Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(249)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/test/index.html

Issue 210323002: Update tlslite to 0.4.6. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Executable bit and --similarity=80 Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « third_party/tlslite/test/httpsserver.py ('k') | third_party/tlslite/test/serverCryptoIDChain.xml » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 <html>
2 <head>
3 <title>Trevor Perrin</title>
4 </head>
5 <body>
6 <H1>Trevor Perrin</H1>
7 <b>Email:</b> trevp at trevp.net<br>
8 <b>PGP Key:</b> <a href="pgp/key.asc">8035 47B9 D1F9 C148 619A 7948 D8C0 0F11 2 F2F F9E3</a>
9 <p>I'm a programmer, here are some projects I'm involved in.
10
11 <p>My current interest is cryptographic key management and alternatives to PKI.
12 <p>
13
14 <a name="cryptoID">
15 <H2><a href="cryptoID/">CryptoIDs</a></H2>
16 <b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/c ryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br>
17 <b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoI D2.pdf">.pdf</a>) <i>(the best introduction)</i><br>
18 <b>Schema:</b> XML Schema for &lt;certChain&gt; (<a href="cryptoID/cryptoID.xsd ">.xsd</a>)<br>
19 <b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 ( <a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt" >readme.txt</a>)
20 <p>PKI isn't working for person-to-person communications. Few people use
21 secure email, voice, instant-messaging, or anything else.
22 <p>CryptoIDs are an alternative. The idea is for people to exchange small,
23 user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'.
24 These could be passed around and stored in address books as if they were phone
25 numbers or postal addresses.
26 <p>The cryptoID for each user would correspond to that user's <i>root key</i>.
27 The user would keep his root key in a safe place - his employer or
28 some commercial service might hold it for him. The rootholder would operate
29 an online service which would issue short-lived <i>subkey certificates</i> or <i >validation signatures</i> to the user.
30 <p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribu tion</i> with
31 <i>certificate-based private-key management</i>. The first paper above presents the
32 cryptoID fingerprint and certificate formats, which are designed specifically fo r
33 this. CryptoIDlib lets you test-drive these formats.
34 <p>The second paper presents private-key management protocols for use with onlin e servers.
35 Support for these is being added to cryptoIDlib.
36
37 <a name="tls_lite">
38 <H2><a href="tls_lite/">TLS Lite</a></H2>
39 <b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zi p">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br>
40 <p>
41 TLS Lite is a free python library that implements SSL 3.0 and <a href="http://ww w.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>.
42 TLS Lite supports non-traditional authentication methods such as <a href="http:/ /trevp.net/tls_srp/index.html">SRP</a>,
43 <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">s hared keys</a>,
44 and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure
45 <a href="http://www.python.org">Python</a>, however it can access <a href="http: //www.openssl.org/">OpenSSL</a> or
46 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faste r crypto operations.
47
48 <a name="tlssrp">
49 <H2><a href="tls_srp/">TLS/SRP</a></H2>
50 <b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft -ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.ht ml</a>)
51 <p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password auth entication
52 across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html"> TLS</a> (aka SSL v3.1)
53 is the best way to do channel security. What could go better together?
54 <p>This draft modifies the TLS handshake to use SRP. This combination of
55 password-based mutual authentication and the TLS record layer is
56 ideal for protecting protocols like POP3 and HTTP.
57
58 <a name="dss">
59 <H2>DSS</H2>
60 <b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss -1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-w d-12.doc">.doc</a>)<br>
61 <b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss /oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br>
62 <b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis -dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br>
63 <b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Part ies, and PKI
64 (<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypt o/delegatedCrypto.html">.html</a>)<br>
65 <i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PK I Research Workshop</a>)</i>
66 <p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis- open.org/committees/dss/">Digital Signature Service Technical Committee</a>
67 is designing protocols for signing, verifying, and
68 time-stamping of XML documents and other data. The idea is to perform these
69 operations on servers, thus freeing clients from having to manage private
70 keys, calculate certificate paths, and so on.
71 <p>Also listed is a paper arguing for the server-based approach vs. client-side PKI.
