2 @unnumbered Bibliography
6 @item @anchor{CBCATT}[CBCATT]
7 Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems and
8 Countermeasures", 2002, available from
9 @url{http://www.openssl.org/~bodo/tls-cbc.txt}.
11 @item @anchor{GPGH}[GPGH]
12 Mike Ashley, "The GNU Privacy Handbook", 2002, available from
13 @url{http://www.gnupg.org/gph/en/manual.pdf}.
15 @item @anchor{GUTPKI}[GUTPKI]
16 Peter Gutmann, "Everything you never wanted to know about PKI but were
17 forced to find out", Available from
18 @url{http://www.cs.auckland.ac.nz/~pgut001/}.
20 @item @anchor{KEYPIN}[KEYPIN]
21 Chris Evans and Chris Palmer, "Public Key Pinning Extension for HTTP",
22 Available from @url{http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}.
24 @item @anchor{NISTSP80057}[NISTSP80057]
25 NIST Special Publication 800-57, "Recommendation for Key Management -
26 Part 1: General (Revised)", March 2007, available from
27 @url{http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf}.
29 @item @anchor{RFC2246}[RFC2246]
30 Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0",
31 January 1999, Available from
32 @url{http://www.ietf.org/rfc/rfc2246.txt}.
34 @item @anchor{RFC4680}[RFC4680]
35 S. Santesson, "TLS Handshake Message for Supplemental Data",
36 September 2006, Available from
37 @url{http://www.ietf.org/rfc/rfc4680.txt}.
39 @item @anchor{RFC4514}[RFC4514]
40 Kurt D. Zeilenga, "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names",
41 June 2006, Available from
42 @url{http://www.ietf.org/rfc/rfc4513.txt}.
44 @item @anchor{RFC4346}[RFC4346]
45 Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match
46 2006, Available from @url{http://www.ietf.org/rfc/rfc4346.txt}.
48 @item @anchor{RFC4347}[RFC4347]
49 Eric Rescorla and Nagendra Modadugu, "Datagram Transport Layer Security", April
50 2006, Available from @url{http://www.ietf.org/rfc/rfc4347.txt}.
52 @item @anchor{RFC5246}[RFC5246]
53 Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.2", August
54 2008, Available from @url{http://www.ietf.org/rfc/rfc5246.txt}.
56 @item @anchor{RFC2440}[RFC2440]
57 Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer, "OpenPGP
58 Message Format", November 1998, Available from
59 @url{http://www.ietf.org/rfc/rfc2440.txt}.
61 @item @anchor{RFC4880}[RFC4880]
62 Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney
63 Thayer, "OpenPGP Message Format", November 2007, Available from
64 @url{http://www.ietf.org/rfc/rfc4880.txt}.
66 @item @anchor{RFC4211}[RFC4211]
67 J. Schaad, "Internet X.509 Public Key Infrastructure Certificate
68 Request Message Format (CRMF)", September 2005, Available from
69 @url{http://www.ietf.org/rfc/rfc4211.txt}.
71 @item @anchor{RFC2817}[RFC2817]
72 Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1",
73 May 2000, Available from @url{http://www.ietf.org/rfc/rfc2817.txt}
75 @item @anchor{RFC2818}[RFC2818]
76 Eric Rescorla, "HTTP Over TLS", May 2000, Available from
77 @url{http://www.ietf/rfc/rfc2818.txt}.
79 @item @anchor{RFC2945}[RFC2945]
80 Tom Wu, "The SRP Authentication and Key Exchange System", September
81 2000, Available from @url{http://www.ietf.org/rfc/rfc2945.txt}.
83 @item @anchor{RFC2986}[RFC2986]
84 Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification Request
85 Syntax Specification", November 2000, Available from
86 @url{http://www.ietf.org/rfc/rfc2986.txt}.
88 @item @anchor{PKIX}[PKIX]
89 D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk,
90 "Internet X.509 Public Key Infrastructure Certificate and Certificate
91 Revocation List (CRL) Profile", May 2008, available from
92 @url{http://www.ietf.org/rfc/rfc5280.txt}.
94 @item @anchor{RFC3749}[RFC3749]
95 Scott Hollenbeck, "Transport Layer Security Protocol Compression
96 Methods", May 2004, available from
97 @url{http://www.ietf.org/rfc/rfc3749.txt}.
99 @item @anchor{RFC3820}[RFC3820]
100 Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary
101 Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy
102 Certificate Profile", June 2004, available from
103 @url{http://www.ietf.org/rfc/rfc3820}.
105 @item @anchor{RFC6520}[RFC6520]
106 R. Seggelmann, M. Tuexen, and M. Williams, "Transport Layer Security (TLS) and
107 Datagram Transport Layer Security (DTLS) Heartbeat Extension", February 2012, available from
108 @url{http://www.ietf.org/rfc/rfc6520}.
