Index: third_party/tlslite/test/index.html |
diff --git a/third_party/tlslite/test/index.html b/third_party/tlslite/test/index.html |
deleted file mode 100644 |
index e7f02cc90daaa65cacc0b44be4cfb65a17d074ed..0000000000000000000000000000000000000000 |
--- a/third_party/tlslite/test/index.html |
+++ /dev/null |
@@ -1,649 +0,0 @@ |
-<html> |
-<head> |
-<title>Trevor Perrin</title> |
-</head> |
-<body> |
-<H1>Trevor Perrin</H1> |
-<b>Email:</b> trevp at trevp.net<br> |
-<b>PGP Key:</b> <a href="pgp/key.asc">8035 47B9 D1F9 C148 619A 7948 D8C0 0F11 2F2F F9E3</a> |
-<p>I'm a programmer, here are some projects I'm involved in. |
- |
-<p>My current interest is cryptographic key management and alternatives to PKI. |
-<p> |
- |
-<a name="cryptoID"> |
-<H2><a href="cryptoID/">CryptoIDs</a></H2> |
-<b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/cryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br> |
-<b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoID2.pdf">.pdf</a>) <i>(the best introduction)</i><br> |
-<b>Schema:</b> XML Schema for <certChain> (<a href="cryptoID/cryptoID.xsd">.xsd</a>)<br> |
-<b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 (<a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt">readme.txt</a>) |
-<p>PKI isn't working for person-to-person communications. Few people use |
-secure email, voice, instant-messaging, or anything else. |
-<p>CryptoIDs are an alternative. The idea is for people to exchange small, |
-user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. |
-These could be passed around and stored in address books as if they were phone |
-numbers or postal addresses. |
-<p>The cryptoID for each user would correspond to that user's <i>root key</i>. |
-The user would keep his root key in a safe place - his employer or |
-some commercial service might hold it for him. The rootholder would operate |
-an online service which would issue short-lived <i>subkey certificates</i> or <i>validation signatures</i> to the user. |
-<p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribution</i> with |
-<i>certificate-based private-key management</i>. The first paper above presents the |
-cryptoID fingerprint and certificate formats, which are designed specifically for |
-this. CryptoIDlib lets you test-drive these formats. |
-<p>The second paper presents private-key management protocols for use with online servers. |
-Support for these is being added to cryptoIDlib. |
- |
-<a name="tls_lite"> |
-<H2><a href="tls_lite/">TLS Lite</a></H2> |
-<b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zip">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br> |
-<p> |
-TLS Lite is a free python library that implements SSL 3.0 and <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>. |
-TLS Lite supports non-traditional authentication methods such as <a href="http://trevp.net/tls_srp/index.html">SRP</a>, |
-<a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">shared keys</a>, |
-and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure |
-<a href="http://www.python.org">Python</a>, however it can access <a href="http://www.openssl.org/">OpenSSL</a> or |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faster crypto operations. |
- |
-<a name="tlssrp"> |
-<H2><a href="tls_srp/">TLS/SRP</a></H2> |
-<b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft-ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.html</a>) |
-<p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password authentication |
-across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html">TLS</a> (aka SSL v3.1) |
-is the best way to do channel security. What could go better together? |
-<p>This draft modifies the TLS handshake to use SRP. This combination of |
-password-based mutual authentication and the TLS record layer is |
-ideal for protecting protocols like POP3 and HTTP. |
- |
-<a name="dss"> |
-<H2>DSS</H2> |
-<b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss-1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-wd-12.doc">.doc</a>)<br> |
-<b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br> |
-<b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis-dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br> |
-<b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Parties, and PKI |
-(<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypto/delegatedCrypto.html">.html</a>)<br> |
-<i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PKI Research Workshop</a>)</i> |
-<p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis-open.org/committees/dss/">Digital Signature Service Technical Committee</a> |
-is designing protocols for signing, verifying, and |
-time-stamping of XML documents and other data. The idea is to perform these |
-operations on servers, thus freeing clients from having to manage private |
-keys, calculate certificate paths, and so on. |
-<p>Also listed is a paper arguing for the server-based approach vs. client-side PKI. |
- |
-<a name="cryptoURL"> |
-<H2>CryptoURLs</H2> |
-<b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryptoURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-cryptoURL-01.html">.html</a>)<br> |
-<p> |
-CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. |
-The resulting URLs are <a href="http://zooko.com/distnames.html">self-authenticating</a>, |
-like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file names</a> or |
-<a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Generated Addresses</a>. |
-These could be useful in: |
