Clean up references and add authors

Author: drbruced12

authors.rst

@@ -9,7 +9,7 @@ introductory textbook, along with several new books focused on
 emerging topics in network and cloud systems, are available as open
 source at https://systemsapproach.org.
 
-Larry spent most of his career in academia, first at the Unviersity of
+Larry spent most of his career in academia, first at the University of
 Arizona and later at Princeton University, where he was the
 Robert E. Kahn Professor of Computer Science. While at Princeton he
 directed the PlanetLab Consortium, building a global testbed for

conf.py

@@ -39,8 +39,8 @@ def get_version():
 # -- Project information -----------------------------------------------------
 
 project = u'Network Security: A Systems Approach'
-copyright = u'2024, Systems Approach LLC (Publisher)'
-author = u'The Author List'
+copyright = u'2025, Systems Approach LLC (Publisher)'
+author = u'Larry L. Peterson and Bruce S. Davie'
 
 # -- General configuration ---------------------------------------------------
 
@@ -185,7 +185,7 @@ def get_version():
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
     (master_doc, 'book.tex', u'Network Security: A Systems Approach',
-     u'The Author List ', 'manual', True),
+     u'Larry L. Peterson and Bruce S. Davie', 'manual', True),
 ]
 
 latex_toplevel_sectioning = 'chapter'

crypto.rst

@@ -19,7 +19,7 @@ a challenge that we tackle in the next chapter.
 Once we have a set of cryptographic algorithms and a way to distribute
 keys, we are in a position to build protocols that enable secure
 communication between participants. Later chapters describes several
-such security protocols, culminating in a description of complete
+such security protocols, culminating in the description of complete
 systems that use these protocols.
 
 3.1 Principles of Ciphers
@@ -46,13 +46,14 @@ its corresponding decryption function is called a *cipher*.
    Secret-key encryption and decryption.
 
 As we noted in the previous chapter, the principle of open design has
-been proposed for security technologies since at
-least 1975. Cryptography has a much longer history than that, however,
+been proposed for security technologies since at least 1975.
+Cryptography has a much longer history than that, however,
 going back thousands of years. One of the leading cryptographers of
 the 19th century, Auguste Kerckhoffs, stated in 1883 that
 cryptographic system designs themselves should not be secret, but
 should be parameterized by an easily changeable *key*; only the key
-should need to be secret. This also follows the principle from Chapter 2 of minimizing secrets.
+should need to be secret. This also follows the principle from Chapter
+2 of minimizing secrets.
 
 One reason for open design is that, if you were to depend on the
 cipher being kept secret, then you would have to retire the cipher
@@ -66,8 +67,9 @@ algorithms, while implemented in software, are the result of lengthy
 processes of development, testing, analysis and standardization; all
 of this makes the algorithms expensive to replace.
 
-Because cryptography algorithms are expensive to replace, they are
-typically treated as plugable modules in the end-to-end security
+Because cryptography algorithms are expensive to replace, but are
+occasionally found to be vulnerable after years of use, they are
+typically treated as pluggable modules in the end-to-end security
 solutions described in the following chapters.  In many cases, the
 algorithm is a selectable parameter of those solutions, which means
 the overall system does not become obsolete just because one of its
@@ -621,15 +623,15 @@ by XORing the key with a string and using that as the first block fed
 to the hash). The two passes of the keyed-hash function are important
 to the proof of security for this HMAC construction.
 
-.. let's delete this incorrect pic for now
-  .. _fig-macAndHmac:
-  .. figure:: figures/f08-05-modified.png
+.. let's delete this incorrect pic for now; unclear if a new picture
+   adds much
+   .. _fig-macAndHmac:
+   .. figure:: figures/f08-05-modified.png
    :width: 300px
    :align: center
 
    Computing a hashed message authentication code (HMAC).
 
-.. this appears to be out of date, see https://en.wikipedia.org/wiki/HMAC#Design_principles
 
 
 Up to this point, we have been assuming that the message wasn’t

index.rst

@@ -8,7 +8,7 @@
 Network Security: A Systems Approach
 ===========================================
 
-The Authors
+Peterson and Davie
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 |

infra.rst

@@ -102,12 +102,12 @@ more difficult to address.
 .. _reading_threat:
 .. admonition::  Further Reading
 
-   Geoff Huston. `A Survey on Securing Inter-Domain Routing Part 1 –
+   G. Huston. `A Survey on Securing Inter-Domain Routing Part 1 –
    BGP: Design, Threats and Security Requirements
    <https://labs.apnic.net/index.php/2021/08/03/a-survey-on-securing-inter-domain-routing-part-1-bgp-design-threats-and-security-requirements/>`__.
    APNIC Blog, August 2021.
 