111 @item @anchor{RFC5746}[RFC5746]
112 E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer
113 Security (TLS) Renegotiation Indication Extension", February 2010,
114 available from @url{http://www.ietf.org/rfc/rfc5746}.
116 @item @anchor{TLSTKT}[TLSTKT]
117 Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig, "Transport
118 Layer Security (TLS) Session Resumption without Server-Side State",
119 January 2008, available from @url{http://www.ietf.org/rfc/rfc5077}.
121 @item @anchor{PKCS12}[PKCS12]
122 RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange
123 Syntax", June 1999, Available from @url{http://www.rsa.com}.
125 @item @anchor{PKCS11}[PKCS11]
126 RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4",
127 July 2009, Available from @url{http://www.rsa.com}.
129 @item @anchor{RESCORLA}[RESCORLA]
130 Eric Rescorla, "SSL and TLS: Designing and Building Secure Systems",
133 @item @anchor{SELKEY}[SELKEY]
134 Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key Sizes",
135 2003, available from @url{http://www.win.tue.nl/~klenstra/key.pdf}.
137 @item @anchor{SSL3}[SSL3]
138 Alan Freier, Philip Karlton and Paul Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0",
139 August 2011, Available from @url{http://www.ietf.org/rfc/rfc6101.txt}.
141 @item @anchor{STEVENS}[STEVENS]
142 Richard Stevens, "UNIX Network Programming, Volume 1", Prentice Hall
145 @item @anchor{TLSEXT}[TLSEXT]
146 Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen and
147 Tim Wright, "Transport Layer Security (TLS) Extensions", June 2003,
148 Available from @url{http://www.ietf.org/rfc/rfc3546.txt}.
150 @item @anchor{TLSPGP}[TLSPGP]
151 Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS authentication",
152 January 2011. Available from
153 @url{http://www.ietf.org/rfc/rfc6091.txt}.
155 @item @anchor{TLSSRP}[TLSSRP]
156 David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos,
157 "Using SRP for TLS Authentication", November 2007. Available from
158 @url{http://www.ietf.org/rfc/rfc5054.txt}.
160 @item @anchor{TLSPSK}[TLSPSK]
161 Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for
162 TLS", December 2005, Available from
163 @url{http://www.ietf.org/rfc/rfc4279.txt}.
165 @item @anchor{TOMSRP}[TOMSRP]
166 Tom Wu, "The Stanford SRP Authentication Project", Available at
167 @url{http://srp.stanford.edu/}.
169 @item @anchor{WEGER}[WEGER]
170 Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509
171 Certificates", Cryptology ePrint Archive, Report 2005/067, Available
172 at @url{http://eprint.iacr.org/}.
174 @item @anchor{ECRYPT}[ECRYPT]
175 European Network of Excellence in Cryptology II, "ECRYPT II Yearly
176 Report on Algorithms and Keysizes (2009-2010)", Available
177 at @url{http://www.ecrypt.eu.org/documents/D.SPA.13.pdf}.
179 @item @anchor{RFC5056}[RFC5056]
180 N. Williams, "On the Use of Channel Bindings to Secure Channels",
181 November 2007, available from @url{http://www.ietf.org/rfc/rfc5056}.
183 @item @anchor{RFC5929}[RFC5929]
184 J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July 2010,
185 available from @url{http://www.ietf.org/rfc/rfc5929}.
187 @item @anchor{PKCS11URI}[PKCS11URI]
188 J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", August 2011,
189 Work in progress, available from @url{http://tools.ietf.org/html/draft-pechanec-pkcs11uri-05}.
191 @item @anchor{ANDERSON}[ANDERSON]
192 R. J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems",
193 John Wiley \& Sons, Inc., 2001.
195 @item @anchor{RFC4821}[RFC4821]
196 M. Mathis, J. Heffner, "Packetization Layer Path MTU Discovery", March 2007,
197 available from @url{http://www.ietf.org/rfc/rfc4821.txt}.
199 @item @anchor{RFC2560}[RFC2560]
200 M. Myers et al, "X.509 Internet Public Key Infrastructure Online
201 Certificate Status Protocol - OCSP", June 1999, Available from
202 @url{http://www.ietf.org/rfc/rfc2560.txt}.
204 @item @anchor{RIVESTCRL}[RIVESTCRL]
205 R. L. Rivest, "Can We Eliminate Certificate Revocation Lists?",
206 Proceedings of Financial Cryptography '98; Springer Lecture Notes in
207 Computer Science No. 1465 (Rafael Hirschfeld, ed.), February 1998),
208 pages 178--183, available from
209 @url{http://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}.