\begin{thebibliography}{10}

\bibitem{smbdf}
S.~M. Bellovin.
\newblock {Distributed Firewalls}.
\newblock {\em {\it ;login:} magazine, special issue on security}, November
  1999.

\bibitem{x509}
Consultation Committee.
\newblock {\em X.509: The Directory Authentication Framework}.
\newblock International Telephone and Telegraph, International
  Telecommunications Union, Geneva, 1989.

\bibitem{dnssec}
D.~Eastlake and C.~Kaufman.
\newblock Dynamic {N}ame {S}ervice and {S}ecurity.
\newblock Internet RFC 2065, January 1997.

\bibitem{ikepaper}
Niklas Hallqvist and Angelos~D. Keromytis.
\newblock {Implementing Internet Key Exchange (IKE)}.
\newblock In {\em {Proceedings of the Annual USENIX Technical Conference}},
  June 2000.

\bibitem{rfc2409}
D.~Harkins and D.~Carrel.
\newblock The internet key exchange {(IKE)}.
\newblock Request for Comments (Proposed Standard) 2409, Internet Engineering
  Task Force, November 1998.

\bibitem{photuris}
P.~Karn and W.~Simpson.
\newblock Photuris: Session-key management protocol.
\newblock Request for Comments (Experimental) 2522, Internet Engineering Task
  Force, March 1999.

\bibitem{newAH}
S.~Kent and R.~Atkinson.
\newblock {IP} authentication header.
\newblock Request for Comments (Proposed Standard) 2402, Internet Engineering
  Task Force, November 1998.

\bibitem{newESP}
S.~Kent and R.~Atkinson.
\newblock {IP} encapsulating security payload {(ESP)}.
\newblock Request for Comments (Proposed Standard) 2406, Internet Engineering
  Task Force, November 1998.

\bibitem{newIPsec}
S.~Kent and R.~Atkinson.
\newblock Security architecture for the internet protocol.
\newblock Request for Comments (Proposed Standard) 2401, Internet Engineering
  Task Force, November 1998.

\bibitem{ipsecpaper}
A.~D. Keromytis, J.~Ioannidis, and J.~M. Smith.
\newblock {Implementing IPsec}.
\newblock In {\em Proceedings of Global Internet (GlobeCom) '97}, pages 1948 --
  1952, November 1997.

\bibitem{bsd4.4}
{Kirk McKusick, et. al.}
\newblock {\em The Design and Implementation of the 4.4BSD Operation System}.
\newblock Addison Wesley, 1996.

\bibitem{pkcs1}
RSA Laboratories.
\newblock {\em PKCS \#1: RSA Encryption Standard}, version 1.5 edition, 1993.
\newblock November.

\bibitem{McCa9301:BSD}
Steven McCanne and Van Jacobson.
\newblock A {BSD} packet filter: A new architecture for user-level packet
  capture.
\newblock In {\em Proceedings of USENIX Winter Technical Conference}, pages
  259--269, San Diego, California, January 1993. Usenix.

\bibitem{rfc2367}
D.~McDonald, C.~Metz, and B.~Phan.
\newblock {PF\_KEY Key Management API, Version 2}.
\newblock Request for Comments (Informational) 2367, Internet Engineering Task
  Force, July 1998.

\bibitem{dsa}
{D}igital {S}ignature {S}tandard, May 1994.

\bibitem{802.1d-d17}
Internetworking Task~Group of~IEEE~802.1.
\newblock Information technology -- telecommunication and information exchange
  between systems -- local and metropolitan area networks -- common
  specifications -- part 3: Media access control (mac) bridges.
\newblock Technical Report ISO/IEC Final DIS 15802-3, IEEE P802.1D/D17, LAN MAN
  Standards Committee of the IEEE Computer Society, May 1998.

\end{thebibliography}