ach-master.git
8 years agos_client -> s\_client.
Aaron Kaplan [Fri, 6 Dec 2013 21:16:07 +0000 (22:16 +0100)]
s_client -> s\_client.
"_" (underscore has a meaning in TeX)

8 years agoWhoops, actually forgot to mention OpenSSL s_client in the command line tools section.
Pepi Zawodsky [Fri, 6 Dec 2013 20:14:14 +0000 (21:14 +0100)]
Whoops, actually forgot to mention OpenSSL s_client in the command line tools section.

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Pepi Zawodsky [Fri, 6 Dec 2013 20:12:19 +0000 (21:12 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoAdded more links in the tools section and restructured into via-web-tests for servers...
Pepi Zawodsky [Fri, 6 Dec 2013 20:12:16 +0000 (21:12 +0100)]
Added more links in the tools section and restructured into via-web-tests for servers, client tests, command line tools and Guides with best practice recommendations.x

8 years agovpn: removed typos
Aaron Zauner [Fri, 6 Dec 2013 20:10:24 +0000 (21:10 +0100)]
vpn: removed typos

8 years agoproxy_solutions: changed wording, removed spelling mistakes/typos
Aaron Zauner [Fri, 6 Dec 2013 20:09:07 +0000 (21:09 +0100)]
proxy_solutions: changed wording, removed spelling mistakes/typos

8 years agomake this more sub :p
Aaron Zauner [Fri, 6 Dec 2013 20:04:21 +0000 (21:04 +0100)]
make this more sub :p

8 years agochanged wording in mailserver, split mailserver and ssh in two files
Aaron Zauner [Fri, 6 Dec 2013 20:03:06 +0000 (21:03 +0100)]
changed wording in mailserver, split mailserver and ssh in two files

8 years agoipmi: changed wording
Aaron Zauner [Fri, 6 Dec 2013 19:54:41 +0000 (20:54 +0100)]
ipmi: changed wording

8 years agoGPG: changed wording, fixed spelling,..
Aaron Zauner [Fri, 6 Dec 2013 19:52:09 +0000 (20:52 +0100)]
GPG: changed wording, fixed spelling,..

8 years agociphersuites: changed wording
Aaron Zauner [Fri, 6 Dec 2013 19:35:06 +0000 (20:35 +0100)]
ciphersuites: changed wording

8 years agociphersuites: removed typos, changed spelling, added references
Aaron Zauner [Fri, 6 Dec 2013 19:23:13 +0000 (20:23 +0100)]
ciphersuites: removed typos, changed spelling, added references

8 years agoPKIs: added references, changed wording
Aaron Zauner [Fri, 6 Dec 2013 19:09:57 +0000 (20:09 +0100)]
PKIs: added references, changed wording

8 years agomethods: added references, changed wording
Aaron Zauner [Fri, 6 Dec 2013 18:53:01 +0000 (19:53 +0100)]
methods: added references, changed wording

8 years agodisclaimer: changed wording, added references to mentioned sections
Aaron Zauner [Fri, 6 Dec 2013 18:43:28 +0000 (19:43 +0100)]
disclaimer: changed wording, added references to mentioned sections

8 years agochange wording, add references
Aaron Zauner [Fri, 6 Dec 2013 18:37:14 +0000 (19:37 +0100)]
change wording, add references

8 years agoAdded Texted nginx setting
Pepi Zawodsky [Fri, 6 Dec 2013 17:55:45 +0000 (18:55 +0100)]
Added Texted nginx setting

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Pepi Zawodsky [Fri, 6 Dec 2013 17:53:38 +0000 (18:53 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoExperimental epub support
Pepi Zawodsky [Fri, 6 Dec 2013 17:53:28 +0000 (18:53 +0100)]
Experimental epub support

8 years agoFix typos
Ralf Schlatterbeck [Fri, 6 Dec 2013 17:36:55 +0000 (18:36 +0100)]
Fix typos

