SMTP and DNS edits #69
Conversation
patrickbenkoetter
commented
Aug 6, 2014
patrickbenkoetter
commented
Restructured main.cf and master.cf for better reading
Restructured Postfix section
Added DANE description for Postfix
Added DNS as new chapter
Added DNS /etc/resolv.conf description
Added DNS resolver explanations (Credit goes to Carsten Strotmann, [email protected])
| # Demand high ciphers | ||
| mua_tls_mandatory_ciphers=high | ||
| # Limit the cipher list | ||
| mua_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA |
There was a problem hiding this comment.
should be a LaTeX macro as with the other config files.
There was a problem hiding this comment.
What exactly should be a macro?
There was a problem hiding this comment.
The cipherlist-makro can't be used here anymore. The cipherstring ais slightly changed.
|
Very good addition; although some sections are just stubs for now, is there a commitment that these will be filled in later (possibly soon)? |
|
Yes, there's commitment that these will be filled in soon. |
|
We're currently working on a first release of the document (i.e. "version 1.0"). New additions should be as complete as possible. I'd like to include this part, but there are still stubs that need content as explained earlier. We're aiming for the end of 2014 - @patrickbenkoetter is it possible to fill those gaps until then? |
I'll have a look at it. The main gap missing is the macro? p@rick [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 |
|
Yup also the whole end of the commit is just stubs (DNSSEC as well as various other software daemons) - starting here: https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/69/files#diff-061c5bd597f9d7d450cc0b802b8f7ceaR277 If we do not have anyone to write something up for these, we'll need to remove these sections for now. |
| @@ -17,25 +17,55 @@ append_dot_mydomain = no | |||
|
|
|||
| readme_directory = no | |||
|
|
|||
| readme_directory = no | |||
| ## General TLS options | |||
| tls_ssl_options = NO_COMPRESSION | |||
There was a problem hiding this comment.
This parameter is not available in all versions, see http://www.postfix.org/postconf.5.html#tls_ssl_options
|
The conclusion one year ago was that the PR is incomplete. Is there any chance that the missing parts will be filled up? Also, please rebase your branch on current master. |
|
+1. |
|
I'm still recovering from illness. I will need to inspect this closer, as I have lost track of the changes that should be done. I'll also have to talk this over with Carsten Strotmann, who would be the person to write more elaborated about DNSSEC. |
azet
force-pushed
the
master
branch
15 times, most recently
from
292b4ee to
ed49f58
Compare
azet
force-pushed
the
master
branch
15 times, most recently
from
6c97cf6 to
5c20660
Compare
|
Can this PR be revisited? Looks quite promising. Thank you. |
|
We'd be very happy to have this PR in our document. By now it i not only out of date but also conflicting with the git master tree. If someone feels like working on this PR, please let me know! This PR has been around since 2014 and hasn't seen much change since then, it's still incomplete and by now it'll need to be updated. |
| @@ -22,6 +22,8 @@ | |||
| \newacronym{EDH}{edh}{Ephemeral Diffie-Hellman} | |||
| \newacronym{EECDH}{eecdh\alsoidx{Diffie--Hellman}\alsoidx{elliptic curve}}{% | |||
| elliptic curve ephemeral Diffie--Hellman} | |||
| \newacronym{MSA}{msa}{% | |||
| A message submission host from which messages sent by MUAs originates and will be transported towards its final destination} | |||
|
* AaronK <[email protected]>:
aaronkaplan requested changes on this pull request.
we need to re-work this PR completely. The idea is good, the intentions make
sense but we need to re-work this one.
Any ideas in which direcition this should be reworked?
p@rick
P.S.
I'm about to leave for a two week vacation. Just in case you are in a hurry.
…
> @@ -22,6 +22,8 @@
\newacronym{EDH}{edh}{Ephemeral Diffie-Hellman}
\newacronym{EECDH}{eecdh\alsoidx{Diffie--Hellman}\alsoidx{elliptic curve}}{%
elliptic curve ephemeral Diffie--Hellman}
+\newacronym{MSA}{msa}{%
+ A message submission host from which messages sent by MUAs originates and will be transported towards its final destination}
ok
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#69 (review)
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
|
