Hey,
There's a best practice left that I haven't marked as 'Met' because I'm not
entirely sure (mostly because my memory is weak on the specifics). So I wanted
to bounce this you you peeps on the list. This the critiera:
Under Security / Good cryptographic practices:
"The project SHOULD implement perfect forward secrecy for key agreement
protocols so a session key derived from a set of long-term keys cannot be
compromised if one of the long-term keys is compromised in the future"
We can mark this is as a 'Met', can't we?
--
/ daniel.haxx.se
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
