V6 - "Stored cryptography" vs "cryptography"

[randomstuff]

The V6 chapter is now called "Stored Cryptography" (and was before named "Cryptography"). I actually missed that point until now.

Do we want V6 to be only about Stored Cryptography only?

Some things here would me applicable in other context (such as "Random Values").

If we want V6 to be about "Stored Cryptography", this should probably be clearer in the introduction. In this case, #2310 for example should go somewhere else.

If we keep V6 "Stored Encryption" and V9 "Communication Encryption":

• What about general cryptographic requirements which applies to both? (such as "Random Values")
• Is V9 about "transport layer" security only or should application-layer crypto be in V9 as well?

Related #2252, #2310

[elarlang]

This is defining the scope for V6. We need to define, what and based on what rules fits to this paragraph.

In:

• The main problem to solve is about cryptography
• How to implement cryptography correctly

Questionable:

• Using cryptography is (just a possible) solution to solve the main problem

For example, 6.4.1 in the secret management section - the main problem to solve is incorrect handling of secrets, although the solution to solve is to use cryptography (key vault). 6.4.1 got merge from 2.10.4, probably it was not good move.

[danielcuthbert]

If im honest, V6 Cryptography is where I'm leaning towards