72
73 <a name="cryptoURL">
74 <H2>CryptoURLs</H2>
75 <b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryp toURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-crypt oURL-01.html">.html</a>)<br>
76 <p>
77 CryptoURLs add "crypto metadata" like content hashes and key fingerprints to nor mal URLs.
78 The resulting URLs are <a href="http://zooko.com/distnames.html">self-authentica ting</a>,
79 like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file nam es</a> or
80 <a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Ge nerated Addresses</a>.
81 These could be useful in:
82 <dir>
83 <LI>web pages:
84 <dir>
85 <LI>a page could link to software binaries and include their hash
86 <LI>a portal could provide secure introductions to a community of sites
87 </dir>
88 <LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/ ">XML-DSIG</a> over external references)
89 <LI>protocols (e.g. HTTP Redirects or LDAP Referrals)
90 <LI>software configuration (you could configure a client with the address and fi ngerprint of a server in one step)
91 </dir>
92 <a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to se lf-authenticating URLs.
93
94 <a name="cryptlibConverter">
95 <H2><a href="cryptlibConverter/">CryptlibConverter</a></H2>
96 <b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibCon verter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a >)
97 <p>This is a python script that generates java, python, and C# wrappers for
98 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set o f wrappers for
99 cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.
100 <br>
101 <a name="cryptoID">
102 <H2><a href="cryptoID/">CryptoIDs</a></H2>
103 <b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/c ryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br>
104 <b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoI D2.pdf">.pdf</a>) <i>(the best introduction)</i><br>
105 <b>Schema:</b> XML Schema for &lt;certChain&gt; (<a href="cryptoID/cryptoID.xsd ">.xsd</a>)<br>
106 <b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 ( <a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt" >readme.txt</a>)
107 <p>PKI isn't working for person-to-person communications. Few people use
108 secure email, voice, instant-messaging, or anything else.
109 <p>CryptoIDs are an alternative. The idea is for people to exchange small,
110 user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'.
111 These could be passed around and stored in address books as if they were phone
112 numbers or postal addresses.
113 <p>The cryptoID for each user would correspond to that user's <i>root key</i>.
114 The user would keep his root key in a safe place - his employer or
115 some commercial service might hold it for him. The rootholder would operate
116 an online service which would issue short-lived <i>subkey certificates</i> or <i >validation signatures</i> to the user.
117 <p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribu tion</i> with
118 <i>certificate-based private-key management</i>. The first paper above presents the
119 cryptoID fingerprint and certificate formats, which are designed specifically fo r
120 this. CryptoIDlib lets you test-drive these formats.
121 <p>The second paper presents private-key management protocols for use with onlin e servers.
122 Support for these is being added to cryptoIDlib.
123
124 <a name="tls_lite">
125 <H2><a href="tls_lite/">TLS Lite</a></H2>
126 <b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zi p">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br>
127 <p>
128 TLS Lite is a free python library that implements SSL 3.0 and <a href="http://ww w.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>.
129 TLS Lite supports non-traditional authentication methods such as <a href="http:/ /trevp.net/tls_srp/index.html">SRP</a>,
130 <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">s hared keys</a>,
131 and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure
132 <a href="http://www.python.org">Python</a>, however it can access <a href="http: //www.openssl.org/">OpenSSL</a> or
133 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faste r crypto operations.
134
135 <a name="tlssrp">
136 <H2><a href="tls_srp/">TLS/SRP</a></H2>
137 <b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft -ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.ht ml</a>)
138 <p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password auth entication
139 across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html"> TLS</a> (aka SSL v3.1)
140 is the best way to do channel security. What could go better together?
141 <p>This draft modifies the TLS handshake to use SRP. This combination of
142 password-based mutual authentication and the TLS record layer is
143 ideal for protecting protocols like POP3 and HTTP.
144
145 <a name="dss">
146 <H2>DSS</H2>
147 <b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss -1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-w d-12.doc">.doc</a>)<br>
148 <b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss /oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br>
149 <b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis -dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br>
150 <b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Part ies, and PKI
151 (<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypt o/delegatedCrypto.html">.html</a>)<br>
152 <i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PK I Research Workshop</a>)</i>
153 <p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis- open.org/committees/dss/">Digital Signature Service Technical Committee</a>
154 is designing protocols for signing, verifying, and
155 time-stamping of XML documents and other data. The idea is to perform these
156 operations on servers, thus freeing clients from having to manage private
157 keys, calculate certificate paths, and so on.
158 <p>Also listed is a paper arguing for the server-based approach vs. client-side PKI.
