markgamache
commented
2 weeks ago @kwwall @jmanico @MarkSRobinson here is the PR for the major rewrite of the original doc. Changes to the cheat sheet would come after this and reference this.
Closed markgamache closed 2 weeks ago
markgamache
commented
2 weeks ago @kwwall @jmanico @MarkSRobinson here is the PR for the major rewrite of the original doc. Changes to the cheat sheet would come after this and reference this.
kingthorin
commented
2 weeks ago Thanks for tackling this. I need to have a good read through, but just on the surface: Is it really worth while/meaningful linking to the 2013 docs?
kwwall
commented
2 weeks ago @kingthorin - @markgamache and I discussed that. One main reason why we left it in is because the 2013 version is embedded in a lot of corporate GRC policies and standards documents and given that many of those folks don't have deep technical roots, unless they have something to compare this new version to, they might not understand why these drastic changes were long overdue. The 2013 version brings in the fuller historical context (which this document only touches on), so we decided to leave that reference in. I do expect in a year or two though, we should probably go back and remove the 2013 reference. I would be in favor of that.
kwwall
commented
2 weeks ago CS project leads - As a co-author of this PR (@markgamache did most of the heavy lifting), I'm going to recuse myself of reviewing / approving this. You might want to invite Jeffrey Walton to review it though, but I'm not sure how that would work since he's no longer an OWASP member though. However, he is someone who has the technical chops from a cryptography and PKI perspective and whom I very much trust the judgement of. We certainly can use some more SMEs to look at this since this is such a niche area.
markgamache
commented
2 weeks ago CS project leads - As a co-author of this PR (@markgamache did most of the heavy lifting), I'm going to recuse myself of reviewing / approving this. You might want to invite Jeffrey Walton to review it though, but I'm not sure how that would work since he's no longer an OWASP member though. However, he is someone who has the technical chops from a cryptography and PKI perspective and whom I very much trust the judgement of. We certainly can use some more SMEs to look at this since this is such a niche area.
FWIW, I may be able to recruit a few PKI types to take a look, if that would help. I know current and former CABF members and some other players in the space. FWIW, when seeking input from them, they all were rather excited about the possible change.
kingthorin
commented
2 weeks ago Thanks @markgamache Im happy with how this is now but I'll wait for some others to review as well.
markgamache
commented
2 weeks ago Thanks @markgamache Im happy with how this is now but I'll wait for some others to review as well.
@kingthorin have you got anyone else in mind?
kingthorin
commented
2 weeks ago Naw, I’m gonna merge it. If anyone has comments they can be addressed in another PR or a contribution by that person.
Conversation on the issue can be found here