Ссылки на использованные материалы

[1] Adi Shamir. Cryptography: State of the sci-
ence. ACM A. M. Turing Award Lecture, June
8 2003. awards.acm.org/images/awards/
140/vstream/2002/S/s- pp/shamir_1files_
[2] Ryan Singel. PGP Creator Defends Hushmail.
Wired News Threat Level Blog, November 19
2007. www.wired.com/threatlevel/2007/11/
pgp- creator- def.
[3] Johnathan Nightingale. SSL Question Cor-
ner. meandering wild ly (blog), August 5
2008. blog.johnath.com/2008/08/05/ssl-
question- corner/.
[4] Joshua Sunshine, Serge Egelman, Hazim Al-
muhimedi, Neha Atri, and Lorrie F. Cranor.
Crying wolf: An empirical study of SSL warn-
ing effectiveness. In Proceedings of the 18th
Usenix Security Symposium, August 2009.
[5] Ed Felten. Web Certification Fail: Bad
Assumptions Lead to Bad Technol-
ogy. Freedom To Tinker, February 23
2010. www.freedom- to- tinker.com/blog/
felten/web- certification- fail- bad-
assumptions- lead- bad- technology.
[6] Mozilla. Potentially problematic CA practices
, 2010. wiki.mozilla.org/CA:Problematic_
[7] Microsoft Root Certificate Program, January
15 2009. technet.microsoft.com/en- us/
[8] Mozilla CA Certificate Policy (Version 1.2).
[9] Apple Root Certificate Program.
[10] Craig Spiezle. Email conversation with author,
February 15 2010.
[11] Marc Stevens, Alexander Sotirov, Jacob Appel-
baum, Arjen Lenstra, David Molnar, Dag Arne
Osvik, and Benne Weger. Short chosen-prefix
collisions for MD5 and the creation of a rogue
CA certificate. In Proceedings of the 29th An-
nual International Cryptology Conference on
Advances in Cryptology, pages 55­69, Berlin,
Heidelberg, 2009. Springer-Verlag.
[12] Marsh Ray and Steve Dispensa.
Renegotiating tls, November 4 2009.
extendedsubset.com/wp- uploads/2009/
[13] Stuart E. Schechter, Rachna Dhamija, Andy
Ozment, and Ian Fischer. The emperor's new
security indicators. In SP '07: Proceedings
of the 2007 IEEE Symposium on Security and
Privacy, pages 51­65, Washington, DC, USA,
2007. IEEE Computer Society.
[14] Moxie Marlinspike. sslsniff, July 3 2009. www.
[15] Moxie Marlinspike. sslsniff, December 18
2009. www.thoughtcrime.org/software/
[16] Windows Root Certificate Program Members,
November 24 2009. download.microsoft.
com/download/1/4/f/14f7067b- 69d3- 473a-
ba5e- 70d04aea5929/windows\%20root\
[17] Christopher Soghoian. Caught in the cloud:
Privacy, encryption, and government back
doors in the web 2.0 era. In Journal on
Telecommunications and High Technology Law,
[18] Declan McCullagh. Court to FBI: No spying
on in-car computers. CNET News, Novem-
ber 19 2003. news.cnet.com/2100- 1029_3-
[19] John Markoff. Surveillance of skype messages
found in china. The New York Times, Octo-
ber 1 2008. www.nytimes.com/2008/10/02/
[20] Andrew Jacobs. China requires censorship soft-
ware on new pcs. The New York Times, June 8
2009. www.nytimes.com/2009/06/09/world/
[21] Christopher Soghoian. 8 Million Reasons for
Real Surveillance Oversight. Slight Paranoia
blog, December 1 2009. paranoia.dubfire.
net/2009/12/8- million- reasons- for-
real- surveillance.html.
[22] Kim Zetter. Feds `Pinged' Sprint GPS Data 8
Million Times Over a Year. Wired News Threat
Level Blog, December 1 2009. www.wired.com/
threatlevel/2009/12/gps- data/.
[23] Packet Forensics. Export and Re-Export Re-
