-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.html
157 lines (133 loc) · 6.95 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<!DOCTYPE html>
<html lang="en-us">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>IAP: Current issues in SSL and TLS</title>
<style type="text/css">
body {
margin: 0;
padding: 1.5em 5% 8em 5%;
font-family: -apple-system, "Helvetica Neue", "Lucida Grande", Helvetica, Arial, sans-serif;
}
.item {
border-bottom: 1px dotted black;
}
h1 {
font-size: 1.5em;
color: #630E17;
}
h2 {
margin: 1.5em 0 0 0;
color: #630E17;
}
h2, p, li {
font-size: .80em;
}
ul {
list-style-type: none;
padding: 0;
margin: 0 0 1em 0;
}
a {
text-decoration: none;
color: #981a21;
}
a:hover {
border-width: 0 0 1px 0;
border-style: none none dotted none;
}
</style>
</head>
<body>
<div class="item">
<h1>Current issues in SSL and TLS</h1>
<p>Presented by <a href="https://www.rajivmanglani.com/">Rajiv Aaron Manglani</a>.</p>
<p>Sponsored by <a href="https://sipb.mit.edu/">MIT SIPB</a>.</p>
<p>
Wednesday, January 18, 2017, 5-7:00pm in MIT <a href="http://whereis.mit.edu/map-jpg?selection=4-237">4-237</a>.
</p>
<p>SSL and TLS are the protocols which provide the foundation for securing Internet traffic. We will explore current topics and issues facing the industry including SHA-1 to SHA-2 certificate migrations, ECDSA, post-quantum cryptography, Certificate Transparency, OCSP and Stapling, HTTP/2, free DV certificates from Let's Encrypt, and TLS 1.3.
</p>
<p><strong>If you plan on attending, please RSVP to <a href='mailto:sipb-iap17-ssl-tls@mit.edu'>sipb-iap17-ssl-tls@mit.edu</a>.</strong></p>
<p>For more information, contact: Rajiv Aaron Manglani, <a href="mailto:rajiv@alum.mit.edu">rajiv@alum.mit.edu</a>.</p>
</div>
<div class="item">
<h2>Resources</h2>
<ul>
<li><a href="https://sipb.mit.edu/iap/ssl-tls/">https://sipb.mit.edu/iap/ssl-tls/</a></li>
<li><a href="http://whereis.mit.edu/map-jpg?selection=4-237">http://whereis.mit.edu/map-jpg?selection=4-237</a></li>
<li><a href="http://student.mit.edu/searchiap/iap-9289af8f5982f22c015994972d990203.html">http://student.mit.edu/searchiap/iap-9289af8f5982f22c015994972d990203.html</a></li>
</ul>
<ul>
<li><a href="http://amzn.to/1JGK27R">Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications</a> (book)</li>
</ul>
<h2>SHA-1 to SHA-2 certificate migrations</h2>
<ul>
<li><a href="https://www.facebook.com/notes/protect-the-graph/retiring-sha-1-certificates/1814716098768533/">Retiring SHA-1 certificates</a> (Facebook)</li>
<li><a href="https://blog.cloudflare.com/why-its-harder-to-forge-a-sha-1-certificate-than-it-is-to-find-a-sha-1-collision/">Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision</a> (CloudFlare)</li>
<li><a href="https://www.facebook.com/notes/alex-stamos/the-sha-1-sunset/10153782990367929?_rdr=p">The SHA-1 Sunset</a> (Facebook)</li>
<li><a href="https://cabforum.org">CA/Browser Forum</a></li>
</ul>
<h2>ECDSA Certificates</h2>
<ul>
<li><a href="https://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet/">ECDSA: The digital signature algorithm of a better internet</a> (CloudFlare)</li>
</ul>
<h2>Post-quantum Cryptography</h2>
<ul>