159
160 <a name="cryptoURL">
161 <H2>CryptoURLs</H2>
162 <b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryp toURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-crypt oURL-01.html">.html</a>)<br>
163 <p>
164 CryptoURLs add "crypto metadata" like content hashes and key fingerprints to nor mal URLs.
165 The resulting URLs are <a href="http://zooko.com/distnames.html">self-authentica ting</a>,
166 like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file nam es</a> or
167 <a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Ge nerated Addresses</a>.
168 These could be useful in:
169 <dir>
170 <LI>web pages:
171 <dir>
172 <LI>a page could link to software binaries and include their hash
173 <LI>a portal could provide secure introductions to a community of sites
174 </dir>
175 <LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/ ">XML-DSIG</a> over external references)
176 <LI>protocols (e.g. HTTP Redirects or LDAP Referrals)
177 <LI>software configuration (you could configure a client with the address and fi ngerprint of a server in one step)
178 </dir>
179 <a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to se lf-authenticating URLs.
180
181 <a name="cryptlibConverter">
182 <H2><a href="cryptlibConverter/">CryptlibConverter</a></H2>
183 <b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibCon verter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a >)
184 <p>This is a python script that generates java, python, and C# wrappers for
185 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set o f wrappers for
186 cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.
187 <br>
188 <a name="cryptoID">
189 <H2><a href="cryptoID/">CryptoIDs</a></H2>
190 <b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/c ryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br>
191 <b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoI D2.pdf">.pdf</a>) <i>(the best introduction)</i><br>
192 <b>Schema:</b> XML Schema for &lt;certChain&gt; (<a href="cryptoID/cryptoID.xsd ">.xsd</a>)<br>
193 <b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 ( <a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt" >readme.txt</a>)
194 <p>PKI isn't working for person-to-person communications. Few people use
195 secure email, voice, instant-messaging, or anything else.
196 <p>CryptoIDs are an alternative. The idea is for people to exchange small,
197 user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'.
198 These could be passed around and stored in address books as if they were phone
199 numbers or postal addresses.
200 <p>The cryptoID for each user would correspond to that user's <i>root key</i>.
201 The user would keep his root key in a safe place - his employer or
202 some commercial service might hold it for him. The rootholder would operate
203 an online service which would issue short-lived <i>subkey certificates</i> or <i >validation signatures</i> to the user.
204 <p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribu tion</i> with
205 <i>certificate-based private-key management</i>. The first paper above presents the
206 cryptoID fingerprint and certificate formats, which are designed specifically fo r
207 this. CryptoIDlib lets you test-drive these formats.
208 <p>The second paper presents private-key management protocols for use with onlin e servers.
209 Support for these is being added to cryptoIDlib.
210
211 <a name="tls_lite">
212 <H2><a href="tls_lite/">TLS Lite</a></H2>
213 <b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zi p">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br>
214 <p>
215 TLS Lite is a free python library that implements SSL 3.0 and <a href="http://ww w.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>.
216 TLS Lite supports non-traditional authentication methods such as <a href="http:/ /trevp.net/tls_srp/index.html">SRP</a>,
217 <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">s hared keys</a>,
218 and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure
219 <a href="http://www.python.org">Python</a>, however it can access <a href="http: //www.openssl.org/">OpenSSL</a> or
220 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faste r crypto operations.
221
222 <a name="tlssrp">
223 <H2><a href="tls_srp/">TLS/SRP</a></H2>
224 <b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft -ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.ht ml</a>)
225 <p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password auth entication
226 across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html"> TLS</a> (aka SSL v3.1)
227 is the best way to do channel security. What could go better together?
228 <p>This draft modifies the TLS handshake to use SRP. This combination of
229 password-based mutual authentication and the TLS record layer is
230 ideal for protecting protocols like POP3 and HTTP.
231
232 <a name="dss">
233 <H2>DSS</H2>
234 <b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss -1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-w d-12.doc">.doc</a>)<br>
235 <b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss /oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br>
236 <b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis -dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br>
237 <b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Part ies, and PKI
238 (<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypt o/delegatedCrypto.html">.html</a>)<br>
239 <i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PK I Research Workshop</a>)</i>
240 <p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis- open.org/committees/dss/">Digital Signature Service Technical Committee</a>
241 is designing protocols for signing, verifying, and
242 time-stamping of XML documents and other data. The idea is to perform these
243 operations on servers, thus freeing clients from having to manage private
244 keys, calculate certificate paths, and so on.
