Clarify and expand VPN criteria #1175
@@ -91,7 +91,7 @@ description: "Find a no-logging VPN operator who isn't out to sell or read your
|
||||
<div class="col-md-6">
|
||||
<p><strong>Minimum to Qualify:</strong></p>
|
||||
<ul>
|
||||
<li>Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-1024 or better handshake; AES-256-GCM or AES-256-CBC data encryption.</li>
|
||||
<li>Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption.</li>
|
||||
<li>Perfect Forward Secrecy (PFS).</li>
|
||||
<li>Published security audits from a reputable third-party firm.</li>
|
||||
</ul>
|
||||
@@ -99,7 +99,7 @@ description: "Find a no-logging VPN operator who isn't out to sell or read your
|
||||
<div class="col-md-6">
|
||||
<p><strong>Best Case:</strong></p>
|
||||
<ul>
|
||||
<li>Strongest Encryption: RSA-2048 or RSA-4096.</li>
|
||||
<li>Strongest Encryption: RSA-4096.</li>
|
||||
<li>Perfect Forward Secrecy (PFS).</li>
|
||||
<li>Comprehensive published security audits from a reputable third-party firm.</li>
|
||||
|
|
||||
<li>Bug-bounty programs and/or a coordinated vulnerability-disclosure process</li>
|
||||
|
||||
Reference in New Issue
Block a user
Should we specify a desired time since the audit was conducted? Like for these audit(s) to be “recent/relevant”?
On L89 I did say
...on a repeated (yearly) basis.which I think covers that. That would be for the best-case scenario though. As far as making it a minimum criteria, I'm not sure how many providers would be running audits frequently. We're getting to the point where if we're any more strict we can't recommend anybody.