link syntax

Author: sebix

report/attacks/correlations.md

@@ -4,8 +4,8 @@ Various existing research on this
 
 "Encrypted (Network) Traffic Classification"
 
-* https://www.sciencedirect.com/science/article/pii/S2090447923002502
-* https://ieeexplore.ieee.org/document/8622812
-* https://www.mdpi.com/2073-8994/13/6/1080
+* <https://www.sciencedirect.com/science/article/pii/S2090447923002502>
+* <https://ieeexplore.ieee.org/document/8622812>
+* <https://www.mdpi.com/2073-8994/13/6/1080>
 
 Does *not* depend on unencrypted SNI!

report/censorship.md

@@ -2,8 +2,8 @@
 
 ## RU
 
-* Russia disallowing CDNs in order to block ECH: https://github.com/net4people/bbs/issues/417
-  * https://therecord.media/russia-blocks-thousands-of-websites-that-use-cloudflare-service
+* Russia disallowing CDNs in order to block ECH: <https://github.com/net4people/bbs/issues/417>
+  * <https://therecord.media/russia-blocks-thousands-of-websites-that-use-cloudflare-service>
 
 ## CN
 
@@ -15,7 +15,7 @@
 ## KR
 
 - Blocking by SNI:
-	- https://www.bleepingcomputer.com/news/security/south-korea-is-censoring-the-internet-by-snooping-on-sni-traffic/
-	- https://www.technadu.com/south-korea-extend-site-blocking-snooping-sni/58125/
+	- <https://www.bleepingcomputer.com/news/security/south-korea-is-censoring-the-internet-by-snooping-on-sni-traffic/>
+	- <https://www.technadu.com/south-korea-extend-site-blocking-snooping-sni/58125/>
 - Workaround: VPNs and ESNI
 	- ESNI was removed from browses, ECH follows but harder to adopt

report/clients/browsers.md

@@ -23,7 +23,7 @@ SOCKS, HTTPS
 Downloaded via HTTP but signed by the CA
 Blocking the access to the lists is possible with packet inspection due to the traffic being unencrypted
 Browser soft-fail by default
-OCSP is dead: https://letsencrypt.org/2022/09/07/new-life-for-crls/
+OCSP is dead: <https://letsencrypt.org/2022/09/07/new-life-for-crls/>
 Work ongoing to fix these issues
 
 ### QUIC and SPDY

report/clients/tor.md

@@ -5,6 +5,6 @@ TOR’s architecture is designed to enhance security and privacy, which mitigate
 Contrary to Do53 and DoH, TOR employs an alternative approach, utilizing DNS over the TOR network and subsequently through the exit node.
 TOR inherently addresses the concerns that both DoH and ECH aim to resolve, particularly through its TOR onion services.
 
-- Detailed explanation on TOR's non-usage of DoH can be found here: https://lists.torproject.org/mailman3/hyperkitty/list/tor-dev@lists.torproject.org/thread/6GDO7CYEFIKID7QQCRVYVFNIVETWWWWY/#6ZBFGNSRPWRCEO7PVPSHHVLAOGF7KN3C
-- Discussion on DNS over HTTPS (DoH) in TOR: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30753
-- Discussion on Encrypted ClientHello (ECH) in TOR: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42144
+- Detailed explanation on TOR's non-usage of DoH can be found here: <https://lists.torproject.org/mailman3/hyperkitty/list/tor-dev@lists.torproject.org/thread/6GDO7CYEFIKID7QQCRVYVFNIVETWWWWY/#6ZBFGNSRPWRCEO7PVPSHHVLAOGF7KN3C>
+- Discussion on DNS over HTTPS (DoH) in TOR: <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30753>
+- Discussion on Encrypted ClientHello (ECH) in TOR: <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42144>

report/deployment/incentives.md

@@ -9,7 +9,7 @@ Various organizations that address humans in countries and regions with oppressi
 In all regions, the same applies to whistle-blower platforms which are possible under close observation by political, legal or corporate organizations.
 ## Malware - C2 operators
 
-Unencypted SNI/Client Hello and TLS Metadata (cipher suite lists, advertised extensions) are being used to identify malware-generated traffic, e.g.: https://blogs.cisco.com/security/detecting-encrypted-malware-traffic-without-decryption
+Unencypted SNI/Client Hello and TLS Metadata (cipher suite lists, advertised extensions) are being used to identify malware-generated traffic, e.g.: <https://blogs.cisco.com/security/detecting-encrypted-malware-traffic-without-decryption>
 Therefore operators of malware networks have an interest in staying stealthy and thus implementing ECH. Consequently, this will hinder these traffic-analysis.
 
 Currently, the usage of ECH is very low and thus in itself suspicious. To hide their ECH traffic, malware operators may be inclined to increase the general usage of ECH.

report/deployment/overview.md

@@ -35,7 +35,7 @@ Typically, DoH servers communicate with authoritative DNS servers using traditio
 - Which entity handles the rotation of these keys and reloads the web server configuration?
 - What component creates (or services) the WKECH directory, ensuring only public keys are exposed and private keys remain secure?
 - How is the ZF triggered after each key rotation, ideally operating separately on a different host?
-- For documentation, refer to: https://github.com/defo-project/ech-dev-utils#user-content-server-details.
+- For documentation, refer to: <https://github.com/defo-project/ech-dev-utils#user-content-server-details>.
 
 ## Complexity of Configuring the Zone Factory