Import initial strongswan 2.7.0 version into SVN.

1 files changed, 354 insertions, 0 deletions

diff --git a/doc/src/biblio.html b/doc/src/biblio.html
new file mode 100644
index 000000000..d84e4c2cb
--- /dev/null
+++ b/doc/src/biblio.html
@@ -0,0 +1,354 @@
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html">
+  <title>FreeS/WAN bibliography</title>
+  <meta name="keywords"
+  content="Linux, IPsec, VPN, security, FreeSWAN, bibliography">
+  <!--
+
+  Written by Sandy Harris for the Linux FreeS/WAN project
+  Freely distributable under the GNU General Public License
+
+  More information at www.freeswan.org
+  Feedback to users@lists.freeswan.org
+
+  CVS information:
+  RCS ID:          $Id: biblio.html,v 1.1 2004/03/15 20:35:24 as Exp $
+  Last changed:    $Date: 2004/03/15 20:35:24 $
+  Revision number: $Revision: 1.1 $
+
+  CVS revision numbers do not correspond to FreeS/WAN release numbers.
+  -->
+</head>
+
+<body>
+<h1><a name="biblio">Bibliography for the Linux FreeS/WAN project</a></h1>
+
+<p>For extensive bibliographic links, see the <a
+href="http://liinwww.ira.uka.de/bibliography/index.html">Collection of
+Computer Science Bibliographies</a></p>
+
+<p>See our <a href="web.html">web links</a> for material available online.</p>
+<hr>
+<a name="adams">Carlisle Adams and Steve Lloyd <cite>Understanding Public Key
+Infrastructure</cite><br>
+</a>Macmillan 1999 ISBN 1-57870-166-x
+
+<p>An overview, mainly concentrating on policy and strategic issues rather
+than the technical details. Both authors work for <a
+href="glossary.html#PKI">PKI</a> vendor <a
+href="http://www.entrust.com/">Entrust</a>.</p>
+<hr>
+<a name="DNS.book">Albitz, Liu &amp; Loukides <cite>DNS &amp; BIND</cite> 3rd
+edition<br>
+</a> O'Reilly 1998 ISBN 1-56592-512-2
+
+<p>The standard reference on the <a href="glossary.html#DNS">Domain Name
+Service</a> and <a href="glossary.html#BIND">Berkeley Internet Name
+Daemon</a>.</p>
+<hr>
+<a name="anderson">Ross Anderson</a>, <cite>Security Engineering - a Guide to
+Building Dependable Distributed Systems</cite><br>
+Wiley, 2001, ISBN 0471389226
+
+<p>Easily the best book for the security professional I have seen.
+<strong>Highly recommended</strong>. See the <a
+href="http://www.cl.cam.ac.uk/~rja14/book.html">book web page</a>.</p>
+
+<p>This is quite readable, but Schneier's <a href="#secrets">Secrets and
+Lies</a> might be an easier introduction.</p>
+<hr>
+<a name="puzzle">Bamford <cite>The Puzzle Palace, A report on NSA, Americas's
+most Secret Agency</cite><br>
+Houghton Mifflin 1982 ISBN 0-395-31286-8</a>
+<hr>
+Bamford <cite>Body of Secrets</cite>
+
+<p>The sequel.</p>
+<hr>
+<a name="bander">David Bander</a>, <cite>Linux Security Toolkit</cite><br>
+IDG Books, 2000, ISBN: 0764546902
+
+<p>This book has a short section on FreeS/WAN and includes Caldera Linux on
+CD.</p>
+<hr>
+<a name="CZR">Chapman, Zwicky &amp; Russell</a>, <cite>Building Internet
+Firewalls</cite><br>
+O'Reilly 1995 ISBN 1-56592-124-0
+<hr>
+<a name="firewall.book">Cheswick and Bellovin</a> <cite>Firewalls and
+Internet Security: Repelling the Wily Hacker</cite><br>
+Addison-Wesley 1994 ISBN 0201633574
+
+<p>A fine book on firewalls in particular and security in general from two of
+AT&amp;T's system adminstrators.</p>
+
+<p>Bellovin has also done a number of <a href="web.html#papers">papers</a> on
+IPsec and co-authored a <a href="intro.html#applied">paper</a> on a large
+FreeS/WAN application.</p>
+<hr>
+<a name="comer">Comer <cite>Internetworking with TCP/IP</cite><br>
+Prentice Hall</a>
+<ul>
+  <li>Vol. I: Principles, Protocols, &amp; Architecture, 3rd Ed. 1995
+    ISBN:0-13-216987-8</li>
+  <li>Vol. II: Design, Implementation, &amp; Internals, 2nd Ed. 1994
