-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Establishing a community working group for ssl-config-generator #232
Comments
Hello, I am interested in maintaining this project. |
I am also interested in being one of the maintainers of this project. (The more qualified contributors, the merrier. 😄 ) |
I'd also like to kindly loop in @tomato42, @jvehent or @rgacogne who authored the foundations back in the day when this was part of @mozilla/server-side-tls as their TLS knowledge could be very beneficial for reviewing any upcoming changes, or the direction towards the future of the config generator and/or the recommendation JSONs it's based upon. There are others who've engaged with the project in the past as @szepeviktor, @thestinger or @polarathene who might not have added any actual lines of code to the configs, but have shown great understanding of the real world interoperability (in tricky domains as mailservers — that honestly need some serious improvement here) which is also needed to keep the configs relevant in 2024 and on… |
TL;DR: Thanks for the ping ❤️ While I can't afford to take on new commitments, I have shared some insights below that might assist future maintainers 👍
At a glance, my engagement within the projects was fairly low:
At the time I was doing quite a bit of research to extensively document cipher suite compatibility and an appropriate selection for securing mail servers with (since client/server support lags behind browsers). I never found time to complete the document and publish it, but was quite close to completion IIRC. I shared a portion of it following this Dovecot/Postfix config audit comment. I still have that WIP document on disk but it'd be a little out of date since it's been untouched for over 3 years 😓
I don't have much insights on what the current state of TLS is like, but imagine many connections are TLS 1.3 these days or capable of using AEAD ciphers from TLS 1.2? Apart from accommodating changes like those I mentioned above, it'd be interesting to know more context for the client connections that need broader cipher support. They tend to be devices or deployments that cannot be easily updated but still relied upon, yet often within the context that they could probably leverage a proxy to mediate a secure connection for their server/client rather than lowering than lowering security on the other end. That is a different context than what was traditionally a concern with servers needing to support a wider demographic of clients. The latter, especially with web browsers becomes less relevant as their CA trust store expires (as has been the case for smart TV products around a decade old), more so when the user cannot update that to verify certificate trust. On the topic of TLS certificates and context:
I do, and have invested a significant amount of time towards being informed so others do not need to worry about such as much 👍
Despite my interest in security I unfortunately need to avoid taking on any new commitments.
|
I would love to help out maintaining this as well! |
I am also interested in being one of the maintainers of this project. |
@JGoutin @gstrauss @janbrasna @IAmATeaPot418 @IceCodeNew Jérémy, Glenn, Jamie, I'll email you directly, see if we can coordinate a time to chat/video conference and meet each other, chat about a plan. @IceCodeNew and @janbrasna, would you email me with your preferred email address and your full name so we can start the conversation? You can reach me at gene at mozilla.com I'll close this issue for the time being, but may open it later if we want to look for additional folks who are interested. I'll also make sure to comment here and to update the repo documentation with the maintainer plan once we have it. |
@janbrasna I still need you to email me. Would you do so? gene at mozilla.com |
This comment was marked as resolved.
This comment was marked as resolved.
@gene1wood would you please briefly update on status? Thanks. |
@gene1wood would you please briefly update on status? Thanks. |
I'm @gene1wood . I work in the Security Assurance team at Mozilla. I first created the SSL Config Generator in 2014 and my colleague @april rewrote it from scratch in 2019. I've been the maintainer of it since 2020, but haven't had success at getting support for dedicating more time in my day job to it. As a result, response to issues and merging of PRs has been slow.
I've proposed to Mozilla management exploring if establishing a community working group to take over maintenance of the project would work and have gotten approval for doing so.
Here's what I'm envisioning
My question to the community
This all depends on there being any community members that have an interest in contributing to the SSL Config Generator project. I think that this is the case but could be wrong. I'd like to find out if this sounds like a good idea to those folks that have already contributed to the project :
Do any of you, previous contributors, have an interest in stepping into a role as a maintainer for this project? I'm hoping that a few people would have an interest in helping out.
This would involve
Motivations that I can imagine are
The text was updated successfully, but these errors were encountered: