Closed markgamache closed 2 weeks ago
@kwwall @jmanico @MarkSRobinson here is the PR for the major rewrite of the original doc. Changes to the cheat sheet would come after this and reference this.
Thanks for tackling this. I need to have a good read through, but just on the surface: Is it really worth while/meaningful linking to the 2013 docs?
@kingthorin - @markgamache and I discussed that. One main reason why we left it in is because the 2013 version is embedded in a lot of corporate GRC policies and standards documents and given that many of those folks don't have deep technical roots, unless they have something to compare this new version to, they might not understand why these drastic changes were long overdue. The 2013 version brings in the fuller historical context (which this document only touches on), so we decided to leave that reference in. I do expect in a year or two though, we should probably go back and remove the 2013 reference. I would be in favor of that.
CS project leads - As a co-author of this PR (@markgamache did most of the heavy lifting), I'm going to recuse myself of reviewing / approving this. You might want to invite Jeffrey Walton to review it though, but I'm not sure how that would work since he's no longer an OWASP member though. However, he is someone who has the technical chops from a cryptography and PKI perspective and whom I very much trust the judgement of. We certainly can use some more SMEs to look at this since this is such a niche area.
CS project leads - As a co-author of this PR (@markgamache did most of the heavy lifting), I'm going to recuse myself of reviewing / approving this. You might want to invite Jeffrey Walton to review it though, but I'm not sure how that would work since he's no longer an OWASP member though. However, he is someone who has the technical chops from a cryptography and PKI perspective and whom I very much trust the judgement of. We certainly can use some more SMEs to look at this since this is such a niche area.
FWIW, I may be able to recruit a few PKI types to take a look, if that would help. I know current and former CABF members and some other players in the space. FWIW, when seeking input from them, they all were rather excited about the possible change.
Thanks @markgamache Im happy with how this is now but I'll wait for some others to review as well.
Thanks @markgamache Im happy with how this is now but I'll wait for some others to review as well.
@kingthorin have you got anyone else in mind?
Naw, I’m gonna merge it. If anyone has comments they can be addressed in another PR or a contribution by that person.
Conversation on the issue can be found here