Contents
* Standards and Protocols
* Cryptography
* Cryptography, Security, and Politics
* Cryptographic Toolkits/Libraries
* Secure Hardware, Smartcards
* Information Hiding
* Alert Sites
* Collections of Pointers
* Miscellaneous
* Newsgroups on Security
* Electronic Commerce --> "Electronic Commerce, Payment Systems, and Security"
* Cybercrime --> "Cybercrime and e-Fraud"
Standards and Protocols
[ HTTP (SHEN, SHTTP) | MOSS | PEM | PGP | PKCS | SSH | SKIP | S/MIME | SSL/TLS | IETF Working Groups ]
* Standards
o --> Standards in Security and Cryptography
o Cryptographic Standards Introduction and Summary> by Richard Ankney
* HTTP -- HyperText Transfer Protocol
o IETF HTTP Working Group
o Protocol specification of HTTP2
o Suggestions for Secure HyperText Transfer Protocols:
+ SHEN (by CERN)
# Access Authorization in WWW
# Shen: A Security Scheme for the World Wide Web
(gives also pointers to basic systems and related security standards like PEM, GSS) SHTTP (by EIT/RSA/NCSA)
+
# Current version, maintained by Terisa
+ SSL/TLS see below
+ [PROPOSED] HTTP Working Group INTERNET-DRAFT Digest Access Authentication / SimpleMD5 (by SpyGlass)
+ Simple Digest Security Scheme (by CERN)
+ PGP/PEM (by NCSA)
o Comments and Collections of Pointers
+ Spyglass White Paper - 12/6/94 (DRAFT)
+ "Electronic Commerce Standards for the WWW" Rutgers University: WWW Security References and World Wide Web Security
+ W3C's Security Resource Page
* MOSS -- MIME Object Security Services
o Specification
+ RFC 1448: MIME Object Security Services
* PEM -- Privacy Enhanced Mail
o Specification
+ RFC 1421: Message Encryption and Authentication Procedures
+ RFC 1422: Certificate-Based Key Management
+ RFC 1423: Algorithms, Modes, and Identifiers
+ RFC 1424: Key Certification and Related Services
o Implementations
+ RSA and Trusted Information Systems: TIS/PEM
+ RIPEM, Riordan's Internet Privacy Enhanced Mail
* PGP -- Pretty Good Privacy
o Standardization
+ IETF Working group
+ OpenPGP Message Format (RFC 2440)
o PGP Home Pages
+ "The International PGP Home Page," hosting the freeware version of PGP
+ "PGP International," by Network Associates International BV, The Netherlands, providing the commercial (non-US) version of PGP
o Key Directories
+ www.uk.pgp.net
+ OpenPGP keyserver network
+ MIT PGP public key directory
+ See also keyserver page by International PGP Home Page
o Certification
+ DFN/CERT
+ Trustcenter
+ Arbeitsgruppe Zertifikationsinfrastruktur
+ c't Krypto-Kampagne
o Distribution and Documentation
+ Pretty Good Privacy
+ PGP hypertext and LaTeX formatted documentation
+ MacPGP Accessories
+ ftp.cert.dfn.de/pub/tools/crypt/pgp
+ PGP Links by Heise/ c't
+ At Saarbrücken: PGP 5.0 Freeware for Windows and Macintosh
o The GNU Privacy Guard
+ The GNU Privacy Guard
* RSA Laboratories' Public-Key Cryptography Standards (PKCS)
* SKIP -- Simple Key management for Internet Protocols
* SSH (Secure Shell) Remote Login Program
o SecSH Working Group by IETF
o SSH.org, the secure shell community site
o OpenSSH, free implementation of SSH as part of the OpenBSD project
o FreeSSH.org, pointers to various SSH information
o SSH Communication Security, Commercial SSH implementation by Tatu Ylonen, the original designer of SSH
* SSL -- Secure Sockets Layer (by Netscape Comm. Corp.) /
TLS-- Transport Layer Security (standardization of SSL in the context of IETF)
o Introduction to SSL
o TLS Working Group
o by IETF SSL 3.0 Specification
o RFC 2246, Protocol specifications of TLS Version 1.0
o OpenSSL, free implementation of SSL and TLS
o Fortify, provides full strength cryptography to users of Netscape Navigator (v3) and Communicator (v4)
o SSL Check allows you to get more information than standard-browsers on strengths of SSL-server (e.g., key-size and exponents)
* S/MIME by RSA, Microsoft, Lotus, Banyan, and Connectsoft:
o S/MIME and OpenPGP, with RFCs
o S/MIME Freeware Library
* IPng Security
Cryptography
[ Intro | Specific Topics | Politics | Software | Hardware ]
Introductions to Cryptography
* Introduction to Cryptography by Tatu Ylönen
* Digital Signatures and Smart Cards by DigiCash
* Frequently Asked Questions About Today's CryptographyCryptography (4th ed., last checked: 10/98) by RSA (3rd ed. in PDF)
Specific Topics
* History
o Codes and Ciphers in the Second World War, focusing on british achievements, e.g., the breaking of Enigma. See also The Bletchley Park Trust and Enigma simulator (Java Applet)
