DICE design

:original-url: https://docs.google.com/document/d/1lrs2cEq8GjqSjLPWDcKwl8XYCYnChG2y0fWAgMLDlQI/edit pull

GPG

• Generate the perfect Key: https://alexcabal.com/creating-the-perfect-gpg-keypair/
• "Does GPG key expiration add to security?": http://security.stackexchange.com/questions/14718/does-openpgp-key-expiration-add-to-security?newreg=72720a55ed764868bb0a9d0b3a4c3809
• How to use authentication subkeys in gpg for SSH public key authentication: https://gist.github.com/andrewlkho/7373190
• Transition-statement with wget: https://blog.josefsson.org/2014/06/23/openpgp-key-transition-statement/
• Offline GnuPG Master Key and Subkeys on YubiKey NEO Smartcard: https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/
• Apache transition instructions: https://www.apache.org/dev/key-transition.html
• Use OFFLINE master keys: https://incenp.org/notes/2015/using-an-offline-gnupg-master-key.html & https://wiki.debian.org/Subkeys pull
• YUBICO PGPUser-Guide: https://github.com/drduh/YubiKey-Guide
• Compile new YUBICO GPG Applet: http://www.digitalllama.net/2014/03/importing-your-existing-gpg-key-into.html
• YUBICO genkeys In+Out of card: https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/
• CMD EXAMPLES: http://www.spywarewarrior.com/uiuc/gpg/gpg-com-4.htm
• GPG evaluation 2016: https://www.gnupg.org/conf/2016/openpgp-2016-a-few-concerns.pdf
• X509 sign:
  • https://raymii.org/s/tutorials/Sign_and_verify_text_files_to_public_keys_via_the_OpenSSL_Command_Line.html
  • SO1: http://security.stackexchange.com/questions/108163/sign-gnupg-master-key-with-own-x-509-certificate
  • SO Bridge: http://crypto.stackexchange.com/questions/11582/openpgp-x-509-bridge-how-to-verify-public-key/11709#11709
  • Signing policy and pgp<-->509 signig instructions: http://psmay.com/aught-six/key-signing-policy, Questions: http://psmay.com/notary/
  • Can we trust GPG? http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.97.9895&rep=rep1&type=pdf
  • GPG-key stats: http://pgp.science.uu.nl/stats/02b02f070712febd.html
  • on pgp model retirement: https://www.ctrlc.hu/~stef/blog/posts/on_pgp.html
  • https://eprint.iacr.org/2015/967
• Git:
  • https://github.com/blog/2338-sha-1-collision-detection-on-github-com
  • [1] https://blogs.technet.microsoft.com/srd/2012/06/06/flame-malware-collision-attack-explained/
  • [2] http://eprint.iacr.org/2014/871.pdf
  • [3] https://github.com/sprohaska/git-sha-x
  • [1] https://public-inbox.org/git/CA+55aFzJtejiCjV0e43+9oR3QuJK2PiFiLQemytoLpyJWe6P9w@mail.gmail.com/ [ - 2] https://public-inbox.org/git/alpine.LFD.2.20.1702281621050.22202@i7.lan/T/#u

ZK

ForwardSecureSignatures: http://www.cs.columbia.edu/~tal/papers/CJMM.pdf