1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
|
@node Bibliography
@unnumbered Bibliography
@table @asis
@item @anchor{CBCATT}[CBCATT]
Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems and
Countermeasures", 2002, available from
@url{http://www.openssl.org/~bodo/tls-cbc.txt}.
@item @anchor{GPGH}[GPGH]
Mike Ashley, "The GNU Privacy Handbook", 2002, available from
@url{http://www.gnupg.org/gph/en/manual.pdf}.
@item @anchor{GUTPKI}[GUTPKI]
Peter Gutmann, "Everything you never wanted to know about PKI but were
forced to find out", Available from
@url{http://www.cs.auckland.ac.nz/~pgut001/}.
@item @anchor{PRNGATTACKS}[PRNGATTACKS]
John Kelsey and Bruce Schneier, "Cryptanalytic Attacks on Pseudorandom Number Generators",
Available from @url{https://www.schneier.com/academic/paperfiles/paper-prngs.pdf}.
@item @anchor{KEYPIN}[KEYPIN]
Chris Evans and Chris Palmer, "Public Key Pinning Extension for HTTP",
Available from @url{http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}.
@item @anchor{NISTSP80057}[NISTSP80057]
NIST Special Publication 800-57, "Recommendation for Key Management -
Part 1: General (Revised)", March 2007, available from
@url{http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf}.
@item @anchor{RFC7413}[RFC7413]
Y. Cheng and J. Chu and S. Radhakrishnan and A. Jain, "TCP Fast Open",
December 2014, Available from
@url{http://www.ietf.org/rfc/rfc7413.txt}.
@item @anchor{RFC7918}[RFC7918]
A. Langley, N. Modadugu, B. Moeller, "Transport Layer Security (TLS) False Start",
August 2016, Available from
@url{http://www.ietf.org/rfc/rfc7918.txt}.
@item @anchor{RFC6125}[RFC6125]
Peter Saint-Andre and Jeff Hodges, "Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)",
March 2011, Available from
@url{http://www.ietf.org/rfc/rfc6125.txt}.
@item @anchor{RFC7685}[RFC7685]
Adam Langley, "A Transport Layer Security (TLS) ClientHello Padding Extension",
October 2015, Available from
@url{http://www.ietf.org/rfc/rfc7685.txt}.
@item @anchor{RFC7613}[RFC7613]
Peter Saint-Andre and Alexey Melnikov, "Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords",
August 2015, Available from
@url{http://www.ietf.org/rfc/rfc7613.txt}.
@item @anchor{RFC2246}[RFC2246]
Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0",
January 1999, Available from
@url{http://www.ietf.org/rfc/rfc2246.txt}.
@item @anchor{RFC6083}[RFC6083]
M. Tuexen and R. Seggelmann and E. Rescorla, "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)",
January 2011, Available from
@url{http://www.ietf.org/rfc/rfc6083.txt}.
@item @anchor{RFC4418}[RFC4418]
Ted Krovetz, "UMAC: Message Authentication Code using Universal Hashing",
March 2006, Available from
@url{http://www.ietf.org/rfc/rfc4418.txt}.
@item @anchor{RFC4680}[RFC4680]
S. Santesson, "TLS Handshake Message for Supplemental Data",
September 2006, Available from
@url{http://www.ietf.org/rfc/rfc4680.txt}.
@item @anchor{RFC7633}[RFC7633]
P. Hallam-Baker, "X.509v3 Transport Layer Security (TLS) Feature Extension",
October 2015, Available from
@url{http://www.ietf.org/rfc/rfc7633.txt}.
@item @anchor{RFC7919}[RFC7919]
D. Gillmor, "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)",
August 2016, Available from
@url{http://www.ietf.org/rfc/rfc7919.txt}.
@item @anchor{RFC4514}[RFC4514]
Kurt D. Zeilenga, "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names",
June 2006, Available from
@url{http://www.ietf.org/rfc/rfc4513.txt}.