245 <p>Also listed is a paper arguing for the server-based approach vs. client-side PKI.
246
247 <a name="cryptoURL">
248 <H2>CryptoURLs</H2>
249 <b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryp toURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-crypt oURL-01.html">.html</a>)<br>
250 <p>
251 CryptoURLs add "crypto metadata" like content hashes and key fingerprints to nor mal URLs.
252 The resulting URLs are <a href="http://zooko.com/distnames.html">self-authentica ting</a>,
253 like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file nam es</a> or
254 <a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Ge nerated Addresses</a>.
255 These could be useful in:
256 <dir>
257 <LI>web pages:
258 <dir>
259 <LI>a page could link to software binaries and include their hash
260 <LI>a portal could provide secure introductions to a community of sites
261 </dir>
262 <LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/ ">XML-DSIG</a> over external references)
263 <LI>protocols (e.g. HTTP Redirects or LDAP Referrals)
264 <LI>software configuration (you could configure a client with the address and fi ngerprint of a server in one step)
265 </dir>
266 <a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to se lf-authenticating URLs.
267
268 <a name="cryptlibConverter">
269 <H2><a href="cryptlibConverter/">CryptlibConverter</a></H2>
270 <b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibCon verter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a >)
271 <p>This is a python script that generates java, python, and C# wrappers for
272 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set o f wrappers for
273 cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.
274 <br>
275 <a name="cryptoID">
276 <H2><a href="cryptoID/">CryptoIDs</a></H2>
277 <b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/c ryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br>
278 <b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoI D2.pdf">.pdf</a>) <i>(the best introduction)</i><br>
279 <b>Schema:</b> XML Schema for &lt;certChain&gt; (<a href="cryptoID/cryptoID.xsd ">.xsd</a>)<br>
280 <b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 ( <a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt" >readme.txt</a>)
281 <p>PKI isn't working for person-to-person communications. Few people use
282 secure email, voice, instant-messaging, or anything else.
283 <p>CryptoIDs are an alternative. The idea is for people to exchange small,
284 user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'.
285 These could be passed around and stored in address books as if they were phone
286 numbers or postal addresses.
287 <p>The cryptoID for each user would correspond to that user's <i>root key</i>.
288 The user would keep his root key in a safe place - his employer or
289 some commercial service might hold it for him. The rootholder would operate
290 an online service which would issue short-lived <i>subkey certificates</i> or <i >validation signatures</i> to the user.
291 <p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribu tion</i> with
292 <i>certificate-based private-key management</i>. The first paper above presents the
293 cryptoID fingerprint and certificate formats, which are designed specifically fo r
294 this. CryptoIDlib lets you test-drive these formats.
295 <p>The second paper presents private-key management protocols for use with onlin e servers.
296 Support for these is being added to cryptoIDlib.
297
298 <a name="tls_lite">
299 <H2><a href="tls_lite/">TLS Lite</a></H2>
300 <b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zi p">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br>
301 <p>
302 TLS Lite is a free python library that implements SSL 3.0 and <a href="http://ww w.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>.
303 TLS Lite supports non-traditional authentication methods such as <a href="http:/ /trevp.net/tls_srp/index.html">SRP</a>,
304 <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">s hared keys</a>,
305 and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure
306 <a href="http://www.python.org">Python</a>, however it can access <a href="http: //www.openssl.org/">OpenSSL</a> or
307 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faste r crypto operations.
308
309 <a name="tlssrp">
310 <H2><a href="tls_srp/">TLS/SRP</a></H2>
311 <b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft -ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.ht ml</a>)
312 <p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password auth entication
313 across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html"> TLS</a> (aka SSL v3.1)
314 is the best way to do channel security. What could go better together?
315 <p>This draft modifies the TLS handshake to use SRP. This combination of
316 password-based mutual authentication and the TLS record layer is
317 ideal for protecting protocols like POP3 and HTTP.
