Network interactions: clean-up, clarification, notes v_0
authorFrantišek Kučera <franta-hg@frantovo.cz>
Wed, 02 Oct 2019 23:31:57 +0200
branchv_0
changeset 46 dc35b4c01ade
parent 45 0d468a8d6b58
child 47 7e665331bc32
Network interactions: clean-up, clarification, notes
text/ssm.en.xml
--- a/text/ssm.en.xml	Wed Oct 02 22:44:18 2019 +0200
+++ b/text/ssm.en.xml	Wed Oct 02 23:31:57 2019 +0200
@@ -456,19 +456,26 @@
 		<id>d3edb71b-8668-4290-a669-19694956e3aa</id>
 		<item>
 			<id>c967092e-09e9-4c68-90bf-aa8cb441f7dc</id>
-			<text>no network connection is needed during build – build must be possible completely offline, all dependencies must be downloadable and documented including secure hashes or preferably cryptographic signatures</text>
+			<text>Network connectivity must not be required during build – the build must be possible completely offline.</text>
+			<text>All dependencies must be downloadable and documented including secure hashes or preferably cryptographic signatures.</text>
+			<note>It should be straightforward to collect all dependencies transfer them in space or time and build the software (e.g. on another computer or in next decade).</note>
 		</item>
 		<item>
 			<id>b5515d33-1531-4361-8baf-a99ca461e763</id>
-			<text>if dependencies are optionally automatically downloaded during/before build, the packaging system must cryptographically verify that that they are undamaged</text>
+			<text>If dependencies are optionally automatically downloaded during or before build, the packaging system must cryptographically verify that that they are undamaged.</text>
+			<note>So it should not be possible to endanger the user by MITM attack.</note>
 		</item>
 		<item>
 			<id>f700413a-fde1-460c-8633-76985e98007c</id>
-			<text>avoid unwanted network interactions during runtime – no „call home“ or update-checks without user's explicit consent</text>
+			<text>Avoid unwanted network interactions during runtime.</text>
+			<text>There must be no „call home“ or update-checks without user's explicit consent.</text>
 		</item>
 		<item>
 			<id>f55c2ebd-c3ba-44f7-ae92-06f679780ec7</id>
-			<text>if any network connection is used, it must be cryptographically secured against MITM attacks</text>
+			<text>If any network connection is used, it must be by default cryptographically secured against MITM attacks.</text>
+			<note>It might be possible to disable the encryption on user's explicit request (in order to get better performance on a trusted private network).</note>
+			<note>For debugging and testing purposes it is better to allow dumping the private/session keys rather than disabling the encryption.</note>
+			<note>In special cases (like small microcontrollers without cryptographic capability connected to a trusted private network), it is possible to have no encryption at all, but the user must be properly informed about this issue and potential risks.</note>
 		</item>
 	</chapter>