+    ISBN:0-13-125527-4</li>
+  <li>Vol. III: Client/Server Programming &amp; Applications
+    <ul>
+      <li>AT&amp;T TLI Version  1994 ISBN:0-13-474230-3</li>
+      <li>BSD Socket Version 1996 ISBN:0-13-260969-X</li>
+      <li>Windows Sockets Version 1997 ISBN:0-13-848714-6</li>
+    </ul>
+  </li>
+</ul>
+
+<p>If you need to deal with the details of the network protocols, read either
+this series or the <a href="#stevens">Stevens and Wright</a> series before
+you start reading the RFCs.</p>
+<hr>
+<a name="diffie">Diffie and Landau</a> <cite>Privacy on the Line: The
+Politics of Wiretapping and Encryption</cite><br>
+MIT press 1998 ISBN 0-262-04167-7 (hardcover) or 0-262-54100-9<br>
+
+<hr>
+<a name="d_and_hark">Doraswamy and Harkins <cite>IP Sec: The New Security
+Standard for the Internet, Intranets and Virtual Private Networks</cite><br>
+Prentice Hall 1999 ISBN: 0130118982</a>
+<hr>
+<a name="EFF"> Electronic Frontier Foundation <cite>Cracking DES: Secrets of
+Encryption Research, Wiretap Politics and Chip Design</cite><br>
+</a> O'Reilly 1998 ISBN 1-56592-520-3
+
+<p>To conclusively demonstrate that DES is inadequate for continued use, the
+<a href="glossary.html#EFF">EFF</a> built a machine for just over $200,000
+that breaks DES encryption in under five days on average, under nine in the
+worst case.</p>
+
+<p>The book provides details of their design and, perhaps even more
+important, discusses why they felt the project was necessary. Recommended for
+anyone interested in any of the three topics mentioned in the subtitle.</p>
+
+<p>See also the <a href="http://www.eff.org/descracker.html"> EFF page on
+this project </a> and our discussion of <a
+href="politics.html#desnotsecure">DES insecurity</a>.</p>
+<hr>
+Martin Freiss <cite>Protecting Networks with SATAN</cite><br>
+O'Reilly 1998 ISBN 1-56592-425-8<br>
+translated from a 1996 work in German
+
+<p>SATAN is a Security Administrator's Tool for Analysing Networks. This book
+is a tutorial in its use.</p>
+<hr>
+Gaidosch and Kunzinger<cite> A Guide to Virtual Private Networks</cite><br>
+Prentice Hall 1999 ISBN: 0130839647
+<hr>
+<a name="Garfinkel">Simson Garfinkel</a> <cite>Database Nation: the death of
+privacy in the 21st century</cite><br>
+O'Reilly 2000 ISBN 1-56592-653-6
+
+<p>A thoughtful and rather scary book.</p>
+<hr>
+<a name="PGP">Simson Garfinkel</a> <cite>PGP: Pretty Good Privacy</cite><br>
+O'Reilly 1995 ISBN 1-56592-098-8
+
+<p>An excellent introduction and user manual for the <a
+href="glossary.html#PGP">PGP</a> email-encryption package.  PGP is a good
+package with a complex and poorly-designed user interface. This book or one
+like it is a must for anyone who has to use it at length.</p>
+
+<p>The book covers using PGP in Unix, PC and Macintosh environments, plus
+considerable background material on both the technical and political issues
+around cryptography.</p>
+
+<p>The book is now seriously out of date. It does not cover recent
+developments such as commercial versions since PGP 5, the Open PGP standard
+or GNU PG..</p>
+<hr>
+<a name="practical">Garfinkel and Spafford</a> <cite>Practical Unix
+Security</cite><br>
+O'Reilly 1996 ISBN 1-56592-148-8
+
+<p>A standard reference.</p>
+
+<p>Spafford's web page has an excellent collection of<a
+href="http://www.cs.purdue.edu/coast/hotlist"> crypto and security
+links</a>.</p>
+<hr>
+<a name="Kahn">David Kahn</a> <cite>The Codebreakers: the Comprehensive
+History of Secret Communications from Ancient Times to the Internet</cite><br>
+second edition Scribner 1996 ISBN 0684831309
+
+<p>A history of codes and code-breaking from ancient Egypt to the 20th
+century. Well-written and exhaustively researched. <strong>Highly