-   Peterson, L. and Davie, B. `Computer Networks: A Systems Approach. Interdomain
+   L. Peterson and B. Davie. `Computer Networks: A Systems Approach. Interdomain
    Routing <https://book.systemsapproach.org/scaling/global.html#interdomain-routing-bgp>`__.
 
 
@@ -164,7 +164,7 @@ certain prefix, how do we know that they really have this path?
 .. _reading_BGPTLS:
 .. admonition::  Further Reading
 
-   Thomas Wirtgen, Nicolas Rybowski, Cristel Pelsser, Olivier
+   T. Wirtgen, N. Rybowski, C. Pelsser, O.
    Bonaventure. `The Multiple Benefits of Secure Transport for
    BGP <https://conferences.sigcomm.org/co-next/2024/files/papers/p186.pdf/>`__.
    ACM CONEXT, December 2024.
@@ -259,11 +259,11 @@ describe three different uses of the RPKI in the following sections.
 
 .. admonition::  Further Reading
 
-   Sharon Goldberg. `Why Is It Taking So Long to Secure Internet
+   S. Goldberg. `Why Is It Taking So Long to Secure Internet
    Routing? <https://dl.acm.org/doi/pdf/10.1145/2668152.2668966/>`__
    ACM Queue, August 2014.
 
-   Cecilia Testart and David Clark. `A Data-Driven Approach to
+   C. Testart and D. Clark. `A Data-Driven Approach to
    Understanding the State of Internet Routing Security
    <https://faculty.cc.gatech.edu/~ctestart8/publications/RoutingSecTPRC.pdf>`__. TPRC
    48, February 2021.
@@ -526,7 +526,7 @@ in the following section.
 .. _reading_bgpsec:
 .. admonition::  Further Reading
 
-   Robert Lychev, Sharon Goldberg and Michael Schapira. `BGP security
+   R. Lychev, S. Goldberg and M. Schapira. `BGP security
    in partial deployment: is the juice worth the squeeze? <https://dl.acm.org/doi/10.1145/2534169.2486010>`__ ACM
    SIGCOMM, August 2013.
 
@@ -604,7 +604,7 @@ quite good incremental deployment properties, another advantage over BGPsec.
 .. _reading_aspa:
 .. admonition::  Further Reading
 
-   Alexander Azimov et al. `BGP AS_PATH Verification Based on
+   A, Azimov et al. `BGP AS_PATH Verification Based on
    Autonomous System Provider Authorization (ASPA) Objects <https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/>`__. Internet
    draft, work in progress.
 
@@ -748,11 +748,11 @@ effects in and beyond China.
 .. _reading_dns:
 .. admonition:: Further Reading
 
-   Peterson, L. and Davie, B. `Computer Networks: A Systems
+   L. Peterson and B. Davie. `Computer Networks: A Systems
    Approach. Name Service (DNS)
    <https://book.systemsapproach.org/applications/infrastructure.html#name-service-dns>`__.
 
-   Derek Atkins and Ron Austein. `Threat Analysis of the Domain Name
+   D. Atkins and R. Austein. `Threat Analysis of the Domain Name
    System (DNS) <https://www.rfc-editor.org/info/rfc3833/>`__. RFC 3833,
    August 2004.
 
@@ -864,7 +864,7 @@ recently.
 .. _reading_dnstime:
 .. admonition:: Further Reading
 
-   Geoff Huston. `Calling Time on DNSSEC?
+   G. Huston. `Calling Time on DNSSEC?
    <https://labs.apnic.net/index.php/2024/05/27/calling-time-on-dnssec/>`__
    APNIC Blog, May 2024.
 
@@ -942,15 +942,15 @@ for the target function.
 .. _reading_doh:
 .. admonition:: Further Reading
 
-   Hu, Z., et al. `Specification for DNS over Transport Layer
+   Z. Hu, et al. `Specification for DNS over Transport Layer
    Security (TLS) <https://www.rfc-editor.org/info/rfc7858>`__. RFC 7858, May 2016.
 
-   Hoffman, P. and P. McManus. `DNS Queries over HTTPS (DoH)
+   P. Hoffman and P. McManus. `DNS Queries over HTTPS (DoH)
    <https://www.rfc-editor.org/info/rfc8484>`__. RFC 8484,
    October 2018.
 