quirements, 2009. www.packetforensics.
[24] VeriSign. Netdiscovery service sub-
poena processing and handling, 2004.
[25] Why VeriSign. www.verisign.com/ssl/why-
[26] VeriSign Case Study. VeriSign helps an inno-
vative broadband telephony provider focus on
core business goals, October 16 2006. www.
[27] VeriSign. Cox communications: Complying
with CALEA regulations in a cost-effective
manner, while expanding services, 2004. www.
[28] Ken Belson. The call is cheap. the wiretap
is extra.; enlisting internet phones in the
battle against crime. The New York Times,
August 23 2004. www.nytimes.com/2004/08/
23/business/call- cheap- wiretap- extra-
enlisting- internet- phones- battle-
against- crime.html.
[29] Kim Zetter. Researcher: Middle East
Blackberry Update Spies on Users. Wired
News Threat Level Blog, July 14 2009.
blackberry- spies/.
[30] Chris Eng. BlackBerry Spyware Dis-
sected. Veracode: Zero in a bit, July
15 2009. www.veracode.com/blog/2009/07/
blackberry- spyware- dissected/.
[31] RIM. RIM Customer Statement Regarding
Etisalat / SS8 Software, July 19 2009.
[32] Matthieu Bussiere and Marcel Fratzscher. Low
probability, high impact: Policy making and
extreme events. Journal of Policy Modeling,
30(1):111­121, 2008.
[33] Cormac Herley. So long, and no thanks for the
externalities: the rational rejection of security
advice by users. In NSPW '09: Proceedings of
the 2009 workshop on New security paradigms
workshop, pages 133­144, September 2009.
[34] Certificate patrol, 2010. patrol.psyced.org/.
[35] Dan Kaminsky. Email conversation with au-
thor, February 28 2010.
[36] Sam Schillace. Default https access for
Gmail. The Official Gmail Blog, January
12 2010. gmailblog.blogspot.com/2010/01/
default- https- access- for- gmail.html.
[37] Kai Engert. Conspiracy — A Mozilla Fire-
fox Extension, March 18 2010. kuix.de/
[38] Dan Wendlandt, David G. Andersen, and
Adrian Perrig. Perspectives: improving ssh-
style host authentication with multi-path prob-
ing. In ATC'08: USENIX 2008 Annual Tech-
nical Conference on Annual Technical Confer-
ence, pages 321­334, Berkeley, CA, USA, 2008.
USENIX Association.
[39] Mansoor Alicherry and Angelos D. Keromytis.
Doublecheck: Multi-path verification against
man-in-the-middle attacks. In ISCC 2009:
IEEE Symposium on Computers and Com-
munications, pages 557­563, Piscataway, NJ,
USA, 2009. IEEE.
[40] David Ahmad. Two Years of Broken Crypto:
Debian's Dress Rehearsal for a Global PKI
Compromise. IEEE Security and Privacy, 6:70­
73, September 2008.
[41] Scott Yilek, Eric Rescorla, Hovav Shacham,
Brandon Enright, and Stefan Savage. When
private keys are public: results from the 2008
Debian OpenSSL vulnerability. In Proceedings
of the 9th ACM SIGCOMM conference on In-
ternet measurement conference, pages 15­27,
New York, NY, USA, 2009. ACM.
[42] The H Security. heise SSL Guardian:
Protection against unsafe SSL certifi-
cates, July 4 2008. www.h- online.com/
security/features/Heise- SSL- Guardian-
[43] Mґrton Anka.
a SSL Blacklist 4.0, Jan-
uary 31 2010. www.codefromthe70s.org/

Назад[link1] | Оглавление[link2]

[link1] http://www.pgpru.com/biblioteka/statji/certifiedlies/acknowledgements

[link2] http://www.pgpru.com/biblioteka/statji/certifiedlies