[Owasp-leaders] FW: REQUESTFOR DECISION/CALL FOR CONTRIBUTIONS TO UPDATE THE ASSESSMENTCRITERIA
Arturo 'Buanzo' Busleiman
buanzo at buanzo.com.ar
Sat Mar 7 14:54:41 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
I'm one of the people that raised concerns about reviewing, categorization, etc, during EU Summit
08's Tools working session.
Others know me because of my projects, Enigform and mod_openpgp, the OpenPGP 'enhancements' to HTTP,
which provides HTTP Request identity and integrity verification, and a secure Session Management
(user/passworld-less login system, based on a challenge-response mechanism using OpenPGP features).
As you can see from my projects' description, it is of a very experimental nature. The real value
behind the tools is the specification of a protocol to allow Sign/Verify, Encrypt/Decrypt operations
for HTTP, plus the bonus Secure Session Management mechanism.
That provided, I (and others) find it difficult to properly follow the Assessment Criteria. For
instance, the first item (one-click installer) is basicly a whole project by itself (for client it's
quite simple, but needs basic knowledge of GnuPG). But the server-side component is an Apache
module. Today, only MandrivaLinux packages the module. But a webmaster willing to use it also needs
GnuPG *AND* Apache *AND* Linux/BSD knowledge.
My Season of Quality would be geared towards creating a full manual for both client and server
components, including basic GnuPG tutorials, almost-ready-to-go VMware images for the server
With all this, I basicly want to say that mine (and other projects, too) are not necessarily 'tools'
per se, and maybe there is need to assess this situation more throughly. I call for help in this
matter, or for someone to hit me in the face with a 'hey, you got it wrong, Buanzo! this is the
deal' explanation :P
Sorry for not being clear :)
Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107
Independent Linux and Security Consultant - SANS - OISSG - OWASP
Mailing List Archives at http://archiver.mailfighter.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the OWASP-Leaders