-   Schmitt, Paul and Edmundson, Anne and Mankin, Allison and Feamster,
-   Nick. `Oblivious DNS: Practical Privacy for DNS Queries
+   P. Schmitt, A. Edmundson, A. Mankin, and N. Feamster. `Oblivious
+   DNS: Practical Privacy for DNS Queries
    <https://doi.org/10.1145/3340301.3341128>`__. Proc. 2019 Applied
    Networking Research Workshop, 2019.
 

intro.rst

@@ -86,7 +86,7 @@ written soon afterwards.
 
 .. admonition:: Further Reading
 
-  Donn Seeley. `A Tour of the
+  D. Seeley. `A Tour of the
   Worm <http://www.cs.unc.edu/~jeffay/courses/nidsS05/attacks/seely-RTMworm-89.html>`__.
 
 What we present in this book is a systems perspective on the

principles.rst

@@ -170,7 +170,8 @@ authentication, was not put in place correctly.
 2.3.2 Principle of Least Privilege
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The principle of least privilege has a long history in computer
-science, having been proposed by Saltzer and Schroeder in 1975. The
+science, having been proposed by Saltzer and Schroeder in 1975 (see
+the Further Reading). The
 principle states:
 
   "Every program and every user of the system should operate using the
@@ -282,6 +283,16 @@ application.\ [#]_
    illustrating that security is only one of many system requirements
    taken into consideration.
 
+In an OS setting, the principle of least common mechanism is related to
+the principle of least privilege since the common platform (kernel)
+runs with greater privilege. This is because minimizing the number of
+mechanisms that require elevated kernel privilege also minimizes the
+privilege required across all mechanisms that make up a system. In a
+network setting, the principle is related to the
+end-to-end-argument. That is, it is best to avoid putting functions
+such as encryption into the network when the user is likely to need
+end-to-end encryption anyway.
+
 .. admonition:: Further Reading
 
   G. Popek. `A Principle of Kernel Design
@@ -298,15 +309,6 @@ application.\ [#]_
   Design <https://dl.acm.org/doi/abs/10.1145/357401.357402>`__.  ACM
   Transactions on Computer Systems. November 1984.
 
-In an OS setting, the principle of least common mechanism is related to
-the principle of least privilege since the common platform (kernel)
-runs with greater privilege. This is because minimizing the number of
-mechanisms that require elevated kernel privilege also minimizes the
-privilege required across all mechanisms that make up a system. In a
-network setting, the principle is related to the
-end-to-end-argument. That is, it is best to avoid putting functions
-such as encryption into the network when the user is likely to need
-end-to-end encryption anyway.
 
 2.3.6 Design for Iteration
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -408,13 +410,13 @@ principles covered above include several that were drawn from the
 influential paper by Saltzer and Schroeder from 1975. That is the same
 Saltzer whose book (with Kaashoek) we referred to in Chapter 1. The
 fact that many of the principles from the 1975 paper reappear in the
-2009 is probably a sign that Saltzer had some confidence that these
+2009 book is probably a sign that Saltzer had some confidence that these
 principles have stood the test of time. We recommend reading the
 entire paper.
 
 .. admonition:: Further Reading
 
-  Jerome Saltzer and Michael Schroeder. `The Protection of Information
+  J. Saltzer and M. Schroeder. `The Protection of Information
   in Computer Systems
   <http://web.mit.edu/Saltzer/www/publications/protection/index.html>`__. In
   Proceedings of the IEEE, 1975.

tls.rst

@@ -512,12 +512,12 @@ SIGCOMM 2017.
 
    A. Langley *et al.*
    `The QUIC Transport Protocol: Design and Internet-Scale Deployment
-   <https://research.google/pubs/the-quic-transport-protocol-design-and-internet-scale-deployment/>`__.
-   SIGCOMM 2017.
+   <https://doi.org/10.1145/3098822.3098842>`__.
+   Proc. ACM SIGCOMM, August 2017.
 
-   We also covered the impact of QUIC on congestion control in our book
-   on TCP Congestion Control.
-   `TCP Congestion Control: A Systems Approach <https://tcpcc.systemsapproach.org>`__.
+   L. Peterson, L. Brakmo, and B. Davie, `TCP Congestion Control: A
+   Systems Approach
+   <https://tcpcc.systemsapproach.org/variants.html#http-performance-quic>`__.
 
 
 6.5 A Systems View of TLS