Update for 12-01-22 00:00

This commit is contained in:
Tyler Perkins 2022-01-12 00:00:01 -05:00
parent 30659d91ec
commit 85aafc9964

View File

@ -24,4 +24,19 @@ This is the CIA list of dos and donts.
* DONOT leave dates and times like compile timestamps, access times, etc that * DONOT leave dates and times like compile timestamps, access times, etc that
relate to your time zone relate to your time zone
* DONOT leave data in the binary that indactes you * DONOT leave data in the binary that indactes you
* DONOT leave data that has "dirty words" * DONOT leave data that has "dirty words" (hacker terms) in binary
== Network ==
* DO use E2EE for network comms
* NEVER use network protocols that break E2E principle with respect to
encrypted payloads
* DONOT rely soley on SSL/TLS to secure data in transit
* DONOT allow network traffic to be replayable
* DO use ITEF RFC compliant network protocols as a blending layer. The actual
data should be tunneled through a well known, standard protocol like HTTPS
* DONOT break compilance of an RFC protocol being used as a blending layer
* DO use variable size and timing jitter of packets, beacons, and
communications
* DONOT send data with fixed size and timing
* DO properly clean up network connections