This is the old version of the H2O platform and is now read-only. This means you can view content but cannot create content. You can access the new platform at https://opencasebook.org. Thank you.

  1. 1 Show/Hide More 1.2.4.a Encryption (public and private keys, hash functions)
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Public key cryptography enables encryption and decryption of data transferred between two parties, the authentication of data’s origin, and indication of data tampering.
    1. 1.1 Show/Hide More Steven Levy, Crypto Ch. 3: Public Key, 2001
      This book traces the history of modern cryptography and how it transferred from being a tool employed by governments to a public service designed and consumed by private actors. Chapter 3 describes how researchers sought to answer the following question: how can you create a system where people who have never met can speak securely? The answer is a one-way authentication system, now popularized as public and private keys.
    2. 1.2 Show/Hide More Introduction to Public-Key Cryptography, Mozilla Developer Network, 2005
      Public-key cryptography and related standards and techniques underlie many commonly used security features, including signed and encrypted email, form signing, object signing, single sign-on, and the Secure Sockets Layer (SSL) protocol. This document introduces the basic concepts of public-key cryptography.
    3. 1.3 Show/Hide More D. Richard Kuhn et al., Introduction to Public Key Technology and the Federal PKI Infrastructure, NIST, 2001
      This detailed report provides an overview of Public Key Infrastructures functions and their potential applications as authentication technologies within federal agencies.
  2. 2 Show/Hide More 1.2.4.b SSL Certificates
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Many of the online authentication mechanisms that enable transactions rely on faith in the Secure Sockets Layer protocol and Certificate Authorities. Growing evidence suggests that this mechanism is highly vulnerable, and there has been much discussion surrounding alternatives.
    1. 2.1 Show/Hide More Introduction to SSL, Mozilla Developer Network, 2005
      The Secure Sockets Layer (SSL) protocol has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers. This article introduces key concepts and also touches upon potential threats such as Man-in-the-Middle Attacks.
    2. 2.2 Show/Hide More 1.2.4.b.ii Moxie Marlinspike on SSL and Authenticity
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Marlinspike has released several follow-up materials which are useful for an updated view of the ongoing debate.
      1. 2.2.1 Show/Hide More Moxie Marlinspike, BlackHat USA 2011: SSL and the Future of Authenticity, 2011
        A talk given as a follow-up to the blog post above, recommended viewing: 0:00-23:34.
      2. 2.2.2 Show/Hide More Moxie Marlinspike, New Tricks For Defeating SSL In Practice, BlackHat DC, 2009
        Slides demonstrating some uncovered weaknesses of SSL.
      3. 2.2.3 Show/Hide More Moxie Marlinspike, SSL and the Future of Authenticity, Thoughtcrime Blog, 2011
        This brief blog post defines the core issues with the Certificate Authorities mechanism SSL relies on, primarily via the missing quality of trust agility; it also critically examines suggested alternatives such as DNSSEC.
    3. 2.3 Show/Hide More Gregg Keizer, Hackers Stole Google SSL Certificate, Dutch Firm Admits, Computerworld, Aug 30, 2011
      This article demonstrates some of the potential issues with exploiting SSL weaknesses.

Playlist Information

May 21, 2013

Author Stats

Jack Goldsmith and a Berkman Center Cybersecurity Team

Other Playlists by Jack Goldsmith and a Berkman Center Cybersecurity Team

Find Items

Search below to find items, then drag and drop items onto playlists you own. To add items to nested playlists, you must first expand those playlists.

Leitura Garamond Futura Verdana Proxima Nova Dagny Web
small medium large extra-large