@item @anchor{RFC4346}[RFC4346]
Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match
2006, Available from @url{http://www.ietf.org/rfc/rfc4346.txt}.
@item @anchor{RFC4347}[RFC4347]
Eric Rescorla and Nagendra Modadugu, "Datagram Transport Layer Security", April
2006, Available from @url{http://www.ietf.org/rfc/rfc4347.txt}.
@item @anchor{RFC5246}[RFC5246]
Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.2", August
2008, Available from @url{http://www.ietf.org/rfc/rfc5246.txt}.
@item @anchor{RFC2440}[RFC2440]
Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer, "OpenPGP
Message Format", November 1998, Available from
@url{http://www.ietf.org/rfc/rfc2440.txt}.
@item @anchor{RFC4880}[RFC4880]
Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney
Thayer, "OpenPGP Message Format", November 2007, Available from
@url{http://www.ietf.org/rfc/rfc4880.txt}.
@item @anchor{RFC4211}[RFC4211]
J. Schaad, "Internet X.509 Public Key Infrastructure Certificate
Request Message Format (CRMF)", September 2005, Available from
@url{http://www.ietf.org/rfc/rfc4211.txt}.
@item @anchor{RFC2817}[RFC2817]
Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1",
May 2000, Available from @url{http://www.ietf.org/rfc/rfc2817.txt}
@item @anchor{RFC2818}[RFC2818]
Eric Rescorla, "HTTP Over TLS", May 2000, Available from
@url{http://www.ietf/rfc/rfc2818.txt}.
@item @anchor{RFC2945}[RFC2945]
Tom Wu, "The SRP Authentication and Key Exchange System", September
2000, Available from @url{http://www.ietf.org/rfc/rfc2945.txt}.
@item @anchor{RFC7301}[RFC7301]
S. Friedl, A. Popov, A. Langley, E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension",
July 2014, Available from @url{http://www.ietf.org/rfc/rfc7301.txt}.
@item @anchor{RFC2986}[RFC2986]
Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification Request
Syntax Specification", November 2000, Available from
@url{http://www.ietf.org/rfc/rfc2986.txt}.
@item @anchor{PKIX}[PKIX]
D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk,
"Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", May 2008, available from
@url{http://www.ietf.org/rfc/rfc5280.txt}.
@item @anchor{RFC3749}[RFC3749]
Scott Hollenbeck, "Transport Layer Security Protocol Compression
Methods", May 2004, available from
@url{http://www.ietf.org/rfc/rfc3749.txt}.
@item @anchor{RFC3820}[RFC3820]
Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary
Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy
Certificate Profile", June 2004, available from
@url{http://www.ietf.org/rfc/rfc3820}.
@item @anchor{RFC6520}[RFC6520]
R. Seggelmann, M. Tuexen, and M. Williams, "Transport Layer Security (TLS) and
Datagram Transport Layer Security (DTLS) Heartbeat Extension", February 2012, available from
@url{http://www.ietf.org/rfc/rfc6520}.
@item @anchor{RFC5746}[RFC5746]
E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer
Security (TLS) Renegotiation Indication Extension", February 2010,
available from @url{http://www.ietf.org/rfc/rfc5746}.
@item @anchor{RFC5280}[RFC5280]
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and
W. Polk, "Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", May 2008, available from
@url{http://www.ietf.org/rfc/rfc5280}.
@item @anchor{TLSTKT}[TLSTKT]
Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig, "Transport
Layer Security (TLS) Session Resumption without Server-Side State",
January 2008, available from @url{http://www.ietf.org/rfc/rfc5077}.
@item @anchor{PKCS12}[PKCS12]
RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange
Syntax", June 1999, Available from @url{http://www.rsa.com}.
@item @anchor{PKCS11}[PKCS11]
RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4",
July 2009, Available from @url{http://www.rsa.com}.
