diff --git a/3_mtc.typ b/3_mtc.typ index 6f77a9f..ecc93b3 100644 --- a/3_mtc.typ +++ b/3_mtc.typ @@ -65,7 +65,7 @@ With this terminology, the following explains the certificate issuance flow depi + Every time a batch becomes ready, the @ca builds the Merkle Tree, signs the whole Validity Window, which includes the new Batch Tree Head, with a @pq algorithm, and publishes the tree to the Transparency Services. + The @ca also sends the inclusion proof back to the @ap, which can subsequently use it to authenticate against #glspl("rp") that trust this batch. // + The Transparency Services recompute the Merkle Tree to validate the Merkle Tree Head contains exactly what is advertised and validate the signature of the Batch Tree Head. -+ Monitors mirror all Assertions published to the Transparency Services and check for fraudulent behavior. ++ Monitors mirror all Assertions published to the Transparency Services and check for fraudulent behavior. This can include, but is not limited to, notifying domain owners about certificates issued. + @rp:pl regularly update their trust anchors to the most recent Batch Tree Heads validated by their trusted Transparency Service(s). + When connecting to an @ap, the @rp signals which trust anchors it supports, i.e., which tree heads it trusts. diff --git a/main.typ b/main.typ index 0dd0759..391703c 100644 --- a/main.typ +++ b/main.typ @@ -72,4 +72,4 @@ #include "B_appendix.typ" = Bibliography -#bibliography("references.bib", title: none) \ No newline at end of file +#bibliography("references.yaml", title: none) \ No newline at end of file diff --git a/references.yaml b/references.yaml new file mode 100644 index 0000000..2641526 --- /dev/null +++ b/references.yaml @@ -0,0 +1,1113 @@ +lets_encrypt_new_crl: + type: web + title: A New Life for Certificate Revocation Lists + author: Aaron Gable + date: 2022-09-07 + url: + value: https://letsencrypt.org/2022/09/07/new-life-for-crls/ + date: 2024-10-31 +rfc_rpki: + type: report + title: A Profile for X.509 {PKIX} Resource Certificates + author: + - Huston, Geoff + - Loomans, Robert + - Michaelson, George G. + date: 2012-02 + organization: Internet Engineering Task Force + genre: Request for Comments + issue: RFC6487 + serial-number: + doi: 10.17487/RFC6487 +apple_cert_lifetime: + type: web + title: About upcoming limits on trusted certificates + date: 2023-08-21 + url: + value: https://support.apple.com/en-us/102028 + date: 2024-09-22 +dennis_cert_size: + type: report + title: Abridged Compression for {WebPKI} Certificates + author: Jackson, Dennis + date: 2024-09-16 + organization: Internet Engineering Task Force + genre: Internet Draft + issue: draft-ietf-tls-cert-abridge-02 + url: + value: https://datatracker.ietf.org/doc/draft-ietf-tls-cert-abridge-02 + date: 2024-11-25 +add_mtc_tai: + type: web + title: 'Adopt `{TrustAnchorIdentifiers}` from v03 of {MTC} draft by pohlm01 · Pull Request #5 · bwesterb/mtc' + author: Maximilian Pohl + url: + value: https://github.com/bwesterb/mtc/pull/5 + date: 2024-11-19 +fix_mtc_length_prefix_2: + type: web + title: 'Adopt tests for fixed length prefix in #2 by pohlm01 · Pull Request #4 · bwesterb/mtc' + author: Maximilian Pohl + url: + value: https://github.com/bwesterb/mtc/pull/4 + date: 2024-11-19 +fix_mtc_tai: + type: web + title: 'Adopt to davidben/merkle-tree-certs#91 by pohlm01 · Pull Request #8 · bwesterb/mtc' + author: Maximilian Pohl + url: + value: https://github.com/bwesterb/mtc/pull/8 + date: 2024-11-19 +supersede_certificate_type: + type: web + title: 'Adoptions to supersede `server/client_certificate_type` extensions · Issue #76 · davidben/tls-trust-expressions' + author: Maximilian Pohl + url: + value: https://github.com/davidben/tls-trust-expressions/issues/76 + date: 2024-11-19 +merkle_tree_second_preimage: + type: web + title: + value: Answer to "What is the purpose of using different hash functions for the leaves and internals of a hash tree?" + short: Answer to "What is the purpose of using different hash functions for the leaves and internals of a hash tree? + author: