originality -> freshness; formatting of citations

Author: drbruced12

authentication.rst

@@ -15,15 +15,16 @@ could be replayed, appearing to the website as though you had ordered
 more of the same. Even though it wasn’t the original incarnation of
 the message, its authentication code would still be valid; after all,
 the message was created by you, and it wasn’t modified. Clearly, we
-need a solution that ensures *originality*.
+need a solution that ensures *freshness*.
 
 In a variation of this attack called a *suppress-replay attack*, an
 adversary might merely delay your message (by intercepting and later
 replaying it), so that it is received at a time when it is no longer
 appropriate. For example, an adversary could delay your order to buy
 stock from an auspicious time to a time when you would not have wanted
-to buy. Although this message would in a sense be the original, it
-wouldn’t be timely. So we also need to ensure *timeliness*. Originality
+to buy. Although this message would in a sense be fresh (it hasn't
+been sent before), it
+wouldn’t be timely. So we also need to ensure *timeliness*. Freshness
 and timeliness may be considered aspects of integrity. Ensuring them
 will in most cases require a nontrivial, back-and-forth protocol.
 
@@ -32,7 +33,7 @@ key. A session key is a secret-key cipher key generated on the fly and
 used for just one session. This too involves a nontrivial protocol.
 
 What these two issues have in common is authentication. If a message is
-not original and timely, then from a practical standpoint we want to
+not fresh and timely, then from a practical standpoint we want to
 consider it as not being authentic, i.e., not being from whom it claims to be.
 And, obviously, when you are arranging to share a new session key with
 someone, you want to know you are sharing it with the right person.
@@ -47,15 +48,15 @@ Diffie-Hellman key exchange in its simplest form does not provide
 authentication, but in practical usage it is almost always combined
 with an authentication protocol.
 
-There is a core set of techniques used to ensure originality and
+There is a core set of techniques used to ensure freshness and
 timeliness in authentication protocols. We describe those techniques
 before moving on to particular protocols.
 
-5.1 Originality and Timeliness Techniques
+5.1 Freshness and Timeliness Techniques
 -------------------------------------------
 
 We have seen that authentication codes alone do not enable us to detect
-messages that are not original or timely. One approach is to include a
+messages that are not fresh or timely. One approach is to include a
 timestamp in the message. Obviously the timestamp itself must be
 tamperproof, so it must be covered by the message authentication code. The primary
 drawback to timestamps is that they require distributed clock

firewall.rst

@@ -422,8 +422,8 @@ we recommend our companion book on software-defined networks.
 .. admonition:: Further Reading
 
    L. Peterson, C. Cascone, B. O’Connor, T. Vachuska,
-      and B. Davie. `Software-Defined Networks: A Systems
-      Approach <https://sdn.systemsapproach.org>`__.
+   and B. Davie. `Software-Defined Networks: A Systems
+   Approach <https://sdn.systemsapproach.org>`__.
 
 9.4 Zero Trust Security
 -------------------------
@@ -545,17 +545,13 @@ and authorization” although it's less memorable.
 .. admonition:: Further Reading
 
    S. Rose, O. Borchert, S. Mitchell, S. Connelly. `Zero Trust
-      Architecture
-      <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf>`__. NIST, 2020.
+   Architecture <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf>`__. NIST, 2020.
 
-   C. Cunningham. `A Look Back At Zero Trust: Never Trust, Always
-      Verify
-      <https://www.forrester.com/blogs/a-look-back-at-zero-trust-never-trust-always-verify/>`__. Forrester, 2020.
+   C. Cunningham. `A Look Back At Zero Trust: Never Trust, Always Verify
+   <https://www.forrester.com/blogs/a-look-back-at-zero-trust-never-trust-always-verify/>`__. Forrester, 2020.
 
    R. Ward and B. Beyer. `BeyondCorp: A New Approach to Enterprise
-      Security
-      <https://www.usenix.org/system/files/login/articles/login_dec14_02_ward.pdf>`__.
-      ;login:, Usenix, 2014.
+   Security <https://www.usenix.org/system/files/login/articles/login_dec14_02_ward.pdf>`__. ;login:, Usenix, 2014.
 
 9.5. Intrusion Detection and Prevention
 --------------------------------------------

infra.rst

@@ -108,13 +108,13 @@ more difficult to address.
 .. _reading_threat:
 .. admonition::  Further Reading
 
-   G. Huston. `A Survey on Securing Inter-Domain Routing Part 1 –
-   BGP: Design, Threats and Security Requirements
-   <https://labs.apnic.net/index.php/2021/08/03/a-survey-on-securing-inter-domain-routing-part-1-bgp-design-threats-and-security-requirements/>`__.
+   S. Murphy. `BGP Security Vulnerabilitiess
+   Analysis <https://www.rfc-editor.org/info/rfc4272>`__. RFC 4272, January 2006.
+ 
+   G. Huston. `A Survey on Securing Inter-Domain Routing Part 1. 
+   BGP: Design, Threats and Security Requirements <https://labs.apnic.net/index.php/2021/08/03/a-survey-on-securing-inter-domain-routing-part-1-bgp-design-threats-and-security-requirements/>`__.
    APNIC Blog, August 2021.
 