o National Cryptologic Museum / NSA
o The Heinz Nixdorf Museums on computer history has a special exhibition part on Die Welt der Codes und Chiffren
* Specific Cryptographic Systems
o NIST's call for proposals for an Advanced Encryption Standard (AES), i.e., the successor of DES
+ MARS (by IBM; more info)
+ RC6 (by RSA)
+ for all submissions, see the AES homepage
* Public Key Infrastructures
o References on Public Key Infrastructures, by DFN-PCA
* Quantum Cryptography / Computing
o Annotated Bibliography on Quantum Cryptography (by Gilles Brassard)
o Laboratory for Theoretical and Quantum Computing, Université de Montréal
o Quantum Information and Computation (QUIC): QUIC is a collaboration of 5 groups at 3 universities, undertaking experimental, theoretical, and modelling investigations into quantum computing
o The Quantum Computing Rresearch Project of Stanford-Berkeley-MIT-IBM. This site contians information on NMR (Nuclear Magnetic Resonance) Quantum Computer and Quantum Algortihm. It also has a nice archive of technical papers on Quantum Computing , Quantum Information Theory and Quantum Cryptography.
o Physics and Media Group of MIT Media Lab. This site gives a short Introduction and some publications on Bulk Spin Resonance Quantum Computation.
o The Quantum Optics and Spectroscopy Group at the Institute for Experimental Physics in Innsbruck. Contains links to the research groups working on Quantum Information.
o The Centre for Quantum Computation, based at Oxford University. This site contains also very nice introductionary papers to Quantum Computers, Quantum Cryptogarphy and Quantum Communications.
o The Physics of Quantum Information is a proposed European network within the TMR program of the European Commission. This site contains also some links to tutorials and introductions on quantum cryptography, quantum cryptoanalysis, quantum computation, quantum communication and other research groups. It has a link to International Workshop on the Physics of Quantum Information which takes place in Helsinki, Finland, September 24-26, 1998.
o Quantum Cryptography in Norway: Application-oriented research at NTNU, Trondheim and Telenor, Oslo
o Information by
+ Peter Shor
+ Iain Stewart
+ John Aaron Smolin
* Anonymous Communication: This list is now part of the page on privacy.
* Random Numbers
o The WWW Virtual Library: Random Numbers and Monte Carlo Methods
o Randomness: draft random number appendix for the P1363 standard
o Randomness Recommendations for Security (RFC 1750)
o various pages concerning Random Number Conditioning, a hardware box for generating High Quality, High Speed True Random Number
, and LavaRand for random numbers (and some fun ;-)
Cryptography, Security, and Politics
[ General Issues | Digital Signatures | Encryption (in English / German ) ]
General Information on "Computers and Law"
* English
o Electronic Communications Privacy Act
* German
o Juristische Informationen im Internet (generell)
o Online-law
o Federal Bill Establishing the General Conditions for Information and Communication Services (Information and Communication Services Bill) / Gesetz zur Regelung der Rahmenbedingungen für Informations- und Kommunikationsdienste (Informations- und Kommunikationsdienste-Gesetz IuKDG) : German frame law for the use of information and communication services; Bundestagsdrucksache 13/7934 vom 11.06.1997; approved by Bundestag (June 13, 1997) and Bundesrat (July 4, 1997); valid from Augist 1st, 1997, onwards. Contains signature law SigG.
o Law of Electronic and Internet Commerce in Germany, by Christopher Kuner
o Novellierung des Bundesdatenschutzgesetzes (BDSG), Referentenentwurf, Stand 28.5.1997
Digital Signatures
* English
o Digital Signature Law Survey by Simone van der Hof and Bert-Jaap Koops
o European Commission
+ Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community Framework for Electronic Signatures (valid from Jan 19, 2000)
+ Statement by the European Commission
o Electronic Commerce and Information Technology Division, Section of Science and Technology, American Bar Association has published Digital Signature Guidelines
o Software Industry Issues: Digital Signatures, which is a collection of pointers to the (proposed) US state laws on digital signatures, and commercial sites dealing with certification, etc.
