16. References (参考文献)

16.1 Normative References (规范性参考文献)

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

[RFC3490] Faltstrom, P., Hoffman, P., and A. Costello, "Internationalizing Domain Names in Applications (IDNA)", RFC 3490, March 2003.

[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration Procedures for Message Header Fields", BCP 90, RFC 3864, September 2004.

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.

[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.

[RFC5890] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework", RFC 5890, August 2010.

[RFC5891] Klensin, J., "Internationalized Domain Names in Applications (IDNA): Protocol", RFC 5891, August 2010.

[RFC5895] Resnick, P. and P. Hoffman, "Mapping Characters for Internationalized Domain Names in Applications (IDNA) 2008", RFC 5895, September 2010.

[RFC6698] Hoffman, P. and J. Schlyter, "The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA", RFC 6698, August 2012.

[UTS46] Davis, M. and M. Suignard, "Unicode IDNA Compatibility Processing", Unicode Technical Standard #46, http://unicode.org/reports/tr46/.

[Unicode] The Unicode Consortium, "The Unicode Standard", http://www.unicode.org/versions/latest/.

[W3C.REC-html401-19991224] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01 Specification", World Wide Web Consortium Recommendation REC-html401-19991224, December 1999, http://www.w3.org/TR/1999/REC-html401-19991224/.

16.2 Informative References (信息性参考文献)

[Aircrack-ng] d'Otreppe, T., "Aircrack-ng", Accessed: 11-Jul-2010, http://www.aircrack-ng.org/.

[BeckTews09] Beck, M. and E. Tews, "Practical Attacks Against WEP and WPA", Second ACM Conference on Wireless Network Security Zurich, Switzerland, 2009, http://dl.acm.org/citation.cfm?id=1514286.

[CWE-113] "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", Common Weakness Enumeration http://cwe.mitre.org/, The Mitre Corporation http://www.mitre.org/, http://cwe.mitre.org/data/definitions/113.html.

[Firesheep] Various, "Firesheep", Wikipedia Online, ongoing, https://secure.wikimedia.org/wikipedia/en/w/index.php?title=Firesheep&oldid=517474182.

[ForceHTTPS] Jackson, C. and A. Barth, "ForceHTTPS: Protecting High-Security Web Sites from Network Attacks", In Proceedings of the 17th International World Wide Web Conference (WWW2008), 2008, https://crypto.stanford.edu/forcehttps/.

[GoodDhamijaEtAl05] Good, N., Dhamija, R., Grossklags, J., Thaw, D., Aronowitz, S., Mulligan, D., and J. Konstan, "Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware", In Proceedings of Symposium On Usable Privacy and Security (SOUPS) Pittsburgh, PA, USA, July 2005, http://cups.cs.cmu.edu/soups/2005/2005proceedings.html.

[HTTP1_1-UPD] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, and Message Parsing", Work in Progress, March 2012.

[JacksonBarth2008] Jackson, C. and A. Barth, "Beware of Finer-Grained Origins", In Web 2.0 Security and Privacy 2008, May 2008, http://w2spconf.com/2008/papers/s4p2.pdf.

[Menczer] Menczer, F., "Combining Link and Content Analysis to Estimate Semantic Similarity", In Proceedings of the 13th International World Wide Web Conference (WWW2004) Semantic Web Track New York, NY, USA, May 2004, http://eda.mmci.uni-saarland.de/pubs/2004/combining-menczer.pdf.

[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, March 2005.

[RFC4732] Handley, M., Ed., Rescorla, E., Ed., and IAB, "Internet Denial-of-Service Considerations", RFC 4732, December 2006.

[RFC5894] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Background, Explanation, and Rationale", RFC 5894, August 2010.

[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification", RFC 5905, June 2010.

[RFC6101] Freier, A., Karlton, P., and P. Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0", RFC 6101, August 2011.

[RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, April 2011.

[RFC6454] Barth, A., "The Web Origin Concept", RFC 6454, December 2011.

[SSLstrip] Marlinspike, M., "New Tricks for Defeating SSL In Practice", February 2009, http://www.thoughtcrime.org/software/sslstrip/.

[SunshineEgelmanEtAl09] Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., and L. Cranor, "Crying Wolf: An Empirical Study of SSL Warning Effectiveness", In USENIX Security Symposium 2009, 2009, http://www.usenix.org/events/sec09/tech/full_papers/sunshine.pdf.

[W3C.REC-wsc-ui-20100812] Roessler, T. and A. Saldhana, "Web Security Context: User Interface Guidelines", World Wide Web Consortium Recommendation REC-wsc-ui-20100812, August 2010, http://www.w3.org/TR/2010/REC-wsc-ui-20100812.

[WebTracking] "Web Tracking", Center for Democracy & Technology, Accessed: 01-Mar-2012, http://www.cdt.org/privacy/guide/protect/tracking.php.

[preload-list] "Chromium HTTP Strict Transport Security (HSTS) preload list submission form", Accessed: 22-Mar-2012, http://www.chromium.org/sts.