# SID @(#) links.txt 1.8 22/10/10 20:00:20 # name | description #------+----------------------------------------------------------------------+ OWASP TLS Cheat Sheet https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet OWASP Certificate and Public Key Pinning https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning OWASP HTTP Strict Transport Security https://www.owasp.org/index.php/HTTP_Strict_Transport_Security BEAR and LION https://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf BSI TR-02102 Teil 2 https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-2.pdf ENISA: Algorithms, Key Sizes and Parameters Report http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report EV Certificate http://www.evsslcertificate.com/ EV Certificate Guidelines https://www.cabforum.org/EV_Certificate_Guidelines.pdf Adantium https://eprint.iacr.org/2018/720.pdf Adantium https://github.com/google/adiantum AIA http://www.startssl.com/certs/sub.class4.server.ca.crt ALPN (draft) http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02 ALPN https://www.imperialviolet.org/2013/03/20/alpn.html CDP http://www.startssl.com/crt4-crl.crl, http://crl.startssl.com/crt4-crl.crl Choosen-boundary attack http://erlend.oftedal.no/blog/beast/ CT http://ctwatch.net/ False Start https://www.imperialviolet.org/2012/04/11/falsestart.html False Start https://technotes.googlecode.com/git/falsestart.html HPKP https://timtaubert.de/blog/2014/10/http-public-key-pinning-explained/ HPKP https://blog.pregos.info/2015/02/23/http-public-key-pinning-hpkp-erklaerung-und-einrichtung/ HPKP https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead HPKP in Chrome hrome://net-internals/#hsts (show, reset pins in Chrome) HSTS http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02 NaCl http://nacl.cr.yp.to NPN (draft) https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-04.html NPN https://technotes.googlecode.com/git/nextprotoneg.html NPN https://www.imperialviolet.org/2013/03/20/alpn.html OCSP http://ocsp.startssl.com/sub/class4/server/ca OCSP Stapling http://en.wikipedia.org/wiki/OCSP_stapling PFS http://en.wikipedia.org/wiki/Perfect_forward_secrecy Resumtion https://www.imperialviolet.org/2011/11/22/forwardsecret.html Resumtion https://www.imperialviolet.org/2013/06/27/botchingpfs.html SCSV https://datatracker.ietf.org/doc/draft-bmoeller-tls-downgrade-scsv/?include_text=1 Security Flaws by CBC Padding https://link.springer.com/content/pdf/10.1007/3-540-46035-7_35.pdf Server Pinning https://tools.ietf.org/id/draft-sheffer-tls-pinning-ticket-02.txt SNI apache https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI SIMON and SPECK https://eprint.iacr.org/2013/404 SM4 https://tools.ietf.org/id/draft-crypto-sm4-00.html Pseudo Constant Time Implementations of TLS https://eprint.iacr.org/2018/747.pdf LatinDances http://cr.yp.to/rumba20/newfeatures-20071218.pdf LatinDances2 https://eprint.iacr.org/2012/065.pdf Poly1305_Donna https://github.com/floodyberry/poly1305-donna Cache-Collisions http://research.microsoft.com/pubs/64024/aes-timing.pdf Snuffle https://cr.yp.to/snuffle/812.pdf BADA55 https://bada55.cr.yp.to/ SPDY/3 http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3 SPDY Protocol http://www.chromium.org/spdy/spdy-protocol SRI Subresource Integrity: https://www.w3.org/TR/SRI/ 4/2016 SRI (Mozilla) https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity TACK http://tack.io/draft.html, 2013 Moxie Marlinspike, Trevor Perrin TLS Attacker https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2016/10/19/tls-attacker-ccs16.pdf TLS Lite http://trevp.net/tlslite/ Elliptic Curve https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Supported_elliptic_curves Elliptic Curve for IPsec https://www.researchgate.net/profile/Johannes_Merkle/publication/260050106_Standardisierung_der_Brainpool-Kurven_fur_TLS_und_IPSec/links/00b7d52f36a0cc2fdd000000.pdf Elliptic Curve http://datatracker.ietf.org/doc/draft-mcgrew-tls-aes-ccm-ecc/ Elliptic Curve http://datatracker.ietf.org/doc/draft-merkle-tls-brainpool/ Elliptic Curve http://datatracker.ietf.org/doc/draft-merkle-ikev2-ke-brainpool/ Elliptic Curve http://datatracker.ietf.org/doc/draft-sheffer-ipsecme-dh-checks/ Elliptic Curve https://tools.ietf.org/html/draft-josefsson-tls-curve25519-06 Elliptic Curve http://eprint.iacr.org/2007/286 Elliptic Curve http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf Elliptic Curve https://datatracker.ietf.org/doc/draft-harkins-ikev3/ XMSS https://eprint.iacr.org/2011/484.pdf Attacks https://tls-scanner.cs.uni-paderborn.de/wiki 3SHAKE https://mitls.org/pages/attacks/3SHAKE ALPACA ? Bar Mitzvah https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf BEAST https://vnhacker.blogspot.com/2011/09/beast.html https://nerdoholic.org/uploads/dergln/beast_part2/ssl_jun21.pdf BREACH http://www.breachattack.com/ CCS http://ccsinjection.lepidum.co.jp/ CRIME http://zoompf.com/2012/09/explaining-the-crime-weakness-in-spdy-and-ssl https://www.gracefulsecurity.com/crime-against-tls/ DROWN https://drownattack.com/ EFAIL https://efail.de/ https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf FREAK https://freakattack.com/ FREAK https://mitls.org/pages/attacks/SMACK#freak Lucky 13 http://www.isg.rhul.ac.uk/tls/Lucky13.html Lucky 13 Microseconds http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.738.4741&rep=rep1&type=pdf Lucky 13 Strickes Back http://v.wpi.edu/wp-content/uploads/Papers/Publications/asiaccs2015_lucky.pdf LogJam https://weakdh.org/ NOMORE https://www.rc4nomore.com/ POODLE https://www.openssl.org/~bodo/ssl-poodle.pdf https://www.imperialviolet.org/2014/10/14/poodle.html https://www.imperialviolet.org/2014/12/08/poodleagain.html RACCOON ? ROCA https://crocs.fi.muni.cz/public/papers/rsa_ccs17 ROBOT https://robotattack.org/ SHAttered https://shattered.io SLOTH https://www.mitls.org/pages/attacks/SLOTH SKIP https://mitls.org/pages/attacks/SMACK SMACK https://mitls.org/pages/attacks/SMACK https://www.smacktls.com/ Sweet32 https://sweet32.info/ https://www.openssl.org/blog/blog/2016/08/24/sweet32/ TIME ? # TS 102 042 : http:// # # http://rsapss.hboeck.de/rsapss-1.0.1.pdf # https://www.bsi.bund.de/DE/Themen/weitereThemen/SINA/sina_node.html # http://datatracker.ietf.org/doc/draft-eastlake-additional-xmlsec-uris/ # Firefox Add-ons # https://calomel.org/firefox_ssl_validation.htm Calomel SSL Validation # https://addons.mozilla.org/de/firefox/addon/cert-viewer-plus/ Cert Viewer Plus # # http://patrol.psyced.org/ Certifiate Patrol # certwatch.simos.info CertWatch #