o Verisign's CPS
o Sweden
* German
o Wissenforum Digitale Signatur, by IID
o Deutschland
+ Official German documents (by RegTP)
# SigG: Digital Signature Act (which is Art.3 of IuKDG)
# SigV: Digital Signature Ordinance (also here)
# Maßnahmenkataloge für Zertifizierungsstellen
# Maßnahmenkatalog für technische Komponenten
# Anerkennung von Bestätigungsstellen
+ BSI-Projektbüro "Digitale Signatur": BSI Manual for Digital Signatures, Maßnahmenkatalog, Schnittstellenspezifikation zur Entwicklung interoperabler Verfahren und Komponenten nach SigG/SigV, Zertifikate, Signaturumfang, Gültigkeitsmodell
o Schweiz
Privacy, Encryption, Export Control, and Key Recovery
Documents in English [... in German]
* Collections of Documents and Pointers
o Center for Democracy and Technology
+ Info on US policy
+ Report: "The risks of key recovery, key escrow, and trusted third party encryption"
* Organizations and Statements
o Cabinet Paper of the Federal Ministry of Economics and Technology and the Federal Ministry of the Interior: Key Elements of Germany's Encryption Policy
o Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions Ensuring Security and Trust in Electronic Communication; Document COM (97) 503, European Commission Directorate-General XIII, October 8th, 1997.
o Center for Democracy and Technology Policy Issues Page
o CEPIS (Council of European Professional Informatics Societies): Statement
o CPSR
o EFF: Archive; see also Crypto Export issues, maintained by John Gilmore
o EPIC (also operating Privacy International)
o ITAA: Documents on Encryption; in particular see their Encryption Survey: (Survey Portends Job and Revenue Losses Stemming From Restrictive U.S. Export Policies (April 30, 1997)
o OECD: Cryptography Guidlines (see also here)
* Surveys on "Crypto and Law"
o "Cryptography and Liberty -- An International Survey of Encryption Policy" by Global Internet Liberty Campaign
o Crypto Law Survey, by Bert-Jaap Koops
o Data Encryption And The Law(S) - Results, by A. Sylvain
o General information Europe and Cryptography
* Misc
o New York Times' articles on "Privacy in the Digital Age"
o List of books on privacy (by Simson Garfinkel)
o "Applied Cryptography" Crypto Disk is not exportable
o U.S.Export Administration Regulations on Software Exports
o Licensing of Trusted Third Parties for the Provision of Encryption Services; Public Consultation Paper on Detailed Proposals for Legislation, UK DTI (Department of Trade and Industry), March 1997.
o Comment on DTI's proposal, by CommUnity, The Computer Communicators Association (10th April 1997)
* Insecurity Because of Export Restrictions
o Cypherpunks "brute" key cracking ring
o Brute force "Attacks on RC4 with 40 bit Key Length" (or here )
o "Export Version of Netscapes SSL Broken"
Documents in German [... in English]
* Datenschutz, Informatik und Recht allgemein
o Germany: Datenschutzinformationen
o Hamburgische Datenschutzinformationen
o Switzerland: Der Eidgenössische Datenschutzbeauftragte
o Telesec Rechtsinfos
* Deutsche Kryptokontroverse
o Siehe primär:
+ www.crypto.de Pressemeldungen und Erklärungen von Parteien und Organisationen
+ Ulf Möllers Ausfürliche Zusammenfassung, internationaler Vergleich und Verzeichnis von Dokumenten
o Stellungnahmen
+ Fachverbände
# GI (Gesellschaft für Informatik)
# Fachverband Informationstechnik im VDMA und ZVEI Position und Presseerklärung (Faksimile; zip-file)
# Civil Rights Organisations Support Strong Encryption Policy in Germany, Brief an den Bundeskanzler, unterzeichnet von diversen internationalen Bürgerrechtsorganisationen (deutsche Übersetzung)
+ Wissenschaftliche Organisationen
# GMD TKT (Institut für Telekooperationstechnik TKT des Forschungszentrums Informationstechnik GmbH)
# TeleTrusT
# provet; insb. juristische Beurteilung
+ Firmen
# Kryptokom
# Telesec (Deutsche Telekom); siehe auch Rechtsinfos
+ Sonstige
# Hamburger Erklärung für Verschlüsselungsfreiheit
# Thesen des Schleswig-Holsteinische Datenschutzbeauftragten
o Dokumente
+ Informations- und Kommunikationsdienste-Gesetz (Draft)
o Artikel
+ Sammlung von Artikeln zur Kryptokontroverse
+ Christiane Schulzki-Haddouti: Kanthers Kurs auf das Kryptoverbot -- Regierungsvarianten zur Kryptoregulierung; Verlag Heinz Heise, Hannover, 21.03.97
+ Gunhild Lütge und Ludwig Siegele: Verschlüsselung im Internet: Was darf geheim sein?; DIE ZEIT 09.05.97 Nr.20
+ Michaela Huhn, Andreas Pfitzmann: Technische Randbedingungen jeder Kryptoregulierung; erscheint in: G. Müller, A. Pfitzmann (Hrsg.): Mehrseitige Sicherheit; Addison-Wesley, 1997.
No comments:
Post a Comment