-<dir> |
-<LI>web pages: |
- <dir> |
- <LI>a page could link to software binaries and include their hash |
- <LI>a portal could provide secure introductions to a community of sites |
- </dir> |
-<LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/">XML-DSIG</a> over external references) |
-<LI>protocols (e.g. HTTP Redirects or LDAP Referrals) |
-<LI>software configuration (you could configure a client with the address and fingerprint of a server in one step) |
-</dir> |
-<a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to self-authenticating URLs. |
- |
-<a name="cryptlibConverter"> |
-<H2><a href="cryptlibConverter/">CryptlibConverter</a></H2> |
-<b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibConverter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a>) |
-<p>This is a python script that generates java, python, and C# wrappers for |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set of wrappers for |
-cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution. |
-<br> |
-<a name="cryptoID"> |
-<H2><a href="cryptoID/">CryptoIDs</a></H2> |
-<b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/cryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br> |
-<b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoID2.pdf">.pdf</a>) <i>(the best introduction)</i><br> |
-<b>Schema:</b> XML Schema for <certChain> (<a href="cryptoID/cryptoID.xsd">.xsd</a>)<br> |
-<b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 (<a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt">readme.txt</a>) |
-<p>PKI isn't working for person-to-person communications. Few people use |
-secure email, voice, instant-messaging, or anything else. |
-<p>CryptoIDs are an alternative. The idea is for people to exchange small, |
-user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. |
-These could be passed around and stored in address books as if they were phone |
-numbers or postal addresses. |
-<p>The cryptoID for each user would correspond to that user's <i>root key</i>. |
-The user would keep his root key in a safe place - his employer or |
-some commercial service might hold it for him. The rootholder would operate |
-an online service which would issue short-lived <i>subkey certificates</i> or <i>validation signatures</i> to the user. |
-<p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribution</i> with |
-<i>certificate-based private-key management</i>. The first paper above presents the |
-cryptoID fingerprint and certificate formats, which are designed specifically for |
-this. CryptoIDlib lets you test-drive these formats. |
-<p>The second paper presents private-key management protocols for use with online servers. |
-Support for these is being added to cryptoIDlib. |
- |
-<a name="tls_lite"> |
-<H2><a href="tls_lite/">TLS Lite</a></H2> |
-<b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zip">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br> |
-<p> |
-TLS Lite is a free python library that implements SSL 3.0 and <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>. |
-TLS Lite supports non-traditional authentication methods such as <a href="http://trevp.net/tls_srp/index.html">SRP</a>, |
-<a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">shared keys</a>, |
-and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure |
-<a href="http://www.python.org">Python</a>, however it can access <a href="http://www.openssl.org/">OpenSSL</a> or |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faster crypto operations. |
- |
-<a name="tlssrp"> |
-<H2><a href="tls_srp/">TLS/SRP</a></H2> |
-<b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft-ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.html</a>) |
-<p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password authentication |
-across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html">TLS</a> (aka SSL v3.1) |
-is the best way to do channel security. What could go better together? |
-<p>This draft modifies the TLS handshake to use SRP. This combination of |
-password-based mutual authentication and the TLS record layer is |
-ideal for protecting protocols like POP3 and HTTP. |
- |
-<a name="dss"> |
-<H2>DSS</H2> |
-<b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss-1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-wd-12.doc">.doc</a>)<br> |
-<b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br> |
-<b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis-dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br> |
-<b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Parties, and PKI |
-(<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypto/delegatedCrypto.html">.html</a>)<br> |
-<i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PKI Research Workshop</a>)</i> |
-<p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis-open.org/committees/dss/">Digital Signature Service Technical Committee</a> |
-is designing protocols for signing, verifying, and |
-time-stamping of XML documents and other data. The idea is to perform these |
-operations on servers, thus freeing clients from having to manage private |
-keys, calculate certificate paths, and so on. |
-<p>Also listed is a paper arguing for the server-based approach vs. client-side PKI. |
- |
-<a name="cryptoURL"> |
-<H2>CryptoURLs</H2> |
-<b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryptoURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-cryptoURL-01.html">.html</a>)<br> |
-<p> |
-CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. |
