Server Authentication on the Past, Present, and Future Internet

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

[1]  Erik Wilde,et al.  Problem Details for HTTP APIs , 2016, RFC.

[2]  Desney S. Tan,et al.  An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks , 2007, Financial Cryptography.

[3]  Arjen K. Lenstra,et al.  Ron was wrong, Whit is right , 2012, IACR Cryptol. ePrint Arch..

[4]  Robin Sommer,et al.  Extracting Certificates from Live Traffic : A Near Real Time SSL Notary Service , 2012 .

[5]  Chris Palmer,et al.  Public Key Pinning Extension for HTTP , 2015, RFC.

[6]  Kori Inkpen Quinn,et al.  Gathering evidence: use of visual security cues in web browsers , 2005, Graphics Interface.

[7]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[8]  Yinglian Xie,et al.  Web PKI: Closing the Gap between Guidelines and Practices , 2014, NDSS.

[9]  J. Doug Tygar,et al.  Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks , 2005, HIP.

[10]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[11]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[12]  Nadia Heninger,et al.  Factoring as a Service , 2016, Financial Cryptography.

[13]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[14]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[15]  Adrienne Porter Felt,et al.  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[16]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[17]  J. Alex Halderman,et al.  Neither Snow Nor Rain Nor MITM...: An Empirical Analysis of Email Delivery Security , 2015, Internet Measurement Conference.

[18]  Eric Wustrow,et al.  Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices , 2012, USENIX Security Symposium.

[19]  Angelos D. Keromytis,et al.  DoubleCheck: Multi-path verification against man-in-the-middle attacks , 2009, 2009 IEEE Symposium on Computers and Communications.

[20]  Kenneth G. Paterson,et al.  Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.

[21]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[22]  David Dagon,et al.  Use of Bit 0x20 in DNS Labels to Improve Transaction Identity , 2008 .

[23]  Donald E. Eastlake,et al.  Transport Layer Security (TLS) Extensions: Extension Definitions , 2011, RFC.

[24]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[25]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 1999, RFC.

[26]  Michael Tüxen,et al.  Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension , 2012, RFC.

[27]  Robin Sommer,et al.  Here's my cert, so trust me, maybe?: understanding TLS errors on the web , 2013, WWW.

[28]  Arjen K. Lenstra,et al.  Factorization of a 768-Bit RSA Modulus , 2010, CRYPTO.

[29]  Sid Stamm,et al.  Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper) , 2011, Financial Cryptography.

[30]  Eric Wustrow,et al.  CAge: Taming Certificate Authorities by Inferring Restricted Scopes , 2013, Financial Cryptography.

[31]  Elaine B. Barker,et al.  Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths , 2011 .

[32]  Hadi Asghari,et al.  Security Economics in the HTTPS Value Chain , 2013 .

[33]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[34]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[35]  John Viega,et al.  Network security using OpenSSL - cryptography for secure communications , 2002 .

[36]  Hovav Shacham,et al.  When private keys are public: results from the 2008 Debian OpenSSL vulnerability , 2009, IMC '09.

[37]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[38]  Georg Carle,et al.  The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements , 2011, IMC '11.