<li><a href="http://pqcrypto.org/">Post-quantum cryptography</a></li>
<li><a href="https://amzn.to/2jQpcrh">Post-Quantum Cryptography</a> (book, 2009, by Daniel J. Bernstein and others)</li>
<li><a href="https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html">Experimenting with Post-quantum cryptography in Chrome</a> (Google)</li>
</ul>
<h2>Certificate Transparency</h2>
<ul>
<li><a href="https://www.certificate-transparency.org">Certificate Transparency</a></li>
<li><a href="https://crt.sh">Certificate Search</a></li>
<li><a href="https://developers.facebook.com/tools/ct/">Certificate Transparency Monitoring</a> (Facebook)</li>
<li><a href="https://censys.io/">Censys</a> search engine</li>
<li><a href="https://sslmate.com/certspotter/">Cert Spotter</a> (SSLMate)</li>
<li><a href="https://sslmate.com/blog/post/ct_redaction_in_chrome_53">Why Chrome 53 is Rejecting Chase Bank's Symantec Certificate</a> (SSLMate)</li>
</ul>
<h2>OCSP and OCSP Stapling</h2>
<ul>
<li><a href="https://www.maxcdn.com/one/visual-glossary/ocsp-stapling/">What is OCSP Stapling?</a> (MaxCDN)</li>
</ul>
<h2>DV Certificates</h2>
<ul>
<li><a href="https://letsencrypt.org/">Let’s Encrypt</a></li>
</ul>
<h2>TLS 1.3</h2>
<ul>
<li><a href="https://media.ccc.de/v/33c3-8348-deploying_tls_1_3_the_great_the_good_and_the_bad">Deploying TLS 1.3: the great, the good and the bad</a> (video from CCC 2016 33c3)</li>
<li><a href="https://timtaubert.de/blog/2015/11/more-privacy-less-latency-improved-handshakes-in-tls-13/"> More Privacy, Less Latency: Improved Handshakes in TLS version 1.3</a> (Tim Taubert)</li>
</ul>
<h2>TLS implementations</h2>
<ul>
<li><a href="https://www.openssl.org">OpenSSL</a></li>
<li><a href="https://www.libressl.org/">LibreSSL</a></li>
<li><a href="https://boringssl.googlesource.com/boringssl/">BoringSSL</a></li>
<li><a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa380123(v=vs.85).aspx">Microsoft Secure Channel (Schannel)</a></li>
</ul>
<h2>TLS configuration</h2>
<ul>
<li><a href="https://www.ssllabs.com/ssltest/index.html">Qualys SSL Labs Server Test</a></li>
<li><a href="https://www.ssllabs.com/ssltest/clients.html">Qualys SSL Labs User Agent Capabilities</a></li>
<li><a href="https://wiki.mozilla.org/Security/Server_Side_TLS">Mozilla Security/Server Side TLS</a></li>
</ul>
<h2>TLS Everywhere and history</h2>
<ul>
<li><a href="https://www.youtube.com/watch?v=cBhZ6S0PFCY">Google I/O 2014 - HTTPS Everywhere</a> (video)</li>
<li><a href="https://docs.google.com/presentation/d/15H8Sj-Zol1tcum0CSylhmXns5r7cvNFtzYrcwAzkTjM/present?slide=id.g12f3ee71d_10">Google I/O 2014 - HTTPS Everywhere</a> (slides)</li>
<li><a href="https://istlsfastyet.com">Is TLS Fast Yet?</a></li>
<li><a href="http://heartbleed.com/">The Heartbleed Bug</a></li>
<li><a href="https://www.feistyduck.com/ssl-tls-and-pki-history/">SSL/TLS and PKI History</a></li>
</ul>
<h2>Upcoming</h2>
<ul>
<li><a href="https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities">DANE</a></li>
<li><a href="https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization">CAA</a></li>
</ul>
<p> </p>
</div>
<p>See also: <a href="https://sipb.mit.edu/iap/">Other MIT SIPB IAP courses</a>.</p>
</body>
</html>