start adding basic info and ToDos

SUSE · Apr 28, 2023 · 1952b23 · 1952b23
1 parent f4bf605
commit 1952b23
Showing 1 changed file with 35 additions and 23 deletions.
diff --git a/xml/security_cryptopolicy.xml b/xml/security_cryptopolicy.xml
@@ -4,33 +4,45 @@
   <!ENTITY % entities SYSTEM "generic-entities.ent">
     %entities;
 ]>
-
 <chapter xmlns="http://docbook.org/ns/docbook"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          version="5.0"
          xml:id="cha-security-cryptopolicy">
+  <!--taroth 2023-04-28
+    Main ToDos (based on https://bugzilla.suse.com/show_bug.cgi?id=1209998#c7)
+    * add new chapter to Security Guide, describe also integration
+    * explain how we intend customers to use the crypto-policies
+    * explain what changed exactly and what impact this has,
+       e.g. if someone updates from SP3 (no active crypto-policies)
+       to SP4 (active crypto-policies)-->
+  <title>Using system-wide crypto policies</title>
+  <info>
+    <abstract>
+      <para>
+        bla
+      </para>
+    </abstract>
+    <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
+      <dm:bugtracker></dm:bugtracker>
+      <dm:translation>yes</dm:translation>
+    </dm:docmanager>
+  </info>
+  <sect1 xml:id="sec-security-cryptopolicy-oview">
+    <title>Conceptual overview</title>
 
- <title>Enforcing a system-wide crypto policy</title>
- <info>
-      <abstract>
-        <para>
-         bla
-        </para>
-      </abstract>
-      <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
-        <dm:bugtracker>
-        </dm:bugtracker>
-        <dm:translation>yes</dm:translation>
-      </dm:docmanager>
- </info>
-
- <sect1 xml:id="sec-security-cryptopolicy-oview">
-  <title>Conceptual overview</title>
+    <para>
+      The <package>crypto-policies</package> RPM package provides pre-built
+      configuration files with cryptographic policies for cryptographic
+      back-ends, such as SSL/TLS libraries. This package allows to set the
+      cryptographic security level for all applications that use a
+      cryptographic back-end supported by the policies.
+    </para>
 
-  <para>
-    bla
-  </para>
-
- </sect1>
-</chapter>
+    <para>
+      For now, OpenSSL, GnuTLS, Apache2, Java/OpenJDK (java-1_8_0-openjdk and
+      java-11-openjdk) and perl-IO-Socket-SSL follow these policies. More
+      libraries and applications will be added gradually.
+    </para>
+  </sect1>
+</chapter>