From f6fbc391deb19f343a7106ed8b1ce6d4de70d177 Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Wed, 12 Jan 2022 01:15:01 -0500 Subject: [PATCH] Update for 12-01-22 01:15 --- tech/cia-do-dont.wiki | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tech/cia-do-dont.wiki b/tech/cia-do-dont.wiki index 6f466f1..0236e60 100644 --- a/tech/cia-do-dont.wiki +++ b/tech/cia-do-dont.wiki @@ -78,4 +78,8 @@ This is the CIA list of dos and donts. * Authentication *must* be done with TLS 1.2, Elliptic curve DSA, DSA, or RSA - Asymmetric keys *must* be at least 2048 bits (Elliptic curve, 256 bits) * Authentication via TLS 1.2 *must* include the use of certs by both parties -* Authentication via TLS 1.2 *must* validate the cert +* Authentication via TLS 1.2 *must* validate the cert utlized by both parties. + If the cert is invalid, they should terminate the connection. This guidance + referes to the inner cryptosctream which may be masked by HTTPS, this doesn + no apply to the outer stream +* Tools must support unique certs and CAs for network auth for each deployment