# SID	@(#) links.txt 1.8 22/10/10 20:00:20

# name | description
#------+----------------------------------------------------------------------+
OWASP TLS Cheat Sheet	https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
OWASP Certificate and Public Key Pinning	https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
OWASP HTTP Strict Transport Security	https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
BEAR and LION	https://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf
BSI TR-02102 Teil 2	https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-2.pdf
ENISA: Algorithms, Key Sizes and Parameters Report	http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report
EV Certificate	http://www.evsslcertificate.com/
EV Certificate Guidelines	https://www.cabforum.org/EV_Certificate_Guidelines.pdf
Adantium	https://eprint.iacr.org/2018/720.pdf
Adantium 	https://github.com/google/adiantum
AIA	http://www.startssl.com/certs/sub.class4.server.ca.crt
ALPN (draft)	http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
ALPN 	https://www.imperialviolet.org/2013/03/20/alpn.html
CDP	http://www.startssl.com/crt4-crl.crl, http://crl.startssl.com/crt4-crl.crl
Choosen-boundary attack	http://erlend.oftedal.no/blog/beast/
CT	http://ctwatch.net/
False Start	https://www.imperialviolet.org/2012/04/11/falsestart.html
False Start 	https://technotes.googlecode.com/git/falsestart.html
HPKP	https://timtaubert.de/blog/2014/10/http-public-key-pinning-explained/
HPKP 	https://blog.pregos.info/2015/02/23/http-public-key-pinning-hpkp-erklaerung-und-einrichtung/
HPKP  	https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead
HPKP in Chrome	hrome://net-internals/#hsts    (show, reset pins in Chrome)
HSTS	http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
NaCl	http://nacl.cr.yp.to
NPN (draft)	https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-04.html
NPN	https://technotes.googlecode.com/git/nextprotoneg.html
NPN 	https://www.imperialviolet.org/2013/03/20/alpn.html
OCSP	http://ocsp.startssl.com/sub/class4/server/ca
OCSP Stapling	http://en.wikipedia.org/wiki/OCSP_stapling
PFS	http://en.wikipedia.org/wiki/Perfect_forward_secrecy
Resumtion	https://www.imperialviolet.org/2011/11/22/forwardsecret.html
Resumtion	https://www.imperialviolet.org/2013/06/27/botchingpfs.html
SCSV	https://datatracker.ietf.org/doc/draft-bmoeller-tls-downgrade-scsv/?include_text=1
Security Flaws by CBC Padding	https://link.springer.com/content/pdf/10.1007/3-540-46035-7_35.pdf
Server Pinning	https://tools.ietf.org/id/draft-sheffer-tls-pinning-ticket-02.txt
SNI apache	https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
SIMON and SPECK	https://eprint.iacr.org/2013/404
SM4	https://tools.ietf.org/id/draft-crypto-sm4-00.html
Pseudo Constant Time Implementations of TLS	https://eprint.iacr.org/2018/747.pdf
LatinDances	http://cr.yp.to/rumba20/newfeatures-20071218.pdf
LatinDances2	https://eprint.iacr.org/2012/065.pdf
Poly1305_Donna	https://github.com/floodyberry/poly1305-donna
Cache-Collisions	http://research.microsoft.com/pubs/64024/aes-timing.pdf
Snuffle	https://cr.yp.to/snuffle/812.pdf
BADA55	https://bada55.cr.yp.to/
SPDY/3	http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3
SPDY Protocol	http://www.chromium.org/spdy/spdy-protocol
SRI	Subresource Integrity: https://www.w3.org/TR/SRI/ 4/2016
SRI (Mozilla)	https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
TACK	http://tack.io/draft.html, 2013 Moxie Marlinspike, Trevor Perrin
TLS Attacker	https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2016/10/19/tls-attacker-ccs16.pdf
TLS Lite	http://trevp.net/tlslite/
Elliptic Curve	https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Supported_elliptic_curves
Elliptic Curve for IPsec	https://www.researchgate.net/profile/Johannes_Merkle/publication/260050106_Standardisierung_der_Brainpool-Kurven_fur_TLS_und_IPSec/links/00b7d52f36a0cc2fdd000000.pdf
Elliptic Curve 	http://datatracker.ietf.org/doc/draft-mcgrew-tls-aes-ccm-ecc/
Elliptic Curve  	http://datatracker.ietf.org/doc/draft-merkle-tls-brainpool/
Elliptic Curve   	http://datatracker.ietf.org/doc/draft-merkle-ikev2-ke-brainpool/
Elliptic Curve    	http://datatracker.ietf.org/doc/draft-sheffer-ipsecme-dh-checks/
Elliptic Curve     	https://tools.ietf.org/html/draft-josefsson-tls-curve25519-06
Elliptic Curve     	http://eprint.iacr.org/2007/286
Elliptic Curve      	http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf
Elliptic Curve       	https://datatracker.ietf.org/doc/draft-harkins-ikev3/
XMSS	https://eprint.iacr.org/2011/484.pdf

Attacks	https://tls-scanner.cs.uni-paderborn.de/wiki
3SHAKE	https://mitls.org/pages/attacks/3SHAKE
ALPACA	?
Bar Mitzvah	https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
BEAST	https://vnhacker.blogspot.com/2011/09/beast.html https://nerdoholic.org/uploads/dergln/beast_part2/ssl_jun21.pdf
BREACH	http://www.breachattack.com/
CCS	http://ccsinjection.lepidum.co.jp/
CRIME	http://zoompf.com/2012/09/explaining-the-crime-weakness-in-spdy-and-ssl https://www.gracefulsecurity.com/crime-against-tls/
DROWN	https://drownattack.com/
EFAIL	https://efail.de/ https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf
FREAK	https://freakattack.com/
FREAK	https://mitls.org/pages/attacks/SMACK#freak
Lucky 13	http://www.isg.rhul.ac.uk/tls/Lucky13.html
Lucky 13 Microseconds	http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.738.4741&rep=rep1&type=pdf
Lucky 13 Strickes Back	http://v.wpi.edu/wp-content/uploads/Papers/Publications/asiaccs2015_lucky.pdf
LogJam	https://weakdh.org/
NOMORE	https://www.rc4nomore.com/
POODLE	https://www.openssl.org/~bodo/ssl-poodle.pdf  https://www.imperialviolet.org/2014/10/14/poodle.html  https://www.imperialviolet.org/2014/12/08/poodleagain.html
RACCOON	?
ROCA	https://crocs.fi.muni.cz/public/papers/rsa_ccs17
ROBOT	https://robotattack.org/
SHAttered	https://shattered.io
SLOTH	https://www.mitls.org/pages/attacks/SLOTH
SKIP	https://mitls.org/pages/attacks/SMACK
SMACK	https://mitls.org/pages/attacks/SMACK  https://www.smacktls.com/
Sweet32	https://sweet32.info/  https://www.openssl.org/blog/blog/2016/08/24/sweet32/
TIME	?

# TS 102 042 : http://
    #
    #        http://rsapss.hboeck.de/rsapss-1.0.1.pdf
    #        https://www.bsi.bund.de/DE/Themen/weitereThemen/SINA/sina_node.html
    #        http://datatracker.ietf.org/doc/draft-eastlake-additional-xmlsec-uris/
# Firefox Add-ons
    #        https://calomel.org/firefox_ssl_validation.htm  Calomel SSL Validation
    #        https://addons.mozilla.org/de/firefox/addon/cert-viewer-plus/   Cert Viewer Plus
    #
    #        http://patrol.psyced.org/       Certifiate Patrol
    #        certwatch.simos.info            CertWatch
    #