-The resulting URLs are <a href="http://zooko.com/distnames.html">self-authenticating</a>, |
-like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file names</a> or |
-<a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Generated Addresses</a>. |
-These could be useful in: |
-<dir> |
-<LI>web pages: |
- <dir> |
- <LI>a page could link to software binaries and include their hash |
- <LI>a portal could provide secure introductions to a community of sites |
- </dir> |
-<LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/">XML-DSIG</a> over external references) |
-<LI>protocols (e.g. HTTP Redirects or LDAP Referrals) |
-<LI>software configuration (you could configure a client with the address and fingerprint of a server in one step) |
-</dir> |
-<a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to self-authenticating URLs. |
- |
-<a name="cryptlibConverter"> |
-<H2><a href="cryptlibConverter/">CryptlibConverter</a></H2> |
-<b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibConverter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a>) |
-<p>This is a python script that generates java, python, and C# wrappers for |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set of wrappers for |
-cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution. |
-<br> |
-<a name="cryptoID"> |
-<H2><a href="cryptoID/">CryptoIDs</a></H2> |
-<b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/cryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br> |
-<b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoID2.pdf">.pdf</a>) <i>(the best introduction)</i><br> |
-<b>Schema:</b> XML Schema for <certChain> (<a href="cryptoID/cryptoID.xsd">.xsd</a>)<br> |
-<b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 (<a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt">readme.txt</a>) |
-<p>PKI isn't working for person-to-person communications. Few people use |
-secure email, voice, instant-messaging, or anything else. |
-<p>CryptoIDs are an alternative. The idea is for people to exchange small, |
-user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. |
-These could be passed around and stored in address books as if they were phone |
-numbers or postal addresses. |
-<p>The cryptoID for each user would correspond to that user's <i>root key</i>. |
-The user would keep his root key in a safe place - his employer or |
-some commercial service might hold it for him. The rootholder would operate |
-an online service which would issue short-lived <i>subkey certificates</i> or <i>validation signatures</i> to the user. |
-<p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribution</i> with |
-<i>certificate-based private-key management</i>. The first paper above presents the |
-cryptoID fingerprint and certificate formats, which are designed specifically for |
-this. CryptoIDlib lets you test-drive these formats. |
-<p>The second paper presents private-key management protocols for use with online servers. |
-Support for these is being added to cryptoIDlib. |
- |
-<a name="tls_lite"> |
-<H2><a href="tls_lite/">TLS Lite</a></H2> |
-<b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zip">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br> |
-<p> |
-TLS Lite is a free python library that implements SSL 3.0 and <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>. |
-TLS Lite supports non-traditional authentication methods such as <a href="http://trevp.net/tls_srp/index.html">SRP</a>, |
-<a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">shared keys</a>, |
-and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure |
-<a href="http://www.python.org">Python</a>, however it can access <a href="http://www.openssl.org/">OpenSSL</a> or |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faster crypto operations. |
- |
-<a name="tlssrp"> |
-<H2><a href="tls_srp/">TLS/SRP</a></H2> |
-<b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft-ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.html</a>) |
-<p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password authentication |
-across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html">TLS</a> (aka SSL v3.1) |
-is the best way to do channel security. What could go better together? |
-<p>This draft modifies the TLS handshake to use SRP. This combination of |
-password-based mutual authentication and the TLS record layer is |
-ideal for protecting protocols like POP3 and HTTP. |
- |
-<a name="dss"> |
-<H2>DSS</H2> |
-<b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss-1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-wd-12.doc">.doc</a>)<br> |
-<b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br> |
-<b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis-dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br> |
-<b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Parties, and PKI |
-(<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypto/delegatedCrypto.html">.html</a>)<br> |
-<i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PKI Research Workshop</a>)</i> |
-<p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis-open.org/committees/dss/">Digital Signature Service Technical Committee</a> |
-is designing protocols for signing, verifying, and |
-time-stamping of XML documents and other data. The idea is to perform these |
-operations on servers, thus freeing clients from having to manage private |
-keys, calculate certificate paths, and so on. |
-<p>Also listed is a paper arguing for the server-based approach vs. client-side PKI. |