318
319 <a name="dss">
320 <H2>DSS</H2>
321 <b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss -1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-w d-12.doc">.doc</a>)<br>
322 <b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss /oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br>
323 <b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis -dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br>
324 <b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Part ies, and PKI
325 (<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypt o/delegatedCrypto.html">.html</a>)<br>
326 <i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PK I Research Workshop</a>)</i>
327 <p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis- open.org/committees/dss/">Digital Signature Service Technical Committee</a>
328 is designing protocols for signing, verifying, and
329 time-stamping of XML documents and other data. The idea is to perform these
330 operations on servers, thus freeing clients from having to manage private
331 keys, calculate certificate paths, and so on.
332 <p>Also listed is a paper arguing for the server-based approach vs. client-side PKI.
333
334 <a name="cryptoURL">
335 <H2>CryptoURLs</H2>
336 <b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryp toURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-crypt oURL-01.html">.html</a>)<br>
337 <p>
338 CryptoURLs add "crypto metadata" like content hashes and key fingerprints to nor mal URLs.
339 The resulting URLs are <a href="http://zooko.com/distnames.html">self-authentica ting</a>,
340 like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file nam es</a> or
341 <a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Ge nerated Addresses</a>.
342 These could be useful in:
343 <dir>
344 <LI>web pages:
345 <dir>
346 <LI>a page could link to software binaries and include their hash
347 <LI>a portal could provide secure introductions to a community of sites
348 </dir>
349 <LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/ ">XML-DSIG</a> over external references)
350 <LI>protocols (e.g. HTTP Redirects or LDAP Referrals)
351 <LI>software configuration (you could configure a client with the address and fi ngerprint of a server in one step)
352 </dir>
353 <a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to se lf-authenticating URLs.
354
355 <a name="cryptlibConverter">
356 <H2><a href="cryptlibConverter/">CryptlibConverter</a></H2>
357 <b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibCon verter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a >)
358 <p>This is a python script that generates java, python, and C# wrappers for
359 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set o f wrappers for
360 cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.
361 <br>
362 <a name="cryptoID">
363 <H2><a href="cryptoID/">CryptoIDs</a></H2>
364 <b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/c ryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br>
365 <b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoI D2.pdf">.pdf</a>) <i>(the best introduction)</i><br>
366 <b>Schema:</b> XML Schema for &lt;certChain&gt; (<a href="cryptoID/cryptoID.xsd ">.xsd</a>)<br>
367 <b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 ( <a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt" >readme.txt</a>)
368 <p>PKI isn't working for person-to-person communications. Few people use
369 secure email, voice, instant-messaging, or anything else.
370 <p>CryptoIDs are an alternative. The idea is for people to exchange small,
371 user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'.
372 These could be passed around and stored in address books as if they were phone
373 numbers or postal addresses.
374 <p>The cryptoID for each user would correspond to that user's <i>root key</i>.
375 The user would keep his root key in a safe place - his employer or
376 some commercial service might hold it for him. The rootholder would operate
377 an online service which would issue short-lived <i>subkey certificates</i> or <i >validation signatures</i> to the user.
378 <p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribu tion</i> with
379 <i>certificate-based private-key management</i>. The first paper above presents the
380 cryptoID fingerprint and certificate formats, which are designed specifically fo r
381 this. CryptoIDlib lets you test-drive these formats.
382 <p>The second paper presents private-key management protocols for use with onlin e servers.
383 Support for these is being added to cryptoIDlib.
384
385 <a name="tls_lite">
386 <H2><a href="tls_lite/">TLS Lite</a></H2>
387 <b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zi p">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br>
388 <p>
389 TLS Lite is a free python library that implements SSL 3.0 and <a href="http://ww w.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>.
390 TLS Lite supports non-traditional authentication methods such as <a href="http:/ /trevp.net/tls_srp/index.html">SRP</a>,
391 <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">s hared keys</a>,
392 and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure
393 <a href="http://www.python.org">Python</a>, however it can access <a href="http: //www.openssl.org/">OpenSSL</a> or
394 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faste r crypto operations.
395
396 <a name="tlssrp">
397 <H2><a href="tls_srp/">TLS/SRP</a></H2>
398 <b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft -ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.ht ml</a>)
399 <p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password auth entication
400 across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html"> TLS</a> (aka SSL v3.1)
401 is the best way to do channel security. What could go better together?
402 <p>This draft modifies the TLS handshake to use SRP. This combination of
403 password-based mutual authentication and the TLS record layer is
404 ideal for protecting protocols like POP3 and HTTP.