8 years agoadded ASA references, removed TODOs
Aaron Zauner [Fri, 6 Dec 2013 17:31:33 +0000 (18:31 +0100)]
added ASA references, removed TODOs

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Ralf Schlatterbeck [Fri, 6 Dec 2013 17:18:57 +0000 (18:18 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoStart with BiBTeX (RNG section converted)
Ralf Schlatterbeck [Fri, 6 Dec 2013 17:15:03 +0000 (18:15 +0100)]
Start with BiBTeX (RNG section converted)

Add new bibtex style alphalink.bst (this one can handle an URL parameter
in the bibtex entry and puts the url into a hyperref in the bibtex
label). I've written this style myself (by modifying one of the standard
bibtex styles).

8 years agoAdd a section over ejabberd and OTR
David Durvaux [Fri, 6 Dec 2013 16:50:30 +0000 (17:50 +0100)]
Add a section over ejabberd and OTR

8 years agocommented out the section on ssl libraries, not sure if it is in scope .. also: no...
Aaron Zauner [Thu, 5 Dec 2013 18:44:18 +0000 (19:44 +0100)]
commented out the section on ssl libraries, not sure if it is in scope .. also: no contributions that we can use in the paper

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Thu, 5 Dec 2013 13:29:59 +0000 (14:29 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoadded information for github users to README.md
Aaron Zauner [Thu, 5 Dec 2013 13:29:55 +0000 (14:29 +0100)]
added information for github users to README.md

8 years agoAdd Daniel to reviewers (if not co-authors)
Aaron Kaplan [Wed, 4 Dec 2013 23:14:00 +0000 (00:14 +0100)]
Add Daniel to reviewers (if not co-authors)

8 years agoupdate IPSEC section to new config a/b
cm [Wed, 4 Dec 2013 16:54:49 +0000 (17:54 +0100)]
update IPSEC section to new config a/b

8 years agoadded netcraft link on PFS to PFS section
Aaron Zauner [Wed, 4 Dec 2013 11:11:19 +0000 (12:11 +0100)]
added netcraft link on PFS to PFS section

8 years agoupdated reviewers.tex
Ulrich [Wed, 4 Dec 2013 10:56:32 +0000 (11:56 +0100)]
updated reviewers.tex

8 years agono downgrade attacks on ipsec
cm [Wed, 4 Dec 2013 10:34:58 +0000 (11:34 +0100)]
no downgrade attacks on ipsec

8 years agoadded nginx "test with" debian version
cm [Wed, 4 Dec 2013 10:32:54 +0000 (11:32 +0100)]
added nginx "test with" debian version

8 years agoshorten section title, make clear what is meant by SSL/TLS in the ASA section
Aaron Zauner [Tue, 3 Dec 2013 21:04:47 +0000 (22:04 +0100)]
shorten section title, make clear what is meant by SSL/TLS in the ASA section

8 years agoeasy-rsa can do 4096bit keys, been there done that, we should recommend it for VPNs
Aaron Zauner [Tue, 3 Dec 2013 21:02:57 +0000 (22:02 +0100)]
easy-rsa can do 4096bit keys, been there done that, we should recommend it for VPNs

8 years agoreorder openssh KEX algorithms by relevance of security decending
Aaron Zauner [Tue, 3 Dec 2013 20:32:16 +0000 (21:32 +0100)]
reorder openssh KEX algorithms by relevance of security decending

8 years agocorrect nomenclature on galloi counter mode
Aaron Zauner [Tue, 3 Dec 2013 20:18:52 +0000 (21:18 +0100)]
correct nomenclature on galloi counter mode

8 years agoadded openssh ServerKeyBits (set to 4096)
Aaron Zauner [Tue, 3 Dec 2013 17:40:05 +0000 (18:40 +0100)]
added openssh ServerKeyBits (set to 4096)

8 years agonsa does not get credits!
Aaron Zauner [Tue, 3 Dec 2013 15:47:57 +0000 (16:47 +0100)]
nsa does not get credits!