- |
-<a name="cryptoURL"> |
-<H2>CryptoURLs</H2> |
-<b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryptoURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-cryptoURL-01.html">.html</a>)<br> |
-<p> |
-CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. |
-The resulting URLs are <a href="http://zooko.com/distnames.html">self-authenticating</a>, |
-like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file names</a> or |
-<a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Generated Addresses</a>. |
-These could be useful in: |
-<dir> |
-<LI>web pages: |
- <dir> |
- <LI>a page could link to software binaries and include their hash |
- <LI>a portal could provide secure introductions to a community of sites |
- </dir> |
-<LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/">XML-DSIG</a> over external references) |
-<LI>protocols (e.g. HTTP Redirects or LDAP Referrals) |
-<LI>software configuration (you could configure a client with the address and fingerprint of a server in one step) |
-</dir> |
-<a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to self-authenticating URLs. |
- |
-<a name="cryptlibConverter"> |
-<H2><a href="cryptlibConverter/">CryptlibConverter</a></H2> |
-<b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibConverter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a>) |
-<p>This is a python script that generates java, python, and C# wrappers for |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set of wrappers for |
-cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution. |
-<br> |
-<a name="cryptoID"> |
-<H2><a href="cryptoID/">CryptoIDs</a></H2> |
-<b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/cryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br> |
-<b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoID2.pdf">.pdf</a>) <i>(the best introduction)</i><br> |
-<b>Schema:</b> XML Schema for <certChain> (<a href="cryptoID/cryptoID.xsd">.xsd</a>)<br> |
-<b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 (<a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt">readme.txt</a>) |
-<p>PKI isn't working for person-to-person communications. Few people use |
-secure email, voice, instant-messaging, or anything else. |
-<p>CryptoIDs are an alternative. The idea is for people to exchange small, |
-user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. |
-These could be passed around and stored in address books as if they were phone |
-numbers or postal addresses. |
-<p>The cryptoID for each user would correspond to that user's <i>root key</i>. |
-The user would keep his root key in a safe place - his employer or |
-some commercial service might hold it for him. The rootholder would operate |
-an online service which would issue short-lived <i>subkey certificates</i> or <i>validation signatures</i> to the user. |
-<p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribution</i> with |
-<i>certificate-based private-key management</i>. The first paper above presents the |
-cryptoID fingerprint and certificate formats, which are designed specifically for |
-this. CryptoIDlib lets you test-drive these formats. |
-<p>The second paper presents private-key management protocols for use with online servers. |
-Support for these is being added to cryptoIDlib. |
- |
-<a name="tls_lite"> |
-<H2><a href="tls_lite/">TLS Lite</a></H2> |
-<b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zip">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br> |
-<p> |
-TLS Lite is a free python library that implements SSL 3.0 and <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>. |
-TLS Lite supports non-traditional authentication methods such as <a href="http://trevp.net/tls_srp/index.html">SRP</a>, |
-<a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">shared keys</a>, |
-and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure |
-<a href="http://www.python.org">Python</a>, however it can access <a href="http://www.openssl.org/">OpenSSL</a> or |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faster crypto operations. |
- |
-<a name="tlssrp"> |
-<H2><a href="tls_srp/">TLS/SRP</a></H2> |
-<b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft-ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.html</a>) |
-<p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password authentication |
-across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html">TLS</a> (aka SSL v3.1) |
-is the best way to do channel security. What could go better together? |
-<p>This draft modifies the TLS handshake to use SRP. This combination of |
-password-based mutual authentication and the TLS record layer is |
-ideal for protecting protocols like POP3 and HTTP. |
- |
-<a name="dss"> |
-<H2>DSS</H2> |
-<b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss-1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-wd-12.doc">.doc</a>)<br> |
-<b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br> |
-<b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis-dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br> |
-<b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Parties, and PKI |
-(<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypto/delegatedCrypto.html">.html</a>)<br> |
-<i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PKI Research Workshop</a>)</i> |
-<p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis-open.org/committees/dss/">Digital Signature Service Technical Committee</a> |
