Date: Sun, 11 Nov 2001 06:10:02 -0800 (PST) From: Martin Heinen <martin@sumuk.de> To: freebsd-doc@freebsd.org Subject: Re: docs/31899: Markup changes for chapter Security Message-ID: <200111111410.fABEA2A07967@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/31899; it has been noted by GNATS.
From: Martin Heinen <martin@sumuk.de>
To: Giorgos Keramidas <charon@labs.gr>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: docs/31899: Markup changes for chapter Security
Date: Sun, 11 Nov 2001 15:06:26 +0100
--Bn2rw/3z4jIqBvZU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Giorgos Keramidas wrote:
> Martin Heinen <martin@sumuk.de> wrote:
> >
> > >Description:
> > changed literal " to <quote>, indented a paragraph,
> > <Para> -> <para>,
> > info -> information,
> > <filename>grunt -> <hostid>grunt,
> > added missing markup,
> > localhost -> <hostid>localhost
>
> Please do not mix whitespace and content changes :(
> It is difficult to see the content changes when they are made at the
> same time with indentation or other whitespace fixes.
uups, thanks for reminding me to read the FDP-Primer regularly. Attached
is a diff without whitespace changes. I will send a new PR to fix
line breaks and identation.
As Tom noted, the section about recognizing the crypt mechanism
needs to be rewritten, so I dropped the corrections to this section.
Martin
--
Marxpitn
--Bn2rw/3z4jIqBvZU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="sec.diff"
Index: chapter.sgml
===================================================================
RCS file: /u/cvs/doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v
retrieving revision 1.96
diff -u -r1.96 chapter.sgml
--- chapter.sgml 2001/10/29 11:02:50 1.96
+++ chapter.sgml 2001/11/11 11:17:28
@@ -1249,7 +1249,7 @@
s/key 97 fw13894
Password: </screen>
- <Para>Or for OPIE:</para>
+ <para>Or for OPIE:</para>
<screen>&prompt.user; <userinput>telnet example.com</userinput>
Trying 10.0.0.1...
@@ -1345,7 +1345,7 @@
on the host name, user name, terminal port, or IP address of a
login session. These restrictions can be found in the
configuration file <filename>/etc/skey.access</filename>. The
- &man.skey.access.5; manual page has more info on the complete
+ &man.skey.access.5; manual page has more information on the complete
format of the file and also details some security cautions to be
aware of before depending on this file for security.</para>
@@ -1460,7 +1460,7 @@
<para>You should now edit the <filename>krb.conf</filename> and
<filename>krb.realms</filename> files to define your Kerberos realm.
In this case the realm will be <filename>EXAMPLE.COM</filename> and the
- server is <filename>grunt.example.com</filename>. We edit or create
+ server is <hostid role="fqdn">grunt.example.com</hostid>. We edit or create
the <filename>krb.conf</filename> file:</para>
<screen>&prompt.root; <userinput>cat krb.conf</userinput>
@@ -2655,8 +2655,8 @@
elsewhere, and is not available for unrestricted use.
IDEA is included in the OpenSSL sources in FreeBSD, but it is not
built by default. If you wish to use it, and you comply with the
- license terms, enable the MAKE_IDEA switch in /etc/make.conf and
- rebuild your sources using 'make world'.</para>
+ license terms, enable the <literal>MAKE_IDEA</literal> switch in <filename>/etc/make.conf</filename> and
+ rebuild your sources using <command>make world</command>.</para>
<para>Today, the RSA algorithm is free for use in USA and other
countries. In the past it was protected by a patent.</para>
@@ -2741,14 +2741,14 @@
From HOST B to HOST A, new AH and new ESP are combined.</para>
<para>Now we should choose an algorithm to be used corresponding to
- "AH"/"new AH"/"ESP"/"new ESP". Please refer to the &man.setkey.8; man
+ <quote>AH</quote>/<quote>new AH</quote>/<quote>ESP</quote>/<quote>new ESP</quote>. Please refer to the &man.setkey.8; man
page to know algorithm names. Our choice is MD5 for AH, new-HMAC-SHA1
for new AH, and new-DES-expIV with 8 byte IV for new ESP.</para>
<para>Key length highly depends on each algorithm. For example, key
length must be equal to 16 bytes for MD5, 20 for new-HMAC-SHA1,
- and 8 for new-DES-expIV. Now we choose "MYSECRETMYSECRET",
- "KAMEKAMEKAMEKAMEKAME", "PASSWORD", respectively.</para>
+ and 8 for new-DES-expIV. Now we choose <quote>MYSECRETMYSECRET</quote>,
+ <quote>KAMEKAMEKAMEKAMEKAME</quote>, <quote>PASSWORD</quote>, respectively.</para>
<para>OK, let us assign SPI (Security Parameter Index) for each protocol.
