Hi all, another idea for a potential info pool in that term could be a compatibility list for the different ciphers and digests and the different OS´s (especially the OpenSSL-1.0.1f library, which comes with IPFire-2.15, brought some new ones) . For example the CAMELLIA or SEED cipher aren´t compatible with mostly smartphones and also some older OS´s like OS X 10.6 (which is still widely used) or Windows 7 and below. But also the Whirlpool or SHA384/512 hash algorithms are interesting to check against common but also older operating systems, to name a few.
For the OpenVPN server on IPFire for example the ciphers and digests (selection in the WUI is in development) are globally defined and a fallback to older ciphers/digests isn´t possible at this time. If a wide range of different client OS´s are used now, the question on the lowest common denominator possibly comes up. So a compatibility list can help to make a good decision. We have started with a little list --> http://wiki.ipfire.org/en/configuration/services/openvpn/extensions/zertkonv... which should only help temporarily for testing purposes and should only serve an idea/example to this.
Another point might be a timeline for the generation of the root/host certificates. We work currently on a flip menu in OpenVPN WUI where different bit sizes of the Diffie-Hellman key can be selected (1024, 2048, 3072 and 4096). The generation time for 4096 bit on a ALIX platform needed for example ~ 13 hours, 1024 bit instead 1.5 minutes, people might think something is broken while generating a new PKI so a hint for generation can help to understand such process better ?
This points does not targeting how strong or week or useful a cipher/hash or a key is now, but this can give also some technical background info´s.
--------------
A reference to different organizations with crypto background can also be an interesting point in that kind of wiki.
For example: - http://www.iacr.org/ - https://www.cosic.esat.kuleuven.be/nessie/ - http://www.ecrypt.eu.org/ - http://www.ecrypt.eu.org/stream/ - http://www.nist.org/news.php - https://www.teletrust.de/ - https://www.bsi.bund.de/EN/Publications/publications_node.html
Possibly some special section are more interesting then others, but as a first idea ???
Greetings
Erik