Open claudijd opened 7 years ago
We should also revisit the Modern policy for SSH and provide justifications for each and maybe even get some community vetting of the list. This could be a good discussion point for next week in SFO over beverages_of_choice.
/cc @gdestuynder you game?
Don't block this on that, but Modern's already been under review for some time now in a bug open on their side.
/cc @jvehent interested?
Yeah i think we have a similar "issue" with TLS guidelines, where we basically make an opinionated choice on what list you need to be following the standard we set. It can be improved for expectations setting though, which can be by including rationales in the output of recommendations
Source: https://twitter.com/fugueish/status/876891820134813696
Currently, we suggest removal for cases where a cipher is not in the policy. Perhaps we need to be more specific about why a cipher is not part of a given policy.