RTFM Home Page

Publications by Eric Rescorla

This list isn't complete and in particular is missing a number of talks and non-academic articles which I haven't had time to put up on the Web yet.

Books

SSL and TLS: Designing and Building Secure Systems Addison-Wesley, 2001

 

Articles and Papers

Shacham, H., Boneh, D., Rescorla, E., Client side caching for TLS, to appear TISSEC.

Rescorla, E., Is finding security holes a good idea?, Workshop on Economics and Information Security 2004, May 2004, (PDF).

Modadugu, N., Rescorla, E., The Design and Implementation of Datagram TLS, Proceedings of NDSS 2004, February 2004. (PDF).

Rescorla, E., Optimal Time to Patch Revisited, working paper. (PDF).

Rescorla, E., Security holes... Who cares?, Proceedings of the 12th USENIX Security Conference, August 2003 (PDF)

Rescorla, E., Dick, K., Secure Auditing for SSL Transactions, working paper. (PDF)

Rescorla, E., Cain, A., Korver, B., SSLACC: A Clustered SSL Accelerator, Proceedings of the 11th USENIX Security Conference, August 2002. (PDF).

Rescorla, E., An Introduction to OpenSSL Programming Originally published in Linux Journal. Current version available here.

 

Talks

Rescorla, E., What's the worst that could happen?, DIMACS Workshop on Cryptography: Theory Meets Practice, October 2004. PDF.

Rescorla, E. Security Holes... Who Cares?, 12th USENIX Security Symposium, August 2003. Slides (in PDF)

Rescorla, E. The Internet is Too Secure Already, Invited Talk, 12th USENIX Security Symposium, August 2003. Slides (in PDF)

 

RFCs

Rescorla, E., Korver, B., IAB, Guidelines for Writing RFC Text on Security Considerations, RFC 3552, July 2003. (Text)

Jungmaier, A. Rescorla, E., Tuexen, M., Transport Layer Security over Stream Control Transmission Protocol, RFC 3436, December 2002. (Text)

Rescorla, E., Preventing the Million Message Attack on Cryptographic Message Syntax, RFC 3218, January 2002. (Text)

Rescorla, E., HTTP over TLS, RFC 2818, May 2000. (Text)

Rescorla, E., Schiffman, A.The Secure HyperText Transfer Protocol, RFC 2660, August 1999. (Text)

Rescorla, E., Schiffman, A.Security Extensions for HTML, RFC 2661, August 1999. (Text)

Rescorla, Diffie-Hellman Key Agreement Method, RFC 2631, June 1999. (Text)

 

Internet Drafts

Rescorla, E., Writing Protocol Models, draft-iab-model-02.txt, September 2004. (Text).

Dierks, T., Rescorla, E. (editors), The TLS Protocol Version 1.0, draft-ietf-tls-rfc2246-bis-08.txt, August 2004, (Text).

Rescorla, E., Modadugu, N., Datagram Transport Layer Security, draft-rescorla-dtls-01.txt, July 2004. (Text).

Rescorla, E., A Survey of Authentication Mechanisms>, draft-iab-auth-mech-03.txt, October 2003. (Text).

Software

ssldump: SSL protocol dumper

ssldump is a freely available network analyzer that can display SSL connections and even decrypt them, given the appropriate keying material.  

PureTLS

PureTLS is an Open Source pure Java SSLv3/TLS implementation.

Web Log

You can also find various writings on security and other topics on my web log, Educated Guesswork.

RTFM Home Page