405
406 <a name="dss">
407 <H2>DSS</H2>
408 <b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss -1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-w d-12.doc">.doc</a>)<br>
409 <b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss /oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br>
410 <b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis -dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br>
411 <b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Part ies, and PKI
412 (<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypt o/delegatedCrypto.html">.html</a>)<br>
413 <i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PK I Research Workshop</a>)</i>
414 <p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis- open.org/committees/dss/">Digital Signature Service Technical Committee</a>
415 is designing protocols for signing, verifying, and
416 time-stamping of XML documents and other data. The idea is to perform these
417 operations on servers, thus freeing clients from having to manage private
418 keys, calculate certificate paths, and so on.
419 <p>Also listed is a paper arguing for the server-based approach vs. client-side PKI.
420
421 <a name="cryptoURL">
422 <H2>CryptoURLs</H2>
423 <b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryp toURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-crypt oURL-01.html">.html</a>)<br>
424 <p>
425 CryptoURLs add "crypto metadata" like content hashes and key fingerprints to nor mal URLs.
426 The resulting URLs are <a href="http://zooko.com/distnames.html">self-authentica ting</a>,
427 like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file nam es</a> or
428 <a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Ge nerated Addresses</a>.
429 These could be useful in:
430 <dir>
431 <LI>web pages:
432 <dir>
433 <LI>a page could link to software binaries and include their hash
434 <LI>a portal could provide secure introductions to a community of sites
435 </dir>
436 <LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/ ">XML-DSIG</a> over external references)
437 <LI>protocols (e.g. HTTP Redirects or LDAP Referrals)
438 <LI>software configuration (you could configure a client with the address and fi ngerprint of a server in one step)
439 </dir>
440 <a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to se lf-authenticating URLs.
441
442 <a name="cryptlibConverter">
443 <H2><a href="cryptlibConverter/">CryptlibConverter</a></H2>
444 <b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibCon verter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a >)
445 <p>This is a python script that generates java, python, and C# wrappers for
446 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set o f wrappers for
447 cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.
448 <br>
449 <a name="cryptoID">
450 <H2><a href="cryptoID/">CryptoIDs</a></H2>
451 <b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/c ryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br>
452 <b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoI D2.pdf">.pdf</a>) <i>(the best introduction)</i><br>
453 <b>Schema:</b> XML Schema for &lt;certChain&gt; (<a href="cryptoID/cryptoID.xsd ">.xsd</a>)<br>
454 <b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 ( <a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt" >readme.txt</a>)
455 <p>PKI isn't working for person-to-person communications. Few people use
456 secure email, voice, instant-messaging, or anything else.
457 <p>CryptoIDs are an alternative. The idea is for people to exchange small,
458 user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'.
459 These could be passed around and stored in address books as if they were phone
460 numbers or postal addresses.
461 <p>The cryptoID for each user would correspond to that user's <i>root key</i>.
462 The user would keep his root key in a safe place - his employer or
463 some commercial service might hold it for him. The rootholder would operate
464 an online service which would issue short-lived <i>subkey certificates</i> or <i >validation signatures</i> to the user.
465 <p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribu tion</i> with
466 <i>certificate-based private-key management</i>. The first paper above presents the
467 cryptoID fingerprint and certificate formats, which are designed specifically fo r
468 this. CryptoIDlib lets you test-drive these formats.
469 <p>The second paper presents private-key management protocols for use with onlin e servers.
470 Support for these is being added to cryptoIDlib.
471
472 <a name="tls_lite">
473 <H2><a href="tls_lite/">TLS Lite</a></H2>
474 <b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zi p">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br>
475 <p>
476 TLS Lite is a free python library that implements SSL 3.0 and <a href="http://ww w.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>.
477 TLS Lite supports non-traditional authentication methods such as <a href="http:/ /trevp.net/tls_srp/index.html">SRP</a>,
478 <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">s hared keys</a>,
479 and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure
480 <a href="http://www.python.org">Python</a>, however it can access <a href="http: //www.openssl.org/">OpenSSL</a> or
481 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faste r crypto operations.
482
483 <a name="tlssrp">
484 <H2><a href="tls_srp/">TLS/SRP</a></H2>
485 <b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft -ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.ht ml</a>)
486 <p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password auth entication
487 across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html"> TLS</a> (aka SSL v3.1)
488 is the best way to do channel security. What could go better together?