Please note that we need 3 SPIs for this secure channel since three
@@ -2842,9 +2842,9 @@
fec0::10 -------------------- fec0::11
</screen>
- <para>Encryption algorithm is blowfish-cbc whose key is "kamekame", and
- authentication algorithm is hmac-sha1 whose key is "this is the test
- key". Configuration at Host-A:</para>
+ <para>Encryption algorithm is blowfish-cbc whose key is <quote>kamekame</quote>, and
+ authentication algorithm is hmac-sha1 whose key is <quote>this is the test
+ key</quote>. Configuration at Host-A:</para>
<screen>
&prompt.root; <command>setkey -c</command> <<<filename>EOF</filename>
@@ -2888,7 +2888,7 @@
<para>Tunnel mode between two security gateways</para>
<para>Security protocol is old AH tunnel mode, i.e. specified by
- RFC1826, with keyed-md5 whose key is "this is the test" as
+ RFC1826, with keyed-md5 whose key is <quote>this is the test</quote> as
authentication algorithm.</para>
<screen>
@@ -2914,8 +2914,8 @@
EOF
</screen>
- <para>If the port number field is omitted such as above then "[any]" is
- employed. `-m' specifies the mode of SA to be used. "-m any" means
+ <para>If the port number field is omitted such as above then <literal>[any]</literal> is
+ employed. <literal>-m</literal> specifies the mode of SA to be used. <literal>-m any</literal> means
wild-card of mode of security protocol. You can use this SA for both
tunnel and transport mode.</para>
@@ -3105,7 +3105,7 @@
created using <command>rlogin</command> or telnet. SSH utilizes a
key fingerprint
system for verifying the authenticity of the server when the
- client connects. The user is prompted to enter 'yes' only when
+ client connects. The user is prompted to enter <literal>yes</literal> only when
connecting for the first time. Future attempts to login are all
verified against the saved fingerprint key. The SSH client
will alert you if the saved fingerprint differs from the
@@ -3132,7 +3132,7 @@
</indexterm>
<indexterm><primary><command>scp</command></primary></indexterm>
- <para>The <command>scp</command> command works similarly to rcp;
+ <para>The <command>scp</command> command works similarly to <command>rcp</command>;
it copies a file to or from a remote machine, except in a
secure fashion.</para>
@@ -3293,14 +3293,14 @@
</variablelist>
- <para>An SSH tunnel works by creating a listen socket on localhost
+ <para>An SSH tunnel works by creating a listen socket on <hostid>localhost</hostid>
on the specified port. It then forwards any connection received
on the local host/port via the SSH connection to the specified
remote host and port.</para>
<para>In the example, port <replaceable>5023</replaceable> on
- localhost is being forwarded to port
- <replaceable>23</replaceable> on localhost of the remote
+ <hostid>localhost</hostid> is being forwarded to port
+ <replaceable>23</replaceable> on <hostid>localhost</hostid> of the remote
machine. Since <replaceable>23</replaceable> is telnet, this
would create a secure telnet session through an SSH tunnel.</para>
--Bn2rw/3z4jIqBvZU--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111111410.fABEA2A07967>