Skip to main content

7.2. Informative References

  • [BETTERCRYPTO] bettercrypto.org, "Applied Crypto Hardening", April 2015, https://bettercrypto.org/static/applied-crypto-hardening.pdf.

  • [CAB-Baseline] CA/Browser Forum, "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates Version 1.1.6", 2013, https://www.cabforum.org/documents.html.

  • [DANE-SMTP] Dukhovni, V. and W. Hardaker, "SMTP security via opportunistic DANE TLS", Work in Progress, draft-ietf-dane-smtp-with-dane-16, April 2015.

  • [DANE-SRV] Finch, T., Miller, M., and P. Saint-Andre, "Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records", Work in Progress, draft-ietf-dane-srv-14, April 2015.

  • [DEP-SSLv3] Barnes, R., Thomson, M., Pironti, A., and A. Langley, "Deprecating Secure Sockets Layer Version 3.0", Work in Progress, draft-ietf-tls-sslv3-diediedie-03, April 2015.

  • [DegabrieleP07] Degabriele, J. and K. Paterson, "Attacking the IPsec Standards in Encryption-only Configurations", IEEE Symposium on Security and Privacy (SP '07), 2007, http://dx.doi.org/10.1109/SP.2007.8.

  • [ECRYPT-II] Smart, N., "ECRYPT II Yearly Report on Algorithms and Keysizes (2011-2012)", 2012, http://www.ecrypt.eu.org/ecrypt2/.

  • [Heninger2012] Heninger, N., Durumeric, Z., Wustrow, E., and J. Halderman, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices", Usenix Security Symposium 2012, 2012.

  • [IANA-TLS] IANA, "Transport Layer Security (TLS) Parameters", http://www.iana.org/assignments/tls-parameters.

  • [Kleinjung2010] Kleinjung, T., "Factorization of a 768-Bit RSA modulus", CRYPTO 10, 2010, https://eprint.iacr.org/2010/006.pdf.

  • [Krawczyk2001] Krawczyk, H., "The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)", CRYPTO 01, 2001, https://www.iacr.org/archive/crypto2001/21390309.pdf.

  • [Multiple-Encryption] Merkle, R. and M. Hellman, "On the security of multiple encryption", Communications of the ACM, Vol. 24, 1981, http://dl.acm.org/citation.cfm?id=358718.

  • [NIST.SP.800-56A] Barker, E., Chen, L., Roginsky, A., and M. Smid, "Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography", NIST Special Publication 800-56A, 2013, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf.

  • [POODLE] US-CERT, "SSL 3.0 Protocol Vulnerability and POODLE Attack", Alert TA14-290A, October 2014, https://www.us-cert.gov/ncas/alerts/TA14-290A.

  • [PatersonRS11] Paterson, K., Ristenpart, T., and T. Shrimpton, "Tag size does matter: attacks and proofs for the TLS record protocol", 2011, http://dx.doi.org/10.1007/978-3-642-25385-0_20.

  • [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996, http://www.rfc-editor.org/info/rfc2026.

  • [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999, http://www.rfc-editor.org/info/rfc2246.

  • [RFC3602] Frankel, S., Glenn, R., and S. Kelly, "The AES-CBC Cipher Algorithm and Its Use with IPsec", RFC 3602, September 2003, http://www.rfc-editor.org/info/rfc3602.

  • [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006, http://www.rfc-editor.org/info/rfc4346.

  • [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security", RFC 4347, April 2006, http://www.rfc-editor.org/info/rfc4347.

  • [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, "Transport Layer Security (TLS) Session Resumption without Server-Side State", RFC 5077, January 2008, http://www.rfc-editor.org/info/rfc5077.

  • [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated Encryption", RFC 5116, January 2008, http://www.rfc-editor.org/info/rfc5116.

  • [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008, http://www.rfc-editor.org/info/rfc5280.

  • [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic Curve Cryptography Algorithms", RFC 6090, February 2011, http://www.rfc-editor.org/info/rfc6090.

  • [RFC6101] Freier, A., Karlton, P., and P. Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0", RFC 6101, August 2011, http://www.rfc-editor.org/info/rfc6101.

  • [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence Protocol (XMPP): Core", RFC 6120, March 2011, http://www.rfc-editor.org/info/rfc6120.

  • [RFC6460] Salter, M. and R. Housley, "Suite B Profile for Transport Layer Security (TLS)", RFC 6460, January 2012, http://www.rfc-editor.org/info/rfc6460.

  • [RFC6698] Hoffman, P. and J. Schlyter, "The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA", RFC 6698, August 2012, http://www.rfc-editor.org/info/rfc6698.

  • [RFC6797] Hodges, J., Jackson, C., and A. Barth, "HTTP Strict Transport Security (HSTS)", RFC 6797, November 2012, http://www.rfc-editor.org/info/rfc6797.

  • [RFC6960] Santesson, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. Adams, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", RFC 6960, June 2013, http://www.rfc-editor.org/info/rfc6960.

  • [RFC6961] Pettersen, Y., "The Transport Layer Security (TLS) Multiple Certificate Status Request Extension", RFC 6961, June 2013, http://www.rfc-editor.org/info/rfc6961.

  • [RFC6989] Sheffer, Y. and S. Fluhrer, "Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)", RFC 6989, July 2013, http://www.rfc-editor.org/info/rfc6989.

  • [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection Most of the Time", RFC 7435, December 2014, http://www.rfc-editor.org/info/rfc7435.

  • [RFC7457] Sheffer, Y., Holz, R., and P. Saint-Andre, "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)", RFC 7457, February 2015, http://www.rfc-editor.org/info/rfc7457.

  • [RFC7507] Moeller, B. and A. Langley, "TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks", RFC 7507, April 2015.

  • [SESSION-HASH] Bhargavan, K., Ed., Delignat-Lavaud, A., Pironti, A., Langley, A., and M. Ray, "Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension", Work in Progress, draft-ietf-tls-session-hash-05, April 2015.

  • [Smith2013] Smith, B., "Proposal to Change the Default TLS Ciphersuites Offered by Browsers.", 2013, https://briansmith.org/browser-ciphersuites-01.html.

  • [Soghoian2011] Soghoian, C. and S. Stamm, "Certified lies: Detecting and defeating government interception attacks against SSL", Proc. 15th Int. Conf. Financial Cryptography and Data Security, 2011.

  • [TLS-XMPP] Saint-Andre, P. and a. alkemade, "Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)", Work in Progress, draft-ietf-uta-xmpp-07, April 2015.

  • [triple-handshake] Delignat-Lavaud, A., Bhargavan, K., and A. Pironti, "Triple Handshakes Considered Harmful: Breaking and Fixing Authentication over TLS", 2014, https://secure-resumption.com/.

Last updated on