@item @anchor{RESCORLA}[RESCORLA]
Eric Rescorla, "SSL and TLS: Designing and Building Secure Systems",
2001
@item @anchor{SELKEY}[SELKEY]
Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key Sizes",
2003, available from @url{http://www.win.tue.nl/~klenstra/key.pdf}.
@item @anchor{SSL3}[SSL3]
Alan Freier, Philip Karlton and Paul Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0",
August 2011, Available from @url{http://www.ietf.org/rfc/rfc6101.txt}.
@item @anchor{STEVENS}[STEVENS]
Richard Stevens, "UNIX Network Programming, Volume 1", Prentice Hall
PTR, January 1998
@item @anchor{TLSEXT}[TLSEXT]
Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen and
Tim Wright, "Transport Layer Security (TLS) Extensions", June 2003,
Available from @url{http://www.ietf.org/rfc/rfc3546.txt}.
@item @anchor{TLSPGP}[TLSPGP]
Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS authentication",
January 2011. Available from
@url{http://www.ietf.org/rfc/rfc6091.txt}.
@item @anchor{TLSSRP}[TLSSRP]
David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos,
"Using SRP for TLS Authentication", November 2007. Available from
@url{http://www.ietf.org/rfc/rfc5054.txt}.
@item @anchor{TLSPSK}[TLSPSK]
Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for
TLS", December 2005, Available from
@url{http://www.ietf.org/rfc/rfc4279.txt}.
@item @anchor{TOMSRP}[TOMSRP]
Tom Wu, "The Stanford SRP Authentication Project", Available at
@url{http://srp.stanford.edu/}.
@item @anchor{WEGER}[WEGER]
Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509
Certificates", Cryptology ePrint Archive, Report 2005/067, Available
at @url{http://eprint.iacr.org/}.
@item @anchor{ECRYPT}[ECRYPT]
European Network of Excellence in Cryptology II, "ECRYPT II Yearly
Report on Algorithms and Keysizes (2009-2010)", Available
at @url{http://www.ecrypt.eu.org/documents/D.SPA.13.pdf}.
@item @anchor{RFC5056}[RFC5056]
N. Williams, "On the Use of Channel Bindings to Secure Channels",
November 2007, available from @url{http://www.ietf.org/rfc/rfc5056}.
@item @anchor{RFC5764}[RFC5764]
D. McGrew, E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)On the Use of Channel Bindings to Secure Channels",
May 2010, available from @url{http://www.ietf.org/rfc/rfc5764}.
@item @anchor{RFC5929}[RFC5929]
J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July 2010,
available from @url{http://www.ietf.org/rfc/rfc5929}.
@item @anchor{PKCS11URI}[PKCS11URI]
J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", April 2015,
available from @url{http://www.ietf.org/rfc/rfc7512}.
@item @anchor{TPMURI}[TPMURI]
C. Latze, N. Mavrogiannopoulos, "The TPMKEY URI Scheme", January 2013,
Work in progress, available from @url{http://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}.
@item @anchor{ANDERSON}[ANDERSON]
R. J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems",
John Wiley \& Sons, Inc., 2001.
@item @anchor{RFC4821}[RFC4821]
M. Mathis, J. Heffner, "Packetization Layer Path MTU Discovery", March 2007,
available from @url{http://www.ietf.org/rfc/rfc4821.txt}.
@item @anchor{RFC2560}[RFC2560]
M. Myers et al, "X.509 Internet Public Key Infrastructure Online
Certificate Status Protocol - OCSP", June 1999, Available from
@url{http://www.ietf.org/rfc/rfc2560.txt}.
@item @anchor{RIVESTCRL}[RIVESTCRL]
R. L. Rivest, "Can We Eliminate Certificate Revocation Lists?",
Proceedings of Financial Cryptography '98; Springer Lecture Notes in
Computer Science No. 1465 (Rafael Hirschfeld, ed.), February 1998),
pages 178--183, available from
@url{http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}.
@end table
|