+recommended</strong>, even though it does not have much on computer
+cryptography.</p>
+<hr>
+David Kahn <cite>Seizing the Enigma, The Race to Break the German U-Boat
+codes, 1939-1943</cite><br>
+Houghton Mifflin 1991 ISBN 0-395-42739-8
+<hr>
+<a name="kirch">Olaf Kirch</a> <cite>Linux Network Administrator's
+Guide</cite><br>
+O'Reilly 1995 ISBN 1-56592-087-2
+
+<p>Now becoming somewhat dated in places, but still a good introductory book
+and general reference.</p>
+<hr>
+<a name="LinVPN">Kolesnikov and Hatch</a>, <cite>Building Linux Virtual
+Private Networks (VPNs)</cite><br>
+New Riders 2002
+
+<p>This has had a number of favorable reviews, including <a
+href="http://www.slashdot.org/article.pl?sid=02/02/27/0115214&amp;mode=thread&amp;tid=172">this
+one</a> on Slashdot. The book has a <a
+href="http://www.buildinglinuxvpns.net/">web site</a>.</p>
+<hr>
+<a name="RFCs">Pete Loshin <cite>Big Book of IPsec RFCs</cite><br>
+Morgan Kaufmann 2000 ISBN: 0-12-455839-9</a>
+<hr>
+<a name="crypto">Steven Levy <cite>Crypto: How the Code Rebels Beat the
+Government -- Saving Privacy in the Digital Age</cite></a><br>
+Penguin 2001, ISBN 0-670--85950-8
+
+<p><strong>Highly recommended</strong>. A fine history of recent (about
+1970-2000) developments in the field, and the related political
+controversies. FreeS/WAN project founder and leader John Gilmore appears
+several times.</p>
+
+<p>The book does not cover IPsec or FreeS/WAN, but this project is very much
+another battle in the same war.  See our discussion of the <a
+href="politics.html">politics</a>.</p>
+<hr>
+<a name="GTR">Matyas, Anderson et al.</a> <cite>The Global Trust
+Register</cite><br>
+Northgate Consultants Ltd 1998 ISBN: 0953239705<br>
+hard cover edition MIT Press 1999 ISBN 0262511053
+
+<p>From<a href="http://www.cl.cam.ac.uk/Research/Security/Trust-Register">
+their web page:</a></p>
+
+<blockquote>
+  This book is a register of the fingerprints of the world's most important
+  public keys; it implements a top-level certification authority (CA) using
+  paper and ink rather than in an electronic system.</blockquote>
+<hr>
+<a name="handbook">Menezies, van Oorschot and Vanstone <cite>Handbook of
+Applied Cryptography</cite></a><br>
+CRC Press 1997<br>
+ISBN 0-8493-8523-7
+
+<p>An excellent reference. Read <a href="#schneier">Schneier</a> before
+tackling this.</p>
+<hr>
+Michael Padlipsky <cite>Elements of Networking Style</cite><br>
+Prentice-Hall 1985 ISBN 0-13-268111-0 or 0-13-268129-3
+
+<p>Probably <strong>the funniest technical book ever written</strong>, this
+is a vicious but well-reasoned attack on the OSI "seven layer model" and all
+that went with it. Several chapters of it are also available as RFCs 871 to
+875.</p>
+<hr>
+<a name="matrix">John S. Quarterman</a> <cite>The Matrix: Computer Networks
+and Conferencing Systems Worldwide</cite><br>
+Digital Press 1990  ISBN 155558-033-5<br>
+Prentice-Hall ISBN 0-13-565607-9
+
+<p>The best general treatment of computer-mediated communication we have
+seen. It naturally has much to say about the Internet, but also covers UUCP,
+Fidonet and so on.</p>
+<hr>
+<a name="ranch">David Ranch</a> <cite>Securing Linux Step by Step</cite><br>
+SANS Institute, 1999
+
+<p><a href="http://www.sans.org/">SANS</a> is a respected organisation, this
+guide is part of a well-known series, and Ranch has previously written the
+useful <a
+href=" http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#trinityos">Trinity
+OS</a> guide to securing Linux, so my guess would be this is a pretty good
+book. I haven't read it yet, so I'm not certain. It can be ordered online
+from <a href="http://www.sans.org/">SANS</a>.</p>
+
+<p>Note (Mar 1, 2002): a new edition with different editors in the works.
