454 <chapter> |
454 <chapter> |
455 <name>Network interactions</name> |
455 <name>Network interactions</name> |
456 <id>d3edb71b-8668-4290-a669-19694956e3aa</id> |
456 <id>d3edb71b-8668-4290-a669-19694956e3aa</id> |
457 <item> |
457 <item> |
458 <id>c967092e-09e9-4c68-90bf-aa8cb441f7dc</id> |
458 <id>c967092e-09e9-4c68-90bf-aa8cb441f7dc</id> |
459 <text>no network connection is needed during build – build must be possible completely offline, all dependencies must be downloadable and documented including secure hashes or preferably cryptographic signatures</text> |
459 <text>Network connectivity must not be required during build – the build must be possible completely offline.</text> |
|
460 <text>All dependencies must be downloadable and documented including secure hashes or preferably cryptographic signatures.</text> |
|
461 <note>It should be straightforward to collect all dependencies transfer them in space or time and build the software (e.g. on another computer or in next decade).</note> |
460 </item> |
462 </item> |
461 <item> |
463 <item> |
462 <id>b5515d33-1531-4361-8baf-a99ca461e763</id> |
464 <id>b5515d33-1531-4361-8baf-a99ca461e763</id> |
463 <text>if dependencies are optionally automatically downloaded during/before build, the packaging system must cryptographically verify that that they are undamaged</text> |
465 <text>If dependencies are optionally automatically downloaded during or before build, the packaging system must cryptographically verify that that they are undamaged.</text> |
|
466 <note>So it should not be possible to endanger the user by MITM attack.</note> |
464 </item> |
467 </item> |
465 <item> |
468 <item> |
466 <id>f700413a-fde1-460c-8633-76985e98007c</id> |
469 <id>f700413a-fde1-460c-8633-76985e98007c</id> |
467 <text>avoid unwanted network interactions during runtime – no „call home“ or update-checks without user's explicit consent</text> |
470 <text>Avoid unwanted network interactions during runtime.</text> |
|
471 <text>There must be no „call home“ or update-checks without user's explicit consent.</text> |
468 </item> |
472 </item> |
469 <item> |
473 <item> |
470 <id>f55c2ebd-c3ba-44f7-ae92-06f679780ec7</id> |
474 <id>f55c2ebd-c3ba-44f7-ae92-06f679780ec7</id> |
471 <text>if any network connection is used, it must be cryptographically secured against MITM attacks</text> |
475 <text>If any network connection is used, it must be by default cryptographically secured against MITM attacks.</text> |
|
476 <note>It might be possible to disable the encryption on user's explicit request (in order to get better performance on a trusted private network).</note> |
|
477 <note>For debugging and testing purposes it is better to allow dumping the private/session keys rather than disabling the encryption.</note> |
|
478 <note>In special cases (like small microcontrollers without cryptographic capability connected to a trusted private network), it is possible to have no encryption at all, but the user must be properly informed about this issue and potential risks.</note> |
472 </item> |
479 </item> |
473 </chapter> |
480 </chapter> |
474 |
481 |
475 <chapter> |
482 <chapter> |
476 <name>Internationalization and localization</name> |
483 <name>Internationalization and localization</name> |