Kaplan [Sat, 11 Jan 2014 21:10:33 +0000 (22:10 +0100)]
rename TODO.txt to TODO.md so that it is easier to read on github

6 years agoCorrect merge Error: nginx: "as long as they are > 1024 bits"
sebix [Sat, 11 Jan 2014 21:03:56 +0000 (22:03 +0100)]
Correct merge Error: nginx: "as long as they are > 1024 bits"

6 years agoMerge remote-tracking branch 'upstream/master'
sebix [Sat, 11 Jan 2014 20:24:55 +0000 (21:24 +0100)]
Merge remote-tracking branch 'upstream/master'

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Sat, 11 Jan 2014 19:03:57 +0000 (20:03 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agonote about feedback: explain compression
Aaron Kaplan [Sat, 11 Jan 2014 19:03:35 +0000 (20:03 +0100)]
note about feedback: explain compression

6 years agolast small typographical corrections
sebix [Sat, 11 Jan 2014 18:07:07 +0000 (19:07 +0100)]
last small typographical corrections
paragraphs and empty lines

6 years agoPKI Self-Signing: add a command to create a cert and self-sign it
sebix [Sat, 11 Jan 2014 17:48:27 +0000 (18:48 +0100)]
PKI Self-Signing: add a command to create a cert and self-sign it

6 years agouse the order Tested > Settings > References everywhere, corrected
sebix [Sat, 11 Jan 2014 17:36:01 +0000 (18:36 +0100)]
use the order Tested > Settings > References everywhere, corrected
some typographic issues with paragraphDiamond and paragraph

6 years agoUse compact lists of mdwlist, save space
sebix [Sat, 11 Jan 2014 17:20:45 +0000 (18:20 +0100)]
Use compact lists of mdwlist, save space

6 years agoRemove Heading (scrheadings), Aaron's wish
sebix [Sat, 11 Jan 2014 17:09:40 +0000 (18:09 +0100)]
Remove Heading (scrheadings), Aaron's wish

6 years agoMakefile: "make once" runs pdflatex once; .txt only removed if
sebix [Sat, 11 Jan 2014 17:00:24 +0000 (18:00 +0100)]
Makefile: "make once" runs pdflatex once; .txt only removed if
existing (make otherwise throws an error)

6 years agoLaTeX-Code cleanup, syntax uniformed and correct typography, new
sebix [Sat, 11 Jan 2014 16:57:13 +0000 (17:57 +0100)]
LaTeX-Code cleanup, syntax uniformed and correct typography, new
command: \paragraphDiamond{heading}
it makes a paragraph and afterwards displays a \diamond, should be
used when you need something below \subsubsection. It is more
space-saving than \paragraph{heading}\mbox{}\\

6 years agoUse UTF-8 for umlauts, copying them out of the PDF does now work,
sebix [Sat, 11 Jan 2014 14:05:35 +0000 (15:05 +0100)]
Use UTF-8 for umlauts, copying them out of the PDF does now work,
corrected some HTML-Umlauts

6 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
sebix [Sat, 11 Jan 2014 13:54:28 +0000 (14:54 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

Conflicts:
src/acknowledgements.tex
src/applied-crypto-hardening.tex
src/cipherStringB.txt
src/disclaimer.tex
src/perlify.pl
src/practical_settings.tex
src/practical_settings/DBs.tex
src/practical_settings/GPG.tex
src/practical_settings/im.tex
src/practical_settings/mailserver.tex
src/practical_settings/ssh.tex
src/practical_settings/vpn.tex
src/practical_settings/webserver.tex
src/reviewers.tex

6 years agoAdded very experimental TXT export
Pepi Zawodsky [Fri, 10 Jan 2014 18:39:17 +0000 (19:39 +0100)]
Added very experimental TXT export

6 years agoAdded a tools to check for mixed SSL on your website
Pepi Zawodsky [Fri, 10 Jan 2014 18:38:11 +0000 (19:38 +0100)]
Added a tools to check for mixed SSL on your website

6 years agocorrection for F.Mendel's association: it is A-Sit and IAIK.
Aaron Kaplan [Thu, 9 Jan 2014 14:51:36 +0000 (15:51 +0100)]
correction for F.Mendel's association: it is A-Sit and IAIK.

6 years agoadd recommended reading
Alexander Wuerstlein [Thu, 9 Jan 2014 14:39:04 +0000 (15:39 +0100)]
add recommended reading

reference http://gost.isi.edu/publications/kerberos-neuman-tso.html

6 years agoMerge pull request #44 from mathisdt/master
Aaron Zauner [Wed, 8 Jan 2014 20:01:12 +0000 (12:01 -0800)]
Merge pull request #44 from mathisdt/master

added tested versions and harmonized references to Debian Versions

6 years agoadded tested versions and harmonized references to Debian Versions (Wheezy makes...
Mathis Dirksen-Thedens [Wed, 8 Jan 2014 18:32:14 +0000 (19:32 +0100)]
added tested versions and harmonized references to Debian Versions (Wheezy makes more sense than 7.0 or 7.3)

6 years agoremove leftover text fragment
Alexander Wuerstlein [Wed, 8 Jan 2014 11:17:37 +0000 (12:17 +0100)]
remove leftover text fragment