+Expect it this year.</p>
+<hr>
+<a name="schneier">Bruce Schneier</a> <cite>Applied Cryptography, Second
+Edition</cite><br>
+John Wiley &amp; Sons, 1996<br>
+ISBN 0-471-12845-7 hardcover<br>
+ISBN 0-471-11709-9 paperback
+
+<p>A standard reference on computer cryptography. For more recent essays, see
+the <a href="http://www.counterpane.com/">author's company's web site</a>.</p>
+<hr>
+<a name="secrets">Bruce Schneier</a><cite> Secrets and Lies</cite><br>
+Wiley 2000, ISBN 0-471-25311-1
+
+<p>An interesting discussion of security and privacy issues, written with
+more of an "executive overview" approach rather than a narrow focus on the
+technical issues. <strong>Highly recommended</strong>.</p>
+
+<p>This is worth reading even if you already understand security issues, or
+think you do. To go deeper, follow it with Anderson's <a
+href="#anderson">Security Engineering</a>.</p>
+<hr>
+<a name="VPNbook">Scott, Wolfe and Irwin <cite>Virtual Private
+Networks</cite></a><br>
+2nd edition, O'Reilly 1999 ISBN: 1-56592-529-7
+
+<p>This is the only O'Reilly book, out of a dozen I own, that I'm
+disappointed with. It deals mainly with building VPNs with various
+proprietary tools -- <a href="glossary.html#PPTP">PPTP</a>, <a
+href="glossary.html#SSH">SSH</a>, Cisco PIX, ... -- and touches only lightly
+on IPsec-based approaches.</p>
+
+<p>That said, it appears to deal competently with what it does cover and it
+has readable explanations of many basic VPN and security concepts. It may be
+exactly what some readers require, even if I find the emphasis
+unfortunate.</p>
+<hr>
+<a name="LASG">Kurt Seifried <cite>Linux Administrator's Security
+Guide</cite></a>
+
+<p>Available online from <a
+href="http://www.securityportal.com/lasg/">Security Portal</a>. It has fairly
+extensive coverage of IPsec.</p>
+<hr>
+<a name="Smith">Richard E Smith <cite>Internet Cryptography</cite><br>
+</a>ISBN 0-201-92480-3, Addison Wesley, 1997
+
+<p>See the book's <a
+href="http://www.visi.com/crypto/inet-crypto/index.html">home page</a></p>
+<hr>
+<a name="neal">Neal Stephenson <cite>Cryptonomicon</cite></a><br>
+Hardcover ISBN -380-97346-4, Avon, 1999.
+
+<p>A novel in which cryptography and the net figure prominently.
+<strong>Highly recommended</strong>: I liked it enough I immediately went out
+and bought all the author's other books.</p>
+
+<p>There is also a paperback edition. Sequels are expected.</p>
+<hr>
+<a name="stevens">Stevens and Wright</a> <cite>TCP/IP Illustrated</cite><br>
+Addison-Wesley
+<ul>
+  <li>Vol. I: The Protocols 1994 ISBN:0-201-63346-9</li>
+  <li>Vol. II: The Implementation 1995 ISBN:0-201-63354-X</li>
+  <li>Vol. III: TCP for Transactions, HTTP, NNTP, and the UNIX Domain
+    Protocols 1996 ISBN: 0-201-63495-3</li>
+</ul>
+
+<p>If you need to deal with the details of the network protocols, read either
+this series or the <a href="#comer">Comer</a> series before you start reading
+the RFCs.</p>
+<hr>
+<a name="Rubini">Rubini</a> <cite>Linux Device Drivers</cite><br>
+O'Reilly &amp; Associates, Inc. 1998 ISBN 1-56592-292-1
+<hr>
+<a name="Zeigler">Robert Zeigler</a> <cite>Linux Firewalls</cite><br>
+Newriders Publishing, 2000 ISBN 0-7537-0900-9
+
+<p>A good book, with detailed coverage of ipchains(8) firewalls and of many
+related issues.</p>
+</body>
+</html>