Karonen, Ilmari + date: 2012-03-17 + url: + value: https://crypto.stackexchange.com/a/2107 + date: 2024-12-04 +apple_enforce_ct: + type: web + title: Apple's Certificate Transparency policy – Apple Support ({UK}) + date: 2023-11-30 + url: + value: https://support.apple.com/en-gb/103214 + date: 2024-09-22 +rfc_acme: + type: report + title: Automatic Certificate Management Environment ({ACME}) + author: + - Barnes, Richard + - Hoffman-Andrews, Jacob + - McCarney, Daniel + - Kasten, James + date: 2019-03 + organization: Internet Engineering Task Force + genre: Request for Comments + issue: RFC8555 + url: + value: https://datatracker.ietf.org/doc/rfc8555 + date: 2024-09-21 + serial-number: + doi: 10.17487/RFC8555 +cab_ocsp_optional_crl_mandatory: + type: misc + title: Baseline Requirements for the Issuance and Management of Publicly-Trusted {TLS} Server Certificates + author: + - Iñigo Barreira + - Clint Wilson + date: 2024-10-02 + url: + value: https://github.com/cabforum/servercert/blob/d820f37f9e1550805c210dcaf5162b7f86ccfb69/docs/BR.md + date: 2024-10-31 + serial-number: + version: 2.0.8 +chrome_cert_lifetime: + type: web + title: Certificate Lifetimes + author: Ryan Sleevi + date: 2020-06-23 + url: + value: https://chromium.googlesource.com/chromium/src/+/b9ee8e9f75279615be7c153ce2520a40cec4c14f/net/docs/certificate_lifetimes.md + date: 2024-09-22 +rfc_ct: + type: report + title: Certificate Transparency + author: + - Laurie, Ben + - Langley, Adam + - Kasper, Emilia + date: 2013-06 + organization: Internet Engineering Task Force + genre: Request for Comments + issue: RFC6962 + url: + value: https://datatracker.ietf.org/doc/rfc6962 + date: 2024-11-14 + serial-number: + doi: 10.17487/RFC6962 +chrome_enforce_ct: + type: web + title: Certificate Transparency Enforcement in Google Chrome + author: Devon O'Brien + date: 2018-07-02 + url: + value: https://groups.google.com/a/chromium.org/g/ct-policy/c/wHILiYf31DE/m/iMFmpMEkAQAJ + date: 2024-09-22 +lets_encrypt_challange_types: + type: web + title: Challenge Types + date: 2023-02-13 + url: + value: https://letsencrypt.org/docs/challenge-types/ + date: 2024-10-31 +chrome_releases: + type: web + title: Chrome Releases + url: + value: https://chromereleases.googleblog.com/search/label/Desktop%20Update?updated-max=2024-12-11T10:45:00-08:00 + date: 2024-12-11 +chrome_root_store: + type: web + title: Chrome root store + url: + value: https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/root_store.md + date: 2024-11-06 + note: 'Version: 17' +fix_consitently_use_tai: + type: web + title: 'Consistently use {TAI} instead of issuer_id by pohlm01 · Pull Request #91 · davidben/merkle-tree-certs' + author: Maximilian Pohl + url: + value: https://github.com/davidben/merkle-tree-certs/pull/91 + date: 2024-11-19 +fix_mtc_length_prefix_3: + type: web + title: 'Corrects test vectors based on a wrong length encoding of the {DNS} name by pohlm01 · Pull Request #90 · davidben/merkle-tree-certs' + author: Maximilian Pohl + url: + value: https://github.com/davidben/merkle-tree-certs/pull/90 + date: 2024-11-19 +crlite_paper: + type: article + title: + value: '{CRLite}: A Scalable System for Pushing All {TLS} Revocations to All Browsers' + short: '{CRLite}' + author: + - Larisch, James + - Choffnes, David + - Levin, Dave + - Maggs, Bruce M. + - Mislove, Alan + - Wilson, Christo + date: 2017-05 + page-range: 539-556 + url: + value: https://ieeexplore.ieee.org/document/7958597 + date: 2024-10-31 + serial-number: + doi: 10.1109/SP.2017.17 + note: '{ISSN}: 2375-1207' + parent: + - type: proceedings + title: 2017 {IEEE} Symposium on Security and Privacy ({SP}) + - type: conference + title: 2017 {IEEE} Symposium on Security and Privacy ({SP}) +chrome_crlsets: + type: web + title: '{CRLSets}' + url: + value: https://www.chromium.org/Home/chromium-security/crlsets/ + date: 2024-10-31 +debian_ca_certificates: + type: web + title: Debian – Details of package ca-certificates in bookworm + url: + value: https://packages.debian.org/bookworm/ca-certificates + date: 2024-11-13 +file_structure: + type: web + title: 'Default file structure for {RP} and {AP} · Issue #97 · davidben/merkle-tree-certs' + author: Maximilian Pohl + url: + value: https://github.com/davidben/merkle-tree-certs/issues/97 + date: 2024-11-19 +apple_drop_tls: + type: web + title: Deprecation of Legacy {TLS} 1.0 and 1.1 Versions + author: Wood, Christopher + date: 2018-10-15 + url: + value: https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/ + date: 2024-09-23 +diginotar: + type: article + title: + value: '{DigiNotar}: Dissecting the First Dutch Digital Disaster' + short: '{DigiNotar}' + author: Van Der Meulen, Nicole + date: 2013-06 + page-range: 46-58 + serial-number: + doi: 10.5038/1944-0472.6.2.4 + issn: 1944-0464, 1944-0472 + parent: + type: periodical + title: Journal of Strategic Security + issue: 2 + volume: 6 +firefox_update_size: + type: web + title: 'Directory Listing: /pub/firefox/releases/' + url: + value: https://ftp.mozilla.org/pub/firefox/releases/ + date: 2024-12-11 +cloudflare_radar_domains: + type: web + title: Domain Rankings Worldwide {|} Cloudflare Radar + date: 2024-11-06 + url: + value: https://radar.cloudflare.com/domains + date: 2024-11-06 +e-rezept: + type: web + title: + value: 'E-Rezept: Regelmäßige {TI}-Störungen, Betroffene genervt von Informationspolitik' + short: E-Rezept + author: Marie-Claire Koch + date: 2024-03-12 + url: + value: https://www.heise.de/news/eHealth-TI-regelmaessig-gestoert-Betroffene-von-Informationspolitik-genervt-9651330.html + date: 2024-11-27 +cloudflare_ech: + type: web + title: Encrypted Client Hello - the last puzzle piece to privacy + author: + - Achiel van der Mandele + - Alessandro Ghedini + - Christopher Wood + - Rushil Mehra + date: 2023-09-29 + url: + value: https://blog.cloudflare.com/announcing-encrypted-client-hello + date: 2024-11-26 +falcon_down: + type: article + title: + value: '{FALCON} Down: Breaking {FALCON} Post-Quantum Signature Scheme through Side-Channel Attacks' + short: '{FALCON} Down' + author: + - Karabulut, Emre + - Aysu, Aydin + date: 2021-12 + page-range: 691-696 + serial-number: + doi: 10.1109/DAC18074.2021.9586131 + parent: + - type: proceedings + title: 2021 58th {ACM}/{IEEE} Design Automation Conference ({DAC}) + - type: conference + title: 2021 58th {ACM}/{IEEE} Design Automation Conference ({DAC}) +reddit_ocsp_firefox: + type: web + title: Firefox - The only browser doing certificate revocation checks right + author: MorrocMaster + date: 2024-03-10 +firefox_ech: + type: web + title: Firefox 119.0, See All New Features, Updates and Fixes + date: 2023-10-24 + url: + value: https://www.mozilla.org/en-US/firefox/119.0/releasenotes/ + date: 2024-11-26 +firefox_125_nightly: + type: web + title: Firefox Nightly 125.0a1, See All New Features, Updates and Fixes + date: 2024-02-19 + url: + value: https://www.mozilla.org/en-US/firefox/125.0a1/releasenotes/ + date: 2024-10-04 +first_acme: + type: web + title: First Let’s Encrypt Free Certificate Goes Live + author: Michael Mimoso + date: 2015-09-15 + url: + value: https://threatpost.com/first-lets-encrypt-free-certificate-goes-live/114675/ + date: 2024-09-22 +fix_mtc_length_prefix_1: + type: web + title: 'Fix prefix length for {DNSName} by pohlm01 · Pull Request #2 · bwesterb/mtc' + author: Maximilian Pohl + url: + value: https://github.com/bwesterb/mtc/pull/2 + date: 2024-11-19 +verification_transparency_dev: + type: misc + title: From Witnessing to Transparent Ecosystems + author: + - Martin Hutchinson + - Andrea Barisani + - Al Cutter + - Fillipo Valsorda + date: 2024-10-09 + url: + value: https://www.youtube.com/watch?v=v9cgvZXRRZU + date: 2024-12-02 +crl_sets_effectiveness: + type: web + title: '{GRC}''s {|} Chrome''s {CRLSet} Effectiveness Evaluation' + date: 2014-05-08 + url: + value: https://www.grc.com/revocation/crlsets.htm + date: 2024-10-31 +handbook_applied_crypto: + type: book + title: Handbook of Applied Cryptography + author: + - Menezes, Alfred J. + - Oorschot, Paul C. van + - Vanstone, Scott A. + date: 1997 + publisher: + name: '{CRC} Press' + location: Boca Raton + page-total: 810 + serial-number: + doi: 10.1201/9780429466335 +certificate_transparency: + type: web + title: 'How {CT} Works : Certificate Transparency' + url: + value: https://certificate.transparency.dev/howctworks/ + date: 2024-03-23 +ocsp_soft_fail: + type: web + title: How Do Browsers Handle Revoked {SSL}/{TLS} Certificates? + date: 2021-02-24 + url: + value: https://www.ssl.com/blogs/how-do-browsers-handle-revoked-ssl-tls-certificates/ + date: 2024-09-22 +tls_issuance_delay: + type: web + title: How long does it take to issue an {SSL} certificate? + url: + value: https://support.dnsimple.com/articles/how-long-to-issue-ssl-certificate/ + date: 2024-10-31 +tls1.3_hybrid: + type: report + title: Hybrid key exchange in {TLS} 1.3 + author: + - Stebila, Douglas + - Fluhrer, Scott + - Gueron, Shay + date: 2023-09-07 + organization: Internet Engineering Task Force + genre: Internet Draft + issue: draft-ietf-tls-hybrid-design-09 + url: https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/09/ +posix: + type: article + title: '{IEEE} Standard for Information Technology–Portable Operating System Interface ({POSIX}({TM})) Base Specifications, Issue 7' + date: 2018-01 + page-range: 1-3951 + serial-number: + doi: 10.1109/IEEESTD.2018.8277153 + note: 'Conference Name: {IEEE} Std 1003.1-2017 (Revision of {IEEE} Std 1003.1-2008)' + parent: + type: periodical + title: '{IEEE} Std 1003.1-2017 (Revision of {IEEE} Std 1003.1-2008)' +falcon_power_analysis: + type: article + title: Improved Power Analysis Attacks on Falcon + author: + - Zhang, Shiduo + - Lin, Xiuhan + - Yu, Yang + - Wang, Weijia + date: 2023 + editor: + - Hazay, Carmit + - Stam, Martijn + page-range: 565-595 + serial-number: + doi: 10.1007/978-3-031-30634-1_19 + parent: + type: proceedings + title: Advances in Cryptology – {EUROCRYPT} 2023 + publisher: + name: Springer Nature Switzerland + location: Cham +lets_encrypt_end_ocsp: + type: web + title: Intent to End {OCSP} Service + author: Josh Aas + date: 2024-07-23 + url: + value: https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls/ + date: 2024-10-31 +boeyen_internet_2008: + type: report + title: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List ({CRL}) Profile + author: + - Boeyen, Sharon + - Santesson, Stefan + - Polk, Tim + - Housley, Russ + - Farrell, Stephen + - Cooper, David + date: 2008-05 + organization: Internet Engineering Task Force + genre: Request for Comments + issue: RFC5280 + url: + value: https://datatracker.ietf.org/doc/rfc5280 + date: 2024-09-21 + serial-number: + doi: 10.17487/RFC5280 +rfc_pki: + type: report + title: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework + author: + - Ford, Warwick S. + - Chokhani, Santosh + - Wu, Stephen S. + - Sabett, Randy V. + - Merrill, Charles (Chas) R. + date: 2003-11 + organization: Internet Engineering Task Force + genre: Request for Comments + issue: RFC3647 + serial-number: + doi: 10.17487/RFC3647 +finished_message_tls13: + type: article + title: + value: 'Key Confirmation in Key Exchange: A Formal Treatment and Implications for {TLS} 1.3' + short: Key Confirmation in Key Exchange + author: + - Fischlin, Marc + - Günther, Felix + - Schmidt, Benedikt + - Warinschi, Bogdan + date: 2016-05 + page-range: 452-469 + url: + value: https://ieeexplore.ieee.org/document/7546517/?arnumber=7546517 + date: 2024-12-02 + serial-number: + doi: 10.1109/SP.2016.34 + parent: + - type: proceedings + title: 2016 {IEEE} Symposium on Security and Privacy ({SP}) + - type: conference + title: 2016 {IEEE} Symposium on Security and Privacy ({SP}) +lets_encrypt_stats: + type: web + title: Let's Encrypt Stats + url: + value: https://letsencrypt.org/stats/ + date: 2024-11-07 +chromium_ct_log_list: + type: misc + title: log_list.json - Chromium Code Search + url: + value: https://source.chromium.org/chromium/chromium/src/+/ddf98abcbd6101328e98ffd05ab07d6e8741f518:components/certificate_transparency/data/log_list.json + date: 2024-11-14 + serial-number: + version: ddf98ab +chrome_update_size: + type: web + title: Manage Chrome updates (Windows) - Chrome Enterprise and Education Help + url: + value: https://support.google.com/chrome/a/answer/6350036?hl=en#zippy=%2Chow-often-are-google-update-tasks-performed%2Cwhat-size-are-chrome-browser-updates%2Chow-often-does-google-update-check-for-updates + date: 2024-12-11 +supercop-hash: + type: web + title: 'Measurements of hash functions on one machine: amd64; Zen 4 (a60f12); 2023 {AMD} Ryzen 7 7700; 8 x 3800MHz; hertz, supercop-20241022' + author: + - Daniel J. Bernstein + - Tanja Lange + url: + value: http://bench.cr.yp.to/results-hash/amd64-hertz.html + date: 2024-12-20 + note: 'Page version: 20241215 22:59:22' +supercop-asym: + type: web + title: 'Measurements of public-key signature systems on one machine: amd64; Zen 4 (a60f12); 2023 {AMD} Ryzen 7 7700; 8 x 3800MHz; hertz, supercop-20241022' + author: + - Daniel J. Bernstein + - Tanja Lange + url: + value: http://bench.cr.yp.to/results-sign/amd64-hertz.html + date: 2024-12-20 + note: 'Page version: 20241215 22:59:18' +merkle_town: + type: web + title: Merkle Town + url: + value: https://ct.cloudflare.com/ + date: 2024-09-21 +rfc_mtc: + type: report + title: Merkle Tree Certificates for {TLS} + author: + - Benjamin, David + - O'Brien, Devon + - Westerbaan, Bas + date: 2024-09-05 + organization: Internet Engineering Task Force + genre: Internet Draft + issue: draft-davidben-tls-merkle-tree-certs-03 + url: + value: https://datatracker.ietf.org/doc/draft-davidben-tls-merkle-tree-certs-03 + date: 2024-09-19 +go_mtc_ca: + type: misc + title: Merkle Tree Certificates for {TLS} + author: + - Westerbaan, Bas + - Maximilian Pohl + date: 2024-11-15 + url: https://github.com/bwesterb/mtc + serial-number: + version: 1f7a83d +microsoft_drop_tls: + type: web + title: Modernizing {TLS} connections in Microsoft Edge and Internet Explorer 11 + author: + - Blog, Microsoft Edge + - Pflug, Kyle + date: 2018-10-15 + url: + value: https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/ + date: 2024-09-23 +chrome_drop_tls: + type: web + title: Modernizing Transport Security + author: David Benjamin + date: 2018-10-15 + url: + value: https://security.googleblog.com/2018/10/modernizing-transport-security.html + date: 2024-09-23 +fips_204: + type: report + title: Module-Lattice-Based Digital Signature Standard + author: National Institute of Standards and Technology + date: 2024-08-13 + publisher: + name: null + location: Gaithersburg, {MD} + organization: National Institute of Standards and Technology + issue: FIPS204 + serial-number: + doi: 10.6028/NIST.FIPS.204 +lets_encrypt_rustls: + type: web + title: + value: 'More Memory Safety for Let’s Encrypt: Deploying ntpd-rs' + short: More Memory Safety for Let’s Encrypt + author: Josh Aas + date: 2024-06-24 + url: + value: https://letsencrypt.org/2024/06/24/ntpd-rs-deployment/ + date: 2024-11-15 +firefox_releases: + type: web + title: Mozilla Firefox Release Notes + url: + value: https://www.mozilla.org/en-US/firefox/releases/ + date: 2024-12-11 +firefox_root_store: + type: web + title: Mozilla Included {CA} Certificate List + date: 2024-11-06 + url: + value: https://ccadb.my.salesforce-sites.com/mozilla/IncludedCACertificateReport + date: 2024-11-06 +mtc_fallback_estimate: + type: web + title: '{MTC} Fallback Estimates' + author: + - Lena Heimberger + - Bas Westerbaan + - Devon O'Brien + date: 2024-08-26 + url: + value: https://github.com/davidben/merkle-tree-certs/issues/89 + date: 2024-10-31 +ocsp_30p_faster: + type: web + title: + value: '{OCSP} Stapling: How {CloudFlare} Just Made {SSL} 30% Faster' + short: '{OCSP} Stapling' + author: Matthew Prince + date: 2012-10-29 + url: + value: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30 + date: 2024-09-22 +raavi_performance_2021: + type: article + title: Performance Characterization of Post-Quantum Digital Certificates + author: + - Raavi, Manohar + - Chandramouli, Pranav + - Wuthier, Simeon + - Zhou, Xiaobo + - Chang, Sang-Yoon + date: 2021-07 + page-range: 1-9 + url: + value: https://ieeexplore.ieee.org/abstract/document/9522179 + date: 2024-02-16 + serial-number: + doi: 10.1109/ICCCN52240.2021.9522179 + note: '{ISSN}: 2637-9430' + parent: + - type: proceedings + title: 2021 International Conference on Computer Communications and Networks ({ICCCN}) + - type: conference + title: 2021 International Conference on Computer Communications and Networks ({ICCCN}) +github_mtc_verifier: + type: misc + title: pohlm01/mtc-verifier + author: Maximilian Pohl + date: 2024-11-15 + url: + value: https://github.com/pohlm01/mtc-verifier + date: 2024-11-15 + serial-number: + version: 3b72ecc +czajkowski_post-quantum_2017: + type: misc + title: Post-quantum security of the sponge construction + author: + - Czajkowski, Jan + - Bruinderink, Leon Groot + - Hülsing, Andreas + - Schaffner, Christian + - Unruh, Dominique + date: 2017 + issue: 2017/771 + url: + value: https://eprint.iacr.org/2017/771 + date: 2024-09-19 + note: 'Publication info: Preprint. {MINOR} revision.' +kem_tls: + type: article + title: Post-Quantum {TLS} Without Handshake Signatures + author: + - Schwabe, Peter + - Stebila, Douglas + - Wiggers, Thom + date: 2020-11-02 + page-range: 1461-1480 + serial-number: + doi: 10.1145/3372297.3423350 + isbn: 978-1-4503-7089-9 + parent: + type: proceedings + title: Proceedings of the 2020 {ACM} {SIGSAC} Conference on Computer and Communications Security + publisher: + name: Association for Computing Machinery + location: New York, {NY}, {USA} + parent: + type: proceedings + title: '{CCS} ''20' +firefox_drop_tls: + type: web + title: Removing Old Versions of {TLS} + author: Thomson, Martin + date: 2018-10-15 + url: + value: https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls + date: 2024-09-23 +mtc_use_mldsa: + type: web + title: 'Replace Dilithium with {ML}-{DSA} by pohlm01 · Pull Request #9 · bwesterb/mtc' + url: + value: https://github.com/bwesterb/mtc/pull/9 + date: 2024-11-19 +go_root_store: + type: misc + title: root_linux.go {|} golang/go + author: Filippo Valsorda + url: + value: https://github.com/golang/go/blob/c759ea7471de5a62c88325981e8c86beab78bed8/src/crypto/x509/root_linux.go + date: 2024-11-13 + serial-number: + version: b01cb72 +linux_kernel_rust: + type: web + title: Rust — The Linux Kernel documentation + url: + value: https://docs.kernel.org/rust/index.html#the-rust-experiment + date: 2024-03-13 +rust: + type: web + title: Rust Programming Language + url: + value: https://www.rust-lang.org/ + date: 2024-03-13 +rustls_openssl_nginx: + type: web + title: Rustls Gains {OpenSSL} and Nginx Compatibility + author: Josh Aas + date: 2024-05-08 + url: + value: https://www.memorysafety.org/blog/rustls-nginx-compatibility-layer/ + date: 2024-11-15 +github_rustls: + type: misc + title: 'rustls/rustls: A modern {TLS} library in Rust' + author: + - Joe Birr-Pixton + - Dirkjan Ochtman + - Daniel McCarney + - Brian Smith + - Jacob Hoffman-Andrews + - Jorge Aparicio + - Benjamin Saunders + - Christian Poveda Ruiz + - Adolfo Ochagavía + - Mend Renovate + date: 2024-10-17 + url: + value: https://github.com/rustls/rustls + date: 2024-11-15 + serial-number: + version: b553880 +github_rustls_webpki: + type: misc + title: 'rustls/webpki: {WebPKI} X.509 Certificate Validation in Rust' + author: + - Brian Smith + - Daniel McCarney + - Dirkjan Ochtman + - Joe Birr-Pixton + - Jasper Patterson + - Alex Gaynor + - Rafael Fernández López + - Stepan Koltsov + - Sietse Ringers + date: 2024-11-02 + publisher: rustls + url: + value: https://github.com/rustls/webpki + date: 2024-11-15 + serial-number: + version: fc04aaf +apple_45_days_cert: + type: misc + title: '{SC}-081: Introduce Schedule of Reducing Validity and Data Reuse Periods by clintwilson' + author: Clint Wilson + date: 2024-10-10 + url: + value: https://github.com/cabforum/servercert/pull/553 + date: 2024-10-30 +google_view_rust: + type: report + title: 'Secure by Design: Google''s Perspective on Memory Safety' + author: + - Rebert, Alex + - Kern, Christoph + date: 2024 + organization: Google Security Engineering +sigma_protocol: + type: anthos + title: + value: '{SIGMA}: The ‘{SIGn}-and-{MAc}’ Approach to Authenticated Diffie-Hellman and Its Use in the {IKE} Protocols' + short: '{SIGMA}' + author: Krawczyk, Hugo + date: 2003 + editor: + - Boneh, Dan + - Goos, Gerhard + - Hartmanis, Juris + - Van Leeuwen, Jan + page-range: 400-425 + url: + value: http://link.springer.com/10.1007/978-3-540-45146-4_24 + date: 2024-11-27 + serial-number: + doi: 10.1007/978-3-540-45146-4_24 + isbn: 978-3-540-40674-7 + note: 'Series Title: Lecture Notes in Computer Science' + parent: + type: anthology + title: Advances in Cryptology - {CRYPTO} 2003 + publisher: + name: Springer Berlin Heidelberg + location: Berlin, Heidelberg + volume: 2729 +sphincs_proposal: + type: report + title: '{SPHINCS}+ {|} Submission to the {NIST} post-quantum project, v.3.1' + author: + - Jean-Philippe Aumasson + - Daniel J. Bernstein + - Ward Beullens + - Christoph Dobraunig + - Maria Eichlseder + - Scott Fluhrer + - Stefan-Lukas Gazdag + - Andreas Hülsing + - Panos Kampanakis + - Stefan Kölbl + - Tanja Lange + - Martin M. Lauridsen + - Florian Mendel + - Ruben Niederhagen + - Christian Rechberger + - Joost Rijneveld + - Peter Schwabe + - Bas Westerbaan + date: 2022-06-10 + url: + value: https://sphincs.org/data/sphincs+-r3.1-specification.pdf + date: 2024-11-27 +ssl_tls_book: + type: book + title: + value: '{SSL} and {TLS}: Theory and Practice' + short: '{SSL} and {TLS}' + author: Oppliger, Rolf + date: 2023 + publisher: Artech House + edition: Third edition + page-total: 352 + serial-number: + isbn: 978-1-68569-015-1 + parent: + type: book + title: Artech House information security and privacy series +firefox_telemetry: + type: web + title: '{SSL} Ratios (public) - Mozilla Data Documentation' + url: + value: https://docs.telemetry.mozilla.org/datasets/other/ssl/reference.html + date: 2024-10-04 +fips_205: + type: report + title: Stateless Hash-Based Digital Signature Standard + author: National Institute of Standards and Technology + date: 2024-08-13 + publisher: + name: null + location: Gaithersburg, {MD} + organization: National Institute of Standards and Technology + issue: FIPS205 + serial-number: + doi: 10.6028/NIST.FIPS.205 +supercop: + type: web + title: '{SUPERCOP}' + author: + - Daniel J. Bernstein + - Tanja Lange + url: + value: https://bench.cr.yp.to/supercop.html + date: 2024-12-26 +mozilla_crlite: + type: web + title: The End-to-End Design of {CRLite} + author: Jones, J. C. + date: 2020-01-09 + url: + value: https://blog.mozilla.org/security/2020/01/09/crlite-part-2-end-to-end-design + date: 2024-11-06 +bas_westerbaan_state_2024: + type: web + title: The state of the post-quantum Internet + author: Bas Westerbaan + date: 2024-03-05 + url: + value: https://blog.cloudflare.com/pq-2024 + date: 2024-03-13 +rfc_tls13: + type: report + title: The Transport Layer Security ({TLS}) Protocol Version 1.3 + author: Rescorla, Eric + date: 2018-08 + organization: Internet Engineering Task Force + genre: Request for Comments + issue: RFC8446 + serial-number: + doi: 10.17487/RFC8446 +david_adrian_tldrfail_2023: + type: web + title: tldr.fail + author: + - David Adrian + - Emily Stark + - Ryan Dickson + date: 2023-09-28 + url: + value: https://tldr.fail/ + date: 2024-03-10 +rfc_ech: + type: report + title: '{TLS} Encrypted Client Hello' + author: + - Rescorla, Eric + - Oku, Kazuho + - Sullivan, Nick + - Wood, Christopher A. + date: 2024-09-15 + organization: Internet Engineering Task Force + genre: Internet Draft + issue: draft-ietf-tls-esni-22 + url: + value: https://datatracker.ietf.org/doc/draft-ietf-tls-esni + date: 2024-11-26 +apple_ech: + type: web + title: '{TLS} Encrypted Client Hello · Issue #46 · {WebKit}/standards-positions' + url: + value: https://github.com/WebKit/standards-positions/issues/46 + date: 2024-11-26 +chrome_ech: + type: web + title: '{TLS} Encrypted Client Hello ({ECH}) - Chrome Platform Status' + date: 2023-12-12 + url: + value: https://chromestatus.com/feature/6196703843581952 + date: 2024-11-26 +rfc_tai: + type: report + title: '{TLS} Trust Anchor Identifiers' + author: + - Beck, Bob + - Bob Beck + - Benjamin, David + - O'Brien, Devon + date: 2024-10-10 + organization: Internet Engineering Task Force + genre: Internet Draft + issue: draft-beck-tls-trust-anchor-ids-02 + url: + value: https://datatracker.ietf.org/doc/draft-beck-tls-trust-anchor-ids-02 + date: 2024-11-15 +tranco: + type: article + title: + value: 'Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation' + short: Tranco + author: + - Le Pochat, Victor + - Van Goethem, Tom + - Tajalizadehkhoob, Samaneh + - Korczynski, Maciej + - Joosen, Wouter + date: 2019 + serial-number: + doi: 10.14722/ndss.2019.23386 + parent: + - type: proceedings + title: Proceedings 2019 Network and Distributed System Security Symposium + publisher: + name: Internet Society + location: San Diego, {CA} + - type: conference + title: Network and Distributed System Security Symposium +armored_witness: + type: misc + title: transparency-dev/armored-witness + author: + - Al Cutter + - Jay Hou + - Martin Hutchinson + - Roger Ng + - Philippe Boneff + - Jussi Kukkonen + date: 2024-11-25 + publisher: transparency-dev + url: + value: https://github.com/transparency-dev/armored-witness/tree/3cd18d29f76933a4bc7e0093b04e4d93a299ce8e + date: 2024-12-02 + serial-number: + version: 3cd18d2 +rfc_ocsp_stapling: + type: report + title: + value: 'Transport Layer Security ({TLS}) Extensions: Extension Definitions' + short: Transport Layer Security ({TLS}) Extensions + author: Eastlake 3rd, Donald E. + date: 2011-01 + organization: Internet Engineering Task Force + genre: Request for Comments + issue: RFC6066 + serial-number: + doi: 10.17487/RFC6066 +trillian_firmware_transparency: + type: misc + title: Trilian - Firmware Transparency {|} google/trillian-examples + date: 2024-11-13 + url: + value: https://github.com/google/trillian-examples/tree/ded41b7d3a733970b3a40db93e16f692ee9ea62f/binary_transparency/firmware + date: 2024-11-13 + serial-number: + version: ded41b7 +add_array_embedding: + type: web + title: 'Use `{<}1..2{^}24-1{>}` encoding for all certificate types by pohlm01 · Pull Request #95 · davidben/merkle-tree-certs' + author: Maximilian Pohl + url: + value: https://github.com/davidben/merkle-tree-certs/pull/95 + date: 2024-11-19 +rfc_raw_public_keys: + type: report + title: Using Raw Public Keys in Transport Layer Security ({TLS}) and Datagram Transport Layer Security ({DTLS}) + author: + - Wouters, Paul + - Tschofenig, Hannes + - Gilmore, John IETF + - Weiler, Samuel + - Kivinen, Tero + date: 2014-06 + organization: Internet Engineering Task Force + genre: Request for Comments + issue: RFC7250 + url: + value: https://datatracker.ietf.org/doc/rfc7250 + date: 2024-03-28 + serial-number: + doi: 10.17487/RFC7250 +okta_pki: + type: web + title: + value: What Is Public Key Infrastructure ({PKI}) & How Does It Work? {|} Okta + short: What Is Public Key Infrastructure ({PKI}) & How Does It Work? + date: 2024-08-29 + url: + value: https://www.okta.com/identity-101/public-key-infrastructure/ + date: 2024-09-21 +lets_encrypt_cert_lifetime: + type: web + title: + value: Why ninety-day lifetimes for certificates? + short: Why ninety-day lifetimes for certificates? + author: Josh Aas + date: 2015-11-09 + url: + value: https://letsencrypt.org/2015/11/09/why-90-days.html + date: 2024-09-22 +cloudflare_radar: + type: web + title: Worldwide Adoption & Usage {|} Cloudflare Radar + url: + value: https://radar.cloudflare.com/adoption-and-usage + date: 2024-09-23 +rfc_ocsp: + type: report + title: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - {OCSP} + author: + - Galperin, Slava + - Adams, Carlisle + - Myers, Michael + - Ankney, Rich + - Malpani, Ambarish N. + date: 1999-06 + organization: Internet Engineering Task Force + genre: Request for Comments + issue: RFC2560 + serial-number: + doi: 10.17487/RFC2560 +chrome_kyber: + type: web + title: X25519Kyber768 key encapsulation for {TLS} - Chrome Platform Status + author: David Adrian + date: 2023-04-28 + url: + value: https://chromestatus.com/feature/5257822742249472 + date: 2024-10-04 +