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Tue, 3 Dec 2013 15:40:47 +0000 (16:40 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoadd acknowledgement section
Aaron Zauner [Tue, 3 Dec 2013 15:40:46 +0000 (16:40 +0100)]
add acknowledgement section

8 years agopush the notes for the next steps
Aaron Kaplan [Mon, 2 Dec 2013 22:51:07 +0000 (23:51 +0100)]
push the notes for the next steps

8 years agotweak cipher string variant B
Aaron Kaplan [Mon, 2 Dec 2013 22:40:14 +0000 (23:40 +0100)]
tweak cipher string variant B

8 years agoitemize
Aaron Kaplan [Mon, 2 Dec 2013 22:40:05 +0000 (23:40 +0100)]
itemize

8 years agocomment out an old section which we simply kept before since it has a nice table...
Aaron Kaplan [Mon, 2 Dec 2013 20:44:09 +0000 (21:44 +0100)]
comment out an old section which we simply kept before since it has a nice table formatting example.

8 years agonarrow down scope a bit
Aaron Kaplan [Mon, 2 Dec 2013 20:33:52 +0000 (21:33 +0100)]
narrow down scope a bit

8 years agoremove the paragraph about NIST
Aaron Kaplan [Mon, 2 Dec 2013 20:30:46 +0000 (21:30 +0100)]
remove the paragraph about NIST

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 2 Dec 2013 20:06:53 +0000 (21:06 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoadded subsection text and justification for Cisco ASA
Aaron Zauner [Mon, 2 Dec 2013 20:06:47 +0000 (21:06 +0100)]
added subsection text and justification for Cisco ASA

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 2 Dec 2013 20:04:19 +0000 (21:04 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoalso put the presentation into git
Aaron Kaplan [Mon, 2 Dec 2013 20:00:06 +0000 (21:00 +0100)]
also put the presentation into git

8 years agomake sure that every "make pdf" re-generates the git info in the
Aaron Kaplan [Mon, 2 Dec 2013 19:58:41 +0000 (20:58 +0100)]
make sure that every "make pdf" re-generates the git info in the
pages' footer

8 years agoImproved Markdown Formatting of FAQ
Pepi Zawodsky [Mon, 2 Dec 2013 19:57:07 +0000 (20:57 +0100)]
Improved Markdown Formatting of FAQ

8 years agoImproved Markdown Formatting of README
Pepi Zawodsky [Mon, 2 Dec 2013 19:54:08 +0000 (20:54 +0100)]
Improved Markdown Formatting of README

8 years agoremark on the strength of 3DES
Aaron Kaplan [Mon, 2 Dec 2013 19:38:49 +0000 (20:38 +0100)]
remark on the strength of 3DES

8 years agowhite paper -> "guide"
Aaron Kaplan [Mon, 2 Dec 2013 19:38:19 +0000 (20:38 +0100)]
white paper -> "guide"

8 years agoadd a section on how to read this guide
Aaron Kaplan [Mon, 2 Dec 2013 19:38:00 +0000 (20:38 +0100)]
add a section on how to read this guide

8 years agoadd Berg San . Thanks for the DB section
Aaron Kaplan [Mon, 2 Dec 2013 17:52:51 +0000 (18:52 +0100)]
add Berg San . Thanks for the DB section

8 years agofix one todo from disclaimer.tex
Aaron Kaplan [Mon, 2 Dec 2013 11:08:39 +0000 (12:08 +0100)]
fix one todo from disclaimer.tex

8 years agorewrite openvpn section according to TODOs
cm [Sat, 30 Nov 2013 23:42:36 +0000 (00:42 +0100)]
rewrite openvpn section according to TODOs

8 years agoRemoved add_header X-Frame-Options DENY by suggestion of Christian Mock since it...
Pepi Zawodsky [Fri, 29 Nov 2013 18:52:19 +0000 (19:52 +0100)]
Removed add_header X-Frame-Options DENY by suggestion of Christian Mock since it is security- but not crypto related.