489 <p>This draft modifies the TLS handshake to use SRP. This combination of
490 password-based mutual authentication and the TLS record layer is
491 ideal for protecting protocols like POP3 and HTTP.
492
493 <a name="dss">
494 <H2>DSS</H2>
495 <b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss -1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-w d-12.doc">.doc</a>)<br>
496 <b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss /oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br>
497 <b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis -dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br>
498 <b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Part ies, and PKI
499 (<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypt o/delegatedCrypto.html">.html</a>)<br>
500 <i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PK I Research Workshop</a>)</i>
501 <p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis- open.org/committees/dss/">Digital Signature Service Technical Committee</a>
502 is designing protocols for signing, verifying, and
503 time-stamping of XML documents and other data. The idea is to perform these
504 operations on servers, thus freeing clients from having to manage private
505 keys, calculate certificate paths, and so on.
506 <p>Also listed is a paper arguing for the server-based approach vs. client-side PKI.
507
508 <a name="cryptoURL">
509 <H2>CryptoURLs</H2>
510 <b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryp toURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-crypt oURL-01.html">.html</a>)<br>
511 <p>
512 CryptoURLs add "crypto metadata" like content hashes and key fingerprints to nor mal URLs.
513 The resulting URLs are <a href="http://zooko.com/distnames.html">self-authentica ting</a>,
514 like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file nam es</a> or
515 <a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Ge nerated Addresses</a>.
516 These could be useful in:
517 <dir>
518 <LI>web pages:
519 <dir>
520 <LI>a page could link to software binaries and include their hash
521 <LI>a portal could provide secure introductions to a community of sites
522 </dir>
523 <LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/ ">XML-DSIG</a> over external references)
524 <LI>protocols (e.g. HTTP Redirects or LDAP Referrals)
525 <LI>software configuration (you could configure a client with the address and fi ngerprint of a server in one step)
526 </dir>
527 <a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to se lf-authenticating URLs.
528
529 <a name="cryptlibConverter">
530 <H2><a href="cryptlibConverter/">CryptlibConverter</a></H2>
531 <b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibCon verter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a >)
532 <p>This is a python script that generates java, python, and C# wrappers for
533 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set o f wrappers for
534 cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.
535 <br>
536 <a name="cryptoID">
537 <H2><a href="cryptoID/">CryptoIDs</a></H2>
538 <b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/c ryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br>
539 <b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoI D2.pdf">.pdf</a>) <i>(the best introduction)</i><br>
540 <b>Schema:</b> XML Schema for &lt;certChain&gt; (<a href="cryptoID/cryptoID.xsd ">.xsd</a>)<br>
541 <b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 ( <a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt" >readme.txt</a>)
542 <p>PKI isn't working for person-to-person communications. Few people use
543 secure email, voice, instant-messaging, or anything else.
544 <p>CryptoIDs are an alternative. The idea is for people to exchange small,
545 user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'.
546 These could be passed around and stored in address books as if they were phone
547 numbers or postal addresses.
548 <p>The cryptoID for each user would correspond to that user's <i>root key</i>.
549 The user would keep his root key in a safe place - his employer or
550 some commercial service might hold it for him. The rootholder would operate
551 an online service which would issue short-lived <i>subkey certificates</i> or <i >validation signatures</i> to the user.
552 <p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribu tion</i> with
553 <i>certificate-based private-key management</i>. The first paper above presents the
554 cryptoID fingerprint and certificate formats, which are designed specifically fo r
555 this. CryptoIDlib lets you test-drive these formats.
556 <p>The second paper presents private-key management protocols for use with onlin e servers.
557 Support for these is being added to cryptoIDlib.
558
559 <a name="tls_lite">
560 <H2><a href="tls_lite/">TLS Lite</a></H2>
561 <b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zi p">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br>
562 <p>
563 TLS Lite is a free python library that implements SSL 3.0 and <a href="http://ww w.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>.
564 TLS Lite supports non-traditional authentication methods such as <a href="http:/ /trevp.net/tls_srp/index.html">SRP</a>,
565 <a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">s hared keys</a>,
566 and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure
567 <a href="http://www.python.org">Python</a>, however it can access <a href="http: //www.openssl.org/">OpenSSL</a> or
568 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faste r crypto operations.
