added comments

Author: llpeterson

crypto.rst

@@ -1,15 +1,15 @@
-Chapter 3:  Cryptographic Building Blocks
-=================================
+Chapter 3:  Cryptographic Primatives
+======================================
 
 We introduce the concepts of cryptography-based security step by step.
 The first step is the cryptographic algorithms—ciphers and cryptographic
-hashes—that are introduced in this section. They are not a solution in
+hashes—that are introduced in this chapter. They are not a solution in
 themselves, but rather building blocks from which a solution can be
 built. Cryptographic algorithms are parameterized by *keys*, and a later
-section then addresses the problem of distributing the keys. In the next
+chapter then addresses the problem of distributing the keys. In the next
 step, we describe how to incorporate the cryptographic building blocks
 into protocols that provide secure communication between participants
-who possess the correct keys. A final section then examines several
+who possess the correct keys. The final chapter then examines several
 complete security protocols and systems in current use.
 
 3.1 Principles of Ciphers
@@ -259,7 +259,7 @@ decrypt the encrypted message, and, assuming that the result of the
 decryption matches the expected result, it can be concluded that the
 private key must have been used to perform the encryption. Exactly how
 this operation is used to provide authentication is the topic of a
-later section. As we will see, public-key ciphers are used primarily
+later chapter. As we will see, public-key ciphers are used primarily
 for authentication and to confidentially distribute secret (symmetric)
 keys, leaving the rest of confidentiality to secret-key ciphers.
 
@@ -452,6 +452,6 @@ this case, the entire ciphertext message is considered to be an
 authenticator.
 
 Although authenticators may seem to solve the authentication problem, we
-will see in a later section that they are only the foundation of a
+will see in a later chapter that they are only the foundation of a
 solution. First, however, we address the issue of how participants
 obtain keys in the first place.

intro.rst

@@ -1,6 +1,11 @@
 Chapter 1:  Introduction
 =========================
 
+.. This was original the Problem Statement in the full book.
+   One thing we might do in this Introduction is talk about
+   the Internet's history, and how the original threat model
+   (or lack thereof) get us to where we are today.
+
 Computer networks are typically a shared resource used by many
 applications representing different interests. The Internet is
 particularly widely shared, being used by competing businesses, mutually

key-distro.rst

@@ -28,8 +28,8 @@ session keys and predistributed keys:
    session key establishment but too slow to use for encrypting entire
    messages for confidentiality.
 
-This section explains how predistributed keys are distributed, and the
-next section will explain how session keys are then established. We
+This chapter explains how predistributed keys are distributed, and then
+explains how session keys are then established. We
 henceforth use “Alice” and “Bob” to designate participants, as is common
 in the cryptography literature. Bear in mind that although we tend to
 refer to participants in anthropomorphic terms, we are more frequently
@@ -178,7 +178,7 @@ decided these CAs and their keys can be trusted. A user can also add CAs
 to those that their browser recognizes as trusted. These certificates
 are accepted by Secure Socket Layer (SSL)/Transport Layer Security
 (TLS), the protocol most often used to secure Web transactions, which we
-discuss in a later section. (If you are curious, you can poke around in
+discuss in a later chapter. (If you are curious, you can poke around in
 the preferences settings for your browser and find the “view
 certificates” option to see how many CAs your browser is configured to
 trust.)
@@ -188,7 +188,7 @@ trust.)
 
 An alternative model of trust is the *web of trust* exemplified by
 Pretty Good Privacy (PGP), which is further discussed in a later
-section. PGP is a security system for email, so email addresses are the
+chapter. PGP is a security system for email, so email addresses are the
 identities to which keys are bound and by which certificates are signed.
 In keeping with PGP’s roots as protection against government intrusion,
 there are no CAs. Instead, every individual decides whom they trust and
@@ -290,7 +290,7 @@ Bob—using the keys that the KDC already shares with each of them—and
 generates a new session key for them to use. Then Alice and Bob
 communicate directly using their session key. Kerberos is a widely used
 system based on this approach. We describe Kerberos (which also provides
-authentication) in the next section. The following subsection describes
+authentication) in the next chapter. The following section describes
 a powerful alternative.
 
 4.3 Diffie-Hellman Key Exchange

systems.rst

@@ -1,10 +1,15 @@
 Chapter 6:   Example Systems
 ==============================
 
+.. Assuming we keep a substantial set of examples, we should look
+   for ways to highlight the underlying open source software (and the
+   general role open source plays in helping secure the Internet --
+   lots of eyes on the code).
+   
 We have now seen many of the components required to provide one or two
 aspects of security. These components include cryptographic algorithms,
 key predistribution mechanisms, and authentication protocols. In this
-section, we examine some complete systems that use these components.
+chapter, we examine some complete systems that use these components.
 
 These systems can be roughly categorized by the protocol layer at which
 they operate. Systems that operate at the application layer include
@@ -14,7 +19,7 @@ layer, there is the IETF’s Transport Layer Security (TLS) standard and
 the older protocol from which it derives, Secure Socket Layer (SSL). The
 IPsec (IP Security) protocols, as their name implies, operate at the IP
 (network) layer. 802.11i provides security at the link layer of wireless
-networks. This section describes the salient features of each of these
+networks. This chapter describes the salient features of each of these
 approaches.
 
 You might reasonably wonder why security has to be provided at so many
@@ -49,7 +54,7 @@ Pretty Good Privacy (PGP) is a widely used approach to providing
 security for electronic mail. It provides authentication,
 confidentiality, data integrity, and nonrepudiation. Originally devised
 by Phil Zimmerman, it has evolved into an IETF standard known as
-OpenPGP. As we saw in a previous section, PGP is notable for using a
+OpenPGP. As we saw in a previous chapter, PGP is notable for using a
 “web of trust” model for distribution of keys rather than a tree-like
 hierarchy.
 
@@ -94,7 +99,7 @@ Bob of the level of trust he has in Alice’s public key.
 Email has particular characteristics that allow PGP to embed an adequate
 authentication protocol in this one-message data transmission protocol,
 avoiding the need for any prior message exchange (and sidestepping some
-of the complexities described in the previous section). Alice’s digital
+of the complexities described in the previous chapter). Alice’s digital
 signature suffices to authenticate her. Although there is no proof that
 the message is timely, legitimate email isn’t guaranteed to be timely
 either. There is also no proof that the message is original, but Bob is

trust.rst

@@ -1,6 +1,9 @@
 Chapter 2:  Trust and Threats
 ==============================
 
+.. In addition to a general discussion of threats, this chapter
+   might also identify common threat models (and attack vectors).
+
 Before we address the how’s and why’s of building secure networks, it is
 important to establish one simple truth: We will inevitably fail. This
 is because security is ultimately an exercise in making assumptions