8 years agoFix typo (thanks to Adi)
Ralf Schlatterbeck [Fri, 29 Nov 2013 10:37:07 +0000 (11:37 +0100)]
Fix typo (thanks to Adi)

8 years agoCorrected misspelled namex
Pepi Zawodsky [Thu, 28 Nov 2013 14:36:36 +0000 (15:36 +0100)]
Corrected misspelled namex

8 years agominor formatting of a footnote: { } was missing
Aaron Kaplan [Thu, 28 Nov 2013 14:26:10 +0000 (15:26 +0100)]
minor formatting of a footnote: { } was missing

8 years agoadded section RNGs which was written by Ralf Schlatterbeck.
Aaron Kaplan [Thu, 28 Nov 2013 14:23:46 +0000 (15:23 +0100)]
added section RNGs which was written by Ralf Schlatterbeck.
Pls. review

8 years agoAdded nginx settings for DH parameters recommending at least the same bit length...
Pepi Zawodsky [Thu, 28 Nov 2013 13:13:15 +0000 (14:13 +0100)]
Added nginx settings for DH parameters recommending at least the same bit length as the RSA key used. Like Apache 2.4 implicily handles this.

8 years agonginx does't allow ssl_protocols to be excluded, only to be included. Our given examp...
Pepi Zawodsky [Thu, 28 Nov 2013 13:01:15 +0000 (14:01 +0100)]
nginx does't allow ssl_protocols to be excluded, only to be included. Our given example would be better but does not actually work in nginx (1.4.4, current stable as of 2013-11-28 14:00 CET). Corrected example to a working syntax.

8 years agoChanges nginx ECC curve selection example to the least-bad but actually widely suppor...
Pepi Zawodsky [Thu, 28 Nov 2013 12:58:15 +0000 (13:58 +0100)]
Changes nginx ECC curve selection example to the least-bad but actually widely supported curve which is secp384r1. The former sectk571k1 (Koblitz curve) would be a lot better, but is supported almost nowhere.

8 years agoinital introduction to the ssl libs section
Adi Kriegisch [Wed, 27 Nov 2013 15:02:57 +0000 (16:02 +0100)]
inital introduction to the ssl libs section

8 years agoapplied Berg San's patch from the mailing list as of 2013/11/26 19:23 UTC+2
Aaron Kaplan [Tue, 26 Nov 2013 19:19:12 +0000 (20:19 +0100)]
applied Berg San's patch from the mailing list as of 2013/11/26 19:23 UTC+2
+ Minor formatting improvement

8 years agoSplitting Cipher Suites section in multiple files
David Durvaux [Tue, 26 Nov 2013 17:05:56 +0000 (18:05 +0100)]
Splitting Cipher Suites section in multiple files

8 years agomodified crypto map to reflect cipher settings
Aaron Zauner [Tue, 26 Nov 2013 14:41:14 +0000 (15:41 +0100)]
modified crypto map to reflect cipher settings

8 years agoadded Cisco ASA IPsec + SSL VPN Settings
Aaron Zauner [Tue, 26 Nov 2013 13:57:05 +0000 (14:57 +0100)]
added Cisco ASA IPsec + SSL VPN Settings

8 years agoadded list on DH groups and bit security
Aaron Zauner [Tue, 26 Nov 2013 13:39:48 +0000 (14:39 +0100)]
added list on DH groups and bit security

8 years agoforgot a '"' while including "./practical_settings/proxy_solutions.tex" via \input{}
Aaron Kaplan [Tue, 26 Nov 2013 10:41:03 +0000 (11:41 +0100)]
forgot a '"' while including "./practical_settings/proxy_solutions.tex" via \input{}

8 years agofixes after practical settings refactoring
Wolfgang Breyha [Tue, 26 Nov 2013 10:32:42 +0000 (11:32 +0100)]
fixes after practical settings refactoring