-is designing protocols for signing, verifying, and |
-time-stamping of XML documents and other data. The idea is to perform these |
-operations on servers, thus freeing clients from having to manage private |
-keys, calculate certificate paths, and so on. |
-<p>Also listed is a paper arguing for the server-based approach vs. client-side PKI. |
- |
-<a name="cryptoURL"> |
-<H2>CryptoURLs</H2> |
-<b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryptoURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-cryptoURL-01.html">.html</a>)<br> |
-<p> |
-CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. |
-The resulting URLs are <a href="http://zooko.com/distnames.html">self-authenticating</a>, |
-like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file names</a> or |
-<a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Generated Addresses</a>. |
-These could be useful in: |
-<dir> |
-<LI>web pages: |
- <dir> |
- <LI>a page could link to software binaries and include their hash |
- <LI>a portal could provide secure introductions to a community of sites |
- </dir> |
-<LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/">XML-DSIG</a> over external references) |
-<LI>protocols (e.g. HTTP Redirects or LDAP Referrals) |
-<LI>software configuration (you could configure a client with the address and fingerprint of a server in one step) |
-</dir> |
-<a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to self-authenticating URLs. |
- |
-<a name="cryptlibConverter"> |
-<H2><a href="cryptlibConverter/">CryptlibConverter</a></H2> |
-<b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibConverter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a>) |
-<p>This is a python script that generates java, python, and C# wrappers for |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set of wrappers for |
-cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution. |
-<br> |
-<a name="cryptoID"> |
-<H2><a href="cryptoID/">CryptoIDs</a></H2> |
-<b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/cryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br> |
-<b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoID2.pdf">.pdf</a>) <i>(the best introduction)</i><br> |
-<b>Schema:</b> XML Schema for <certChain> (<a href="cryptoID/cryptoID.xsd">.xsd</a>)<br> |
-<b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 (<a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt">readme.txt</a>) |
-<p>PKI isn't working for person-to-person communications. Few people use |
-secure email, voice, instant-messaging, or anything else. |
-<p>CryptoIDs are an alternative. The idea is for people to exchange small, |
-user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. |
-These could be passed around and stored in address books as if they were phone |
-numbers or postal addresses. |
-<p>The cryptoID for each user would correspond to that user's <i>root key</i>. |
-The user would keep his root key in a safe place - his employer or |
-some commercial service might hold it for him. The rootholder would operate |
-an online service which would issue short-lived <i>subkey certificates</i> or <i>validation signatures</i> to the user. |
-<p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribution</i> with |
-<i>certificate-based private-key management</i>. The first paper above presents the |
-cryptoID fingerprint and certificate formats, which are designed specifically for |
-this. CryptoIDlib lets you test-drive these formats. |
-<p>The second paper presents private-key management protocols for use with online servers. |
-Support for these is being added to cryptoIDlib. |
- |
-<a name="tls_lite"> |
-<H2><a href="tls_lite/">TLS Lite</a></H2> |
-<b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zip">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br> |
-<p> |
-TLS Lite is a free python library that implements SSL 3.0 and <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>. |
-TLS Lite supports non-traditional authentication methods such as <a href="http://trevp.net/tls_srp/index.html">SRP</a>, |
-<a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">shared keys</a>, |
-and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure |
-<a href="http://www.python.org">Python</a>, however it can access <a href="http://www.openssl.org/">OpenSSL</a> or |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faster crypto operations. |
- |
-<a name="tlssrp"> |
-<H2><a href="tls_srp/">TLS/SRP</a></H2> |
-<b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft-ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.html</a>) |
-<p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password authentication |
-across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html">TLS</a> (aka SSL v3.1) |
-is the best way to do channel security. What could go better together? |
-<p>This draft modifies the TLS handshake to use SRP. This combination of |
-password-based mutual authentication and the TLS record layer is |
-ideal for protecting protocols like POP3 and HTTP. |
- |
-<a name="dss"> |
-<H2>DSS</H2> |
-<b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss-1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-wd-12.doc">.doc</a>)<br> |
-<b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br> |
-<b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis-dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br> |
-<b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Parties, and PKI |
-(<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypto/delegatedCrypto.html">.html</a>)<br> |