-   S. Murphy. `BGP Security Vulnerabilities Analysis <https://www.rfc-editor.org/info/rfc4272>`__. RFC 4272, 2006.
-
    L. Peterson and B. Davie. `Computer Networks: A Systems Approach. Interdomain
    Routing <https://book.systemsapproach.org/scaling/global.html#interdomain-routing-bgp>`__.
 

intro.rst

@@ -255,8 +255,8 @@ applicable to system security.
 
 .. admonition:: Further Reading
 
-  B. Schneier. Beyond Fear: Thinking Sensibly About Security in an
-     Uncertain World. Copernicus Books, 2003.
+   B. Schneier. Beyond Fear: Thinking Sensibly About Security in an
+   Uncertain World. Copernicus Books, 2003.
 
 It is also important to recognize that threats and trust are two sides
 of the same coin. A threat is a potential failure scenario that you
@@ -397,8 +397,8 @@ challenge. Security is easiest when the answer is always "no".
 
 .. admonition:: Further Reading
 
-  J. Saltzer and F. Kaashoek. `Principles of Computer System Design: An
-     Introduction. Chapter 11
-     <https://ocw.mit.edu/courses/res-6-004-principles-of-computer-system-design-an-introduction-spring-2009/pages/online-textbook/>`__. Morgan
-     Kaufmann Publishers, 2009.
+   J. Saltzer and F. Kaashoek. `Principles of Computer System Design: An
+   Introduction. Chapter 11
+   <https://ocw.mit.edu/courses/res-6-004-principles-of-computer-system-design-an-introduction-spring-2009/pages/online-textbook/>`__. Morgan
+   Kaufmann Publishers, 2009.
 

key-distro.rst

@@ -308,9 +308,9 @@ revocation can be found in the blog post below.
 .. admonition:: Further Reading
 
   J. Schank. `CRLite: Fast, private, and comprehensive certificate
-     revocation checking in Firefox
-     <https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/>`__. Mozilla
-     blog, August 2025.
+  revocation checking in Firefox
+  <https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/>`__. Mozilla
+  blog, August 2025.
 
 4.2 Distribution of Secret Keys
 ------------------------------------

principles.rst

@@ -56,7 +56,7 @@ whom we wish to communicate? Or how does a banking system know that
 the person behind a particular HTTP request is actually the account
 holder?
 
-Integrity also requires messages be *original* and *timely*, which is
+Integrity also requires messages be *fresh* and *timely*, which is
 threatened by the possibility data is captured and then retransmitted
 at some later time. This is known as a *replay attack*, where for
 example, we want to protect against an attacker repeatedly adding an

systems.rst

@@ -98,7 +98,7 @@ the need for any prior message exchange (and sidestepping some of the
 complexities described in the earlier chapter). Alice’s digital
 signature suffices to authenticate her. Although there is no proof
 that the message is timely, legitimate email isn’t guaranteed to be
-timely either. There is also no proof that the message is original,
+timely either. There is also no proof that the message is fresh,
 but Bob is an email user and probably a fault-tolerant human who can
 recover from duplicate emails (which, again, are not out of the
 question under normal operation anyway). Alice can be sure that only
@@ -292,7 +292,7 @@ three degrees of freedom. First, it is highly modular, allowing users
 (or more likely, system administrators) to select from a variety of
 cryptographic algorithms and specialized security protocols. Second,
 IPsec allows users to select from a large menu of security properties,
-including access control, integrity, authentication, originality, and
+including access control, integrity, authentication, freshness, and
 confidentiality. Third, IPsec can be used to protect narrow streams
 (e.g., packets belonging to a particular TCP connection being sent
 between a pair of hosts) or wide streams (e.g., all packets flowing
@@ -479,8 +479,8 @@ you to the paper.
 .. admonition:: Further Reading
 
    J. Donenfeld. `WireGuard: Next Generation Kernel Network Tunnel
-      <https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/WireGuard-next-generation-kernel-network-tunnel/>`__.
-      NDSS, 2017.
+   <https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/WireGuard-next-generation-kernel-network-tunnel/>`__.
+   NDSS, 2017.
 
 One of these types of tunnels plus a gateway or concentrator to
 terminate them is pretty much all that is needed to deliver a remote
@@ -646,7 +646,7 @@ networking, a topic we discuss in chapter 9.
 .. admonition:: Further Reading
 
    A. Pennarun. `How Tailscale Works <https://tailscale.com/blog/how-tailscale-works>`__.
-      Tailscale blog, 2020.
+   Tailscale blog, 2020.
 
 
 7.5 Web Authentication and Passkeys
@@ -957,7 +957,7 @@ a companion book.
 .. admonition:: Further Reading
 
    L. Peterson, O. Sunay, and B. Davie. `Private 5G: A Systems
-      Approach. <https://5g.systemsapproach.org>`__.
+   Approach. <https://5g.systemsapproach.org>`__.
 
 Assuming the AMF recognizes the IMSI, it initiates an authentication
 protocol with the device. There are a set of options for