569
570 <a name="tlssrp">
571 <H2><a href="tls_srp/">TLS/SRP</a></H2>
572 <b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft -ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.ht ml</a>)
573 <p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password auth entication
574 across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html"> TLS</a> (aka SSL v3.1)
575 is the best way to do channel security. What could go better together?
576 <p>This draft modifies the TLS handshake to use SRP. This combination of
577 password-based mutual authentication and the TLS record layer is
578 ideal for protecting protocols like POP3 and HTTP.
579
580 <a name="dss">
581 <H2>DSS</H2>
582 <b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss -1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-w d-12.doc">.doc</a>)<br>
583 <b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss /oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br>
584 <b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis -dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br>
585 <b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Part ies, and PKI
586 (<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypt o/delegatedCrypto.html">.html</a>)<br>
587 <i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PK I Research Workshop</a>)</i>
588 <p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis- open.org/committees/dss/">Digital Signature Service Technical Committee</a>
589 is designing protocols for signing, verifying, and
590 time-stamping of XML documents and other data. The idea is to perform these
591 operations on servers, thus freeing clients from having to manage private
592 keys, calculate certificate paths, and so on.
593 <p>Also listed is a paper arguing for the server-based approach vs. client-side PKI.
594
595 <a name="cryptoURL">
596 <H2>CryptoURLs</H2>
597 <b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryp toURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-crypt oURL-01.html">.html</a>)<br>
598 <p>
599 CryptoURLs add "crypto metadata" like content hashes and key fingerprints to nor mal URLs.
600 The resulting URLs are <a href="http://zooko.com/distnames.html">self-authentica ting</a>,
601 like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file nam es</a> or
602 <a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Ge nerated Addresses</a>.
603 These could be useful in:
604 <dir>
605 <LI>web pages:
606 <dir>
607 <LI>a page could link to software binaries and include their hash
608 <LI>a portal could provide secure introductions to a community of sites
609 </dir>
610 <LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/ ">XML-DSIG</a> over external references)
611 <LI>protocols (e.g. HTTP Redirects or LDAP Referrals)
612 <LI>software configuration (you could configure a client with the address and fi ngerprint of a server in one step)
613 </dir>
614 <a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to se lf-authenticating URLs.
615
616 <a name="cryptlibConverter">
617 <H2><a href="cryptlibConverter/">CryptlibConverter</a></H2>
618 <b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibCon verter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a >)
619 <p>This is a python script that generates java, python, and C# wrappers for
620 <a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set o f wrappers for
621 cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution.
622 <br>
623 <a name="cryptoID">
624 <H2><a href="cryptoID/">CryptoIDs</a></H2>
625 <b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/c ryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br>
626 <b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoI D2.pdf">.pdf</a>) <i>(the best introduction)</i><br>
627 <b>Schema:</b> XML Schema for &lt;certChain&gt; (<a href="cryptoID/cryptoID.xsd ">.xsd</a>)<br>
628 <b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 ( <a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt" >readme.txt</a>)
629 <p>PKI isn't working for person-to-person communications. Few people use
630 secure email, voice, instant-messaging, or anything else.
631 <p>CryptoIDs are an alternative. The idea is for people to exchange small,
632 user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'.
633 These could be passed around and stored in address books as if they were phone
634 numbers or postal addresses.
635 <p>The cryptoID for each user would correspond to that user's <i>root key</i>.
636 The user would keep his root key in a safe place - his employer or
637 some commercial service might hold it for him. The rootholder would operate
638 an online service which would issue short-lived <i>subkey certificates</i> or <i >validation signatures</i> to the user.
639 <p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribu tion</i> with
640 <i>certificate-based private-key management</i>. The first paper above presents the
641 cryptoID fingerprint and certificate formats, which are designed specifically fo r
642 this. CryptoIDlib lets you test-drive these formats.
643 <p>The second paper presents private-key management protocols for use with onlin e servers.
644 Support for these is being added to cryptoIDlib.
645
646 <br>
647 <br>
648 </body>
649 </html>
OLDNEW
« no previous file with comments | « third_party/tlslite/test/httpsserver.py ('k') | third_party/tlslite/test/serverCryptoIDChain.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698