-<i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PKI Research Workshop</a>)</i> |
-<p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis-open.org/committees/dss/">Digital Signature Service Technical Committee</a> |
-is designing protocols for signing, verifying, and |
-time-stamping of XML documents and other data. The idea is to perform these |
-operations on servers, thus freeing clients from having to manage private |
-keys, calculate certificate paths, and so on. |
-<p>Also listed is a paper arguing for the server-based approach vs. client-side PKI. |
- |
-<a name="cryptoURL"> |
-<H2>CryptoURLs</H2> |
-<b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryptoURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-cryptoURL-01.html">.html</a>)<br> |
-<p> |
-CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. |
-The resulting URLs are <a href="http://zooko.com/distnames.html">self-authenticating</a>, |
-like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file names</a> or |
-<a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Generated Addresses</a>. |
-These could be useful in: |
-<dir> |
-<LI>web pages: |
- <dir> |
- <LI>a page could link to software binaries and include their hash |
- <LI>a portal could provide secure introductions to a community of sites |
- </dir> |
-<LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/">XML-DSIG</a> over external references) |
-<LI>protocols (e.g. HTTP Redirects or LDAP Referrals) |
-<LI>software configuration (you could configure a client with the address and fingerprint of a server in one step) |
-</dir> |
-<a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to self-authenticating URLs. |
- |
-<a name="cryptlibConverter"> |
-<H2><a href="cryptlibConverter/">CryptlibConverter</a></H2> |
-<b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibConverter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a>) |
-<p>This is a python script that generates java, python, and C# wrappers for |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set of wrappers for |
-cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution. |
-<br> |
-<a name="cryptoID"> |
-<H2><a href="cryptoID/">CryptoIDs</a></H2> |
-<b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/cryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br> |
-<b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoID2.pdf">.pdf</a>) <i>(the best introduction)</i><br> |
-<b>Schema:</b> XML Schema for <certChain> (<a href="cryptoID/cryptoID.xsd">.xsd</a>)<br> |
-<b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 (<a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt">readme.txt</a>) |
-<p>PKI isn't working for person-to-person communications. Few people use |
-secure email, voice, instant-messaging, or anything else. |
-<p>CryptoIDs are an alternative. The idea is for people to exchange small, |
-user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. |
-These could be passed around and stored in address books as if they were phone |
-numbers or postal addresses. |
-<p>The cryptoID for each user would correspond to that user's <i>root key</i>. |
-The user would keep his root key in a safe place - his employer or |
-some commercial service might hold it for him. The rootholder would operate |
-an online service which would issue short-lived <i>subkey certificates</i> or <i>validation signatures</i> to the user. |
-<p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribution</i> with |
-<i>certificate-based private-key management</i>. The first paper above presents the |
-cryptoID fingerprint and certificate formats, which are designed specifically for |
-this. CryptoIDlib lets you test-drive these formats. |
-<p>The second paper presents private-key management protocols for use with online servers. |
-Support for these is being added to cryptoIDlib. |
- |
-<a name="tls_lite"> |
-<H2><a href="tls_lite/">TLS Lite</a></H2> |
-<b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zip">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br> |
-<p> |
-TLS Lite is a free python library that implements SSL 3.0 and <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>. |
-TLS Lite supports non-traditional authentication methods such as <a href="http://trevp.net/tls_srp/index.html">SRP</a>, |
-<a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">shared keys</a>, |
-and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure |
-<a href="http://www.python.org">Python</a>, however it can access <a href="http://www.openssl.org/">OpenSSL</a> or |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faster crypto operations. |
- |
-<a name="tlssrp"> |
-<H2><a href="tls_srp/">TLS/SRP</a></H2> |
-<b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft-ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.html</a>) |
-<p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password authentication |
-across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html">TLS</a> (aka SSL v3.1) |
-is the best way to do channel security. What could go better together? |
-<p>This draft modifies the TLS handshake to use SRP. This combination of |
-password-based mutual authentication and the TLS record layer is |
-ideal for protecting protocols like POP3 and HTTP. |
- |
-<a name="dss"> |
-<H2>DSS</H2> |
-<b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss-1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-wd-12.doc">.doc</a>)<br> |
