diff -r 0d468a8d6b58 -r dc35b4c01ade text/ssm.en.xml
--- a/text/ssm.en.xml Wed Oct 02 22:44:18 2019 +0200
+++ b/text/ssm.en.xml Wed Oct 02 23:31:57 2019 +0200
@@ -456,19 +456,26 @@
d3edb71b-8668-4290-a669-19694956e3aa
-
c967092e-09e9-4c68-90bf-aa8cb441f7dc
- no network connection is needed during build – build must be possible completely offline, all dependencies must be downloadable and documented including secure hashes or preferably cryptographic signatures
+ Network connectivity must not be required during build – the build must be possible completely offline.
+ All dependencies must be downloadable and documented including secure hashes or preferably cryptographic signatures.
+ It should be straightforward to collect all dependencies transfer them in space or time and build the software (e.g. on another computer or in next decade).
-
b5515d33-1531-4361-8baf-a99ca461e763
- if dependencies are optionally automatically downloaded during/before build, the packaging system must cryptographically verify that that they are undamaged
+ If dependencies are optionally automatically downloaded during or before build, the packaging system must cryptographically verify that that they are undamaged.
+ So it should not be possible to endanger the user by MITM attack.
-
f700413a-fde1-460c-8633-76985e98007c
- avoid unwanted network interactions during runtime – no „call home“ or update-checks without user's explicit consent
+ Avoid unwanted network interactions during runtime.
+ There must be no „call home“ or update-checks without user's explicit consent.
-
f55c2ebd-c3ba-44f7-ae92-06f679780ec7
- if any network connection is used, it must be cryptographically secured against MITM attacks
+ If any network connection is used, it must be by default cryptographically secured against MITM attacks.
+ It might be possible to disable the encryption on user's explicit request (in order to get better performance on a trusted private network).
+ For debugging and testing purposes it is better to allow dumping the private/session keys rather than disabling the encryption.
+ In special cases (like small microcontrollers without cryptographic capability connected to a trusted private network), it is possible to have no encryption at all, but the user must be properly informed about this issue and potential risks.