See Teams for the class teams and responsibilities.
| Date | Topic | Cinnamon | Poppyseed | Sesame |
| Class 1 (20 Jan) | Intro | Plan | Blog | Plan |
| Class 2 (27 Jan) | Padding Oracle Attacks | Lead | Food | Blog |
| Class 3 (3 Feb) | Logjam/DROWN | Blog | Lead | Food |
| Class 4 (10 Feb) | Certificates | Food | Blog | Lead |
| Class 5 (17 Feb) | Verification and Testing | Lead | Food | Blog |
| Class 6 (24 Feb) | Side Channels | Blog | Lead | Food |
| Class 7 (3 Mar) | TLS Interception | Food | Blog | Lead |
| Spring Break |
| Date | Topic | Team Mango | Team Pineapple |
| Class 8 (17 Mar) | Usable Security | Lead | Blog, Food |
| Class 9 (24 Mar) | TLS 1.3 | Blog, Food | Lead |
| Class 10 (31 Mar) | Project Reviews | ||
| Class 11 (7 Apr) | TLS Everywhere | Lead | Blog, Food |
| Class 12 (14 Apr) | Future of TLS | Blog, Food | Lead |
| Class 13 (21 Apr) | Post-Quantum Crypto, Progress | ||
| Class 14 (28 Apr) | Mini-Conference | ||
Class 1 - Introduction
- The First Few Milliseconds of an TLS 1.2 Connection
Class 2: Oracle Padding Attacks
- Analysis of the SSL 3.0 Protocol
- Security Flaws Introduced by CBC Padding
- Here Come The XOR Ninjas
- Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
- SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements
- CONIKS: Bringing Key Transparency to End Users
- Defeating SSL Using SSLstrip
Class 5: Verification and Testing
- Heartbleed, The CRIME Attack, Understanding Apple ‘goto fail’ Vulnerability
- Differential Testing: Using Frankencerts for Automated Adversarial Testing of Certificate Validation, An empirical study of goto in C code from GitHub repositories
- Verification: Verifying s2n HMAC with SAW, Implementing TLS with Verified Cryptographic Security, Software Foundations
- Extra late-breaking news: SHA-1 Collisions, Cloudflare Leak
- Remote Timing Attacks are Practical
- Remote Timing Attacks are Still Practical