-<b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br> |
-<b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis-dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br> |
-<b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Parties, and PKI |
-(<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypto/delegatedCrypto.html">.html</a>)<br> |
-<i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PKI Research Workshop</a>)</i> |
-<p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis-open.org/committees/dss/">Digital Signature Service Technical Committee</a> |
-is designing protocols for signing, verifying, and |
-time-stamping of XML documents and other data. The idea is to perform these |
-operations on servers, thus freeing clients from having to manage private |
-keys, calculate certificate paths, and so on. |
-<p>Also listed is a paper arguing for the server-based approach vs. client-side PKI. |
- |
-<a name="cryptoURL"> |
-<H2>CryptoURLs</H2> |
-<b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryptoURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-cryptoURL-01.html">.html</a>)<br> |
-<p> |
-CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. |
-The resulting URLs are <a href="http://zooko.com/distnames.html">self-authenticating</a>, |
-like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file names</a> or |
-<a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Generated Addresses</a>. |
-These could be useful in: |
-<dir> |
-<LI>web pages: |
- <dir> |
- <LI>a page could link to software binaries and include their hash |
- <LI>a portal could provide secure introductions to a community of sites |
- </dir> |
-<LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/">XML-DSIG</a> over external references) |
-<LI>protocols (e.g. HTTP Redirects or LDAP Referrals) |
-<LI>software configuration (you could configure a client with the address and fingerprint of a server in one step) |
-</dir> |
-<a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to self-authenticating URLs. |
- |
-<a name="cryptlibConverter"> |
-<H2><a href="cryptlibConverter/">CryptlibConverter</a></H2> |
-<b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibConverter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a>) |
-<p>This is a python script that generates java, python, and C# wrappers for |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set of wrappers for |
-cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution. |
-<br> |
-<a name="cryptoID"> |
-<H2><a href="cryptoID/">CryptoIDs</a></H2> |
-<b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/cryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br> |
-<b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoID2.pdf">.pdf</a>) <i>(the best introduction)</i><br> |
-<b>Schema:</b> XML Schema for <certChain> (<a href="cryptoID/cryptoID.xsd">.xsd</a>)<br> |
-<b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 (<a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt">readme.txt</a>) |
-<p>PKI isn't working for person-to-person communications. Few people use |
-secure email, voice, instant-messaging, or anything else. |
-<p>CryptoIDs are an alternative. The idea is for people to exchange small, |
-user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. |
-These could be passed around and stored in address books as if they were phone |
-numbers or postal addresses. |
-<p>The cryptoID for each user would correspond to that user's <i>root key</i>. |
-The user would keep his root key in a safe place - his employer or |
-some commercial service might hold it for him. The rootholder would operate |
-an online service which would issue short-lived <i>subkey certificates</i> or <i>validation signatures</i> to the user. |
-<p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribution</i> with |
-<i>certificate-based private-key management</i>. The first paper above presents the |
-cryptoID fingerprint and certificate formats, which are designed specifically for |
-this. CryptoIDlib lets you test-drive these formats. |
-<p>The second paper presents private-key management protocols for use with online servers. |
-Support for these is being added to cryptoIDlib. |
- |
-<a name="tls_lite"> |
-<H2><a href="tls_lite/">TLS Lite</a></H2> |
-<b>Code:</b> tls_lite python library v0.1.8 (<a href="tls_lite/tls_lite-0.1.8.zip">.zip</a>, <a href="tls_lite/readme.txt">readme.txt</a>)<br> |
-<p> |
-TLS Lite is a free python library that implements SSL 3.0 and <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0</a>. |
-TLS Lite supports non-traditional authentication methods such as <a href="http://trevp.net/tls_srp/index.html">SRP</a>, |
-<a href="http://www.ietf.org/internet-drafts/draft-ietf-tls-sharedkeys-02.txt">shared keys</a>, |
-and <a href="http://trevp.net/cryptoID/index.html">cryptoIDs</a>, in addition to X.509 certificates. TLS Lite is pure |
-<a href="http://www.python.org">Python</a>, however it can access <a href="http://www.openssl.org/">OpenSSL</a> or |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a> for faster crypto operations. |
- |
-<a name="tlssrp"> |
-<H2><a href="tls_srp/">TLS/SRP</a></H2> |
-<b>Internet-Draft:</b> Using SRP for TLS Authentication (<a href="tls_srp/draft-ietf-tls-srp-06.txt">.txt</a>, <a href="tls_srp/draft-ietf-tls-srp-06.html">.html</a>) |
-<p><a href="http://srp.stanford.edu">SRP</a> is the best way to do password authentication |
-across a network. <a href="http://www.ietf.org/html.charters/tls-charter.html">TLS</a> (aka SSL v3.1) |