8 years agoAdd missing files
David Durvaux [Tue, 26 Nov 2013 08:16:11 +0000 (09:16 +0100)]
Add missing files

8 years agoRefactor practical_settings to spli subsection in files
David Durvaux [Tue, 26 Nov 2013 06:19:44 +0000 (07:19 +0100)]
Refactor practical_settings to spli subsection in files

8 years agorephrasing
Aaron Kaplan [Tue, 26 Nov 2013 00:25:56 +0000 (01:25 +0100)]
rephrasing

8 years ago\newpage before a new section
Aaron Kaplan [Tue, 26 Nov 2013 00:23:50 +0000 (01:23 +0100)]
\newpage before a new section
erphrase abstract

8 years agoadd \newpage
Aaron Kaplan [Tue, 26 Nov 2013 00:11:54 +0000 (01:11 +0100)]
add \newpage

8 years agorephrase slightly
Aaron Kaplan [Tue, 26 Nov 2013 00:11:36 +0000 (01:11 +0100)]
rephrase slightly

8 years agore-format the new section as \begin{description} element.
Aaron Kaplan [Mon, 25 Nov 2013 23:26:15 +0000 (00:26 +0100)]
re-format the new section as \begin{description} element.
Feel free to change it if it should look differently.
Replaced quoting characters by real LaTeX quotation characters "``" and "''"

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Daniel Kovacic [Mon, 25 Nov 2013 22:25:04 +0000 (23:25 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agosection 8 very first proposal without sources and proper tex
Daniel Kovacic [Mon, 25 Nov 2013 22:23:41 +0000 (23:23 +0100)]
section 8 very first proposal without sources and proper tex

8 years agogive the other VPN subsections the structure based on template.tex
Aaron Kaplan [Mon, 25 Nov 2013 21:56:41 +0000 (22:56 +0100)]
give the other VPN subsections the structure based on template.tex

8 years agoadd radius
Aaron Kaplan [Mon, 25 Nov 2013 21:53:14 +0000 (22:53 +0100)]
add radius

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 25 Nov 2013 21:51:11 +0000 (22:51 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agostructure according to template.tex
Aaron Kaplan [Mon, 25 Nov 2013 21:50:49 +0000 (22:50 +0100)]
structure according to template.tex

8 years agomore clarification on SSH configuration
Aaron Zauner [Mon, 25 Nov 2013 21:48:46 +0000 (22:48 +0100)]
more clarification on SSH configuration

8 years agofix the formatting of template.tex (stupid \mbox{}s )
Aaron Kaplan [Mon, 25 Nov 2013 21:47:30 +0000 (22:47 +0100)]
fix the formatting of template.tex (stupid \mbox{}s )

8 years agomv SSH OpenSSH
Aaron Zauner [Mon, 25 Nov 2013 21:40:47 +0000 (22:40 +0100)]
mv SSH OpenSSH

8 years agonow just called "ipsec"
Aaron Zauner [Mon, 25 Nov 2013 21:37:52 +0000 (22:37 +0100)]
now just called "ipsec"

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 25 Nov 2013 21:37:01 +0000 (22:37 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoadd ssl libs section
Aaron Kaplan [Mon, 25 Nov 2013 21:36:50 +0000 (22:36 +0100)]
add ssl libs section

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 25 Nov 2013 21:33:18 +0000 (22:33 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoreference to ssh-dss discussion/bug report added
Aaron Zauner [Mon, 25 Nov 2013 21:33:13 +0000 (22:33 +0100)]
reference to ssh-dss discussion/bug report added

8 years agoone todo less :)
Aaron Kaplan [Mon, 25 Nov 2013 21:30:24 +0000 (22:30 +0100)]
one todo less :)

8 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Mon, 25 Nov 2013 21:27:38 +0000 (22:27 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

8 years agoclarification on DSA exclusion from openssh settings added
Aaron Zauner [Mon, 25 Nov 2013 21:27:33 +0000 (22:27 +0100)]
clarification on DSA exclusion from openssh settings added