search

mozilla / ssh_scan_api

An API for ssh_scan (https://github.com/mozilla/ssh_scan) and the backend API service for the Mozilla SSH Observatory (https://observatory.mozilla.org/)
31 stars 12 forks source link

Include reasoning why certain ciphers should be removed #80

Open claudijd opened 7 years ago

claudijd commented 7 years ago

Source: https://twitter.com/fugueish/status/876891820134813696

Currently, we suggest removal for cases where a cipher is not in the policy. Perhaps we need to be more specific about why a cipher is not part of a given policy.

claudijd commented 7 years ago

We should also revisit the Modern policy for SSH and provide justifications for each and maybe even get some community vetting of the list. This could be a good discussion point for next week in SFO over beverages_of_choice.

claudijd commented 7 years ago

/cc @gdestuynder you game?

floatingatoll commented 7 years ago

Don't block this on that, but Modern's already been under review for some time now in a bug open on their side.

claudijd commented 7 years ago

/cc @jvehent interested?

gdestuynder commented 7 years ago

Yeah i think we have a similar "issue" with TLS guidelines, where we basically make an opinionated choice on what list you need to be following the standard we set. It can be improved for expectations setting though, which can be by including rationales in the output of recommendations