-is the best way to do channel security. What could go better together? |
-<p>This draft modifies the TLS handshake to use SRP. This combination of |
-password-based mutual authentication and the TLS record layer is |
-ideal for protecting protocols like POP3 and HTTP. |
- |
-<a name="dss"> |
-<H2>DSS</H2> |
-<b>Requirements:</b> DSS Use Case Requirements Analysis (<a href="dss/oasis-dss-1.0-requirements-wd-12.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-requirements-wd-12.doc">.doc</a>)<br> |
-<b>Specification Working Draft:</b> Digital Signature Service Core Protocol and Elements (<a href="dss/oasis-dss-1.0-core-spec-wd-10.pdf">.pdf</a>, <a href="dss/oasis-dss-1.0-core-spec-wd-10.doc">.doc</a>)<br> |
-<b>Schema Working Draft:</b> oasis-dss-1.0-core-schema-wd-10 (<a href="dss/oasis-dss-1.0-core-schema-wd-10.xsd">.xsd</a>)<br> |
-<b>Somewhat Related Paper:</b> Delegated Cryptography, Online Trusted Third Parties, and PKI |
-(<a href="delegatedCrypto/delegatedCrypto.pdf">.pdf</a>, <a href="delegatedCrypto/delegatedCrypto.html">.html</a>)<br> |
-<i>(presented at the <a href="http://www.cs.dartmouth.edu/~pki02/">1st Annual PKI Research Workshop</a>)</i> |
-<p>The <a href="http://www.oasis-open.org/">OASIS</a> <a href="http://www.oasis-open.org/committees/dss/">Digital Signature Service Technical Committee</a> |
-is designing protocols for signing, verifying, and |
-time-stamping of XML documents and other data. The idea is to perform these |
-operations on servers, thus freeing clients from having to manage private |
-keys, calculate certificate paths, and so on. |
-<p>Also listed is a paper arguing for the server-based approach vs. client-side PKI. |
- |
-<a name="cryptoURL"> |
-<H2>CryptoURLs</H2> |
-<b>Draft of potential Internet-Draft:</b> The "crypto" URL scheme (<a href="cryptoURL/draft-ietf-cryptoURL-01.txt">.txt</a>, <a href="cryptoURL/draft-ietf-cryptoURL-01.html">.html</a>)<br> |
-<p> |
-CryptoURLs add "crypto metadata" like content hashes and key fingerprints to normal URLs. |
-The resulting URLs are <a href="http://zooko.com/distnames.html">self-authenticating</a>, |
-like <a href="http://citeseer.nj.nec.com/mazieres99separating.html">SFS file names</a> or |
-<a href="http://research.microsoft.com/users/tuomaura/CGA/">Cryptographically Generated Addresses</a>. |
-These could be useful in: |
-<dir> |
-<LI>web pages: |
- <dir> |
- <LI>a page could link to software binaries and include their hash |
- <LI>a portal could provide secure introductions to a community of sites |
- </dir> |
-<LI>XML documents (e.g. extending an <a href="http://www.w3.org/TR/xmldsig-core/">XML-DSIG</a> over external references) |
-<LI>protocols (e.g. HTTP Redirects or LDAP Referrals) |
-<LI>software configuration (you could configure a client with the address and fingerprint of a server in one step) |
-</dir> |
-<a href="http://www.waterken.com/dev/YURL/">YURLs</a> are another approach to self-authenticating URLs. |
- |
-<a name="cryptlibConverter"> |
-<H2><a href="cryptlibConverter/">CryptlibConverter</a></H2> |
-<b>Code:</b> Version 5 for cryptlib 3.1 (<a href="cryptlibConverter/cryptlibConverter5_cl31.zip">.zip</a>, <a href="cryptlibConverter/readme.txt">readme.txt</a>) |
-<p>This is a python script that generates java, python, and C# wrappers for |
-<a href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/">cryptlib</a>. A set of wrappers for |
-cryptlib 3.1 is included in the .zip file. The python and C# wrappers are also included in the latest cryptlib distribution. |
-<br> |
-<a name="cryptoID"> |
-<H2><a href="cryptoID/">CryptoIDs</a></H2> |
-<b>Paper 1:</b> Public Key Distribution through "cryptoIDs" (<a href="cryptoID/cryptoID.pdf">.pdf</a>, <a href="cryptoID/cryptoID.html">.html</a>) <i>(presented at <a href="http://www.nspw.org/2003/">NSPW 2003</a>)</i><br> |
-<b>Paper 2:</b> The CryptoID Key Management Protocols (<a href="cryptoID/cryptoID2.pdf">.pdf</a>) <i>(the best introduction)</i><br> |
-<b>Schema:</b> XML Schema for <certChain> (<a href="cryptoID/cryptoID.xsd">.xsd</a>)<br> |
-<b>Code:</b> CryptoIDlib Python and Java library and command-line tool v0.1.8 (<a href="cryptoID/cryptoIDlib-0.1.8.zip">.zip</a>, <a href="cryptoID/readme.txt">readme.txt</a>) |
-<p>PKI isn't working for person-to-person communications. Few people use |
-secure email, voice, instant-messaging, or anything else. |
-<p>CryptoIDs are an alternative. The idea is for people to exchange small, |
-user-friendly fingerprints (aka "cryptoIDs") like 'cyhf4.9ajd8.kbdx4.rk98c'. |
-These could be passed around and stored in address books as if they were phone |
-numbers or postal addresses. |
-<p>The cryptoID for each user would correspond to that user's <i>root key</i>. |
-The user would keep his root key in a safe place - his employer or |
-some commercial service might hold it for him. The rootholder would operate |
-an online service which would issue short-lived <i>subkey certificates</i> or <i>validation signatures</i> to the user. |
-<p>CryptoIDs, then, are about combining <i>fingerprint-based public-key distribution</i> with |
-<i>certificate-based private-key management</i>. The first paper above presents the |
-cryptoID fingerprint and certificate formats, which are designed specifically for |
-this. CryptoIDlib lets you test-drive these formats. |
-<p>The second paper presents private-key management protocols for use with online servers. |
-Support for these is being added to cryptoIDlib. |
- |
-<br> |
-<br> |
-</body> |
-</html> |