7 files changed, 561 insertions, 0 deletions
diff --git a/doc/website/contents.rst b/doc/website/contents.rst
new file mode 100644
index 000000000..55c302d01
--- /dev/null
+++ b/doc/website/contents.rst
@@ -0,0 +1,15 @@
+
+Contents
+========================================
+
+.. toctree::
+
+   index
+   license
+   faq
+   download
+   pgpkey
+   credits
+   users
+   vcs
+   relnotes/index
diff --git a/doc/website/download.rst b/doc/website/download.rst
new file mode 100644
index 000000000..c537dec82
--- /dev/null
+++ b/doc/website/download.rst
@@ -0,0 +1,44 @@
+
+Getting The Latest Sources
+========================================
+
+All releases are signed with a :doc:`PGP key <pgpkey>`.
+
+Unsure which release you want? Check the :ref:`FAQ <devel_vs_stable>`.
+
+.. note::
+
+   If you are planning on developing an application using TLS, using
+   the latest 1.11 release instead of 1.10 is highly recommended.
+
+Current Stable Series (1.10)
+----------------------------------------
+
+The latest stable branch release is :doc:`relnotes/1_10_7`:
+:tgz:`1.10.7` (:tgz_sig:`sig <1.10.7>`),
+:tbz:`1.10.7` (:tbz_sig:`sig <1.10.7>`)
+
+Windows Installer
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Windows installers for use with Visual C++ 2010
+:installer_x86_32:`1.10.5` (:installer_sig_x86_32:`sig <1.10.5>`)
+and
+:installer_x86_64:`1.10.5` (:installer_sig_x86_64:`sig <1.10.5>`)
+are also available.
+
+Current Development Series (1.11)
+----------------------------------------
+
+The latest development release is :doc:`relnotes/1_11_6`:
+:tgz:`1.11.6` (:tgz_sig:`sig <1.11.6>`),
+:tbz:`1.11.6` (:tbz_sig:`sig <1.11.6>`)
+
+To access the latest unreleased sources, see :doc:`vcs`. A script also
+creates regular snapshots of trunk, which are available `here
+<https://files.randombit.net/botan/snapshots/>`_.
+
+.. note::
+
+   Versions 1.11.0 and later require a mostly-compliant C++11 compiler
+   such as Clang 3.1 or GCC 4.7.
diff --git a/doc/website/faq.rst b/doc/website/faq.rst
new file mode 100644
index 000000000..5cd66cabe
--- /dev/null
+++ b/doc/website/faq.rst
@@ -0,0 +1,270 @@
+
+Frequently Asked Questions
+========================================
+
+What is this thing?
+----------------------------------------
+
+Botan is a library written in C++ which provides a fairly high level
+and C++-ish interface to a number of different crypto algorithms. In
+addition to the bare algorithms there is also support for number of
+standards and de-facto standards like X.509v3 certificates, and
+various useful constructs like format-preserving encryption, all or
+nothing transforms, and secret splitting.
+
+Who wrote it?
+----------------------------------------
+
+It was started as a personal project by `Jack Lloyd
+<http://www.randombit.net>`_,who continues to be the maintainer and
+release manager. Since the first release in 2001, a number of
+individuals and organizations have :doc:`contributed <credits>`.
+
+.. _devel_vs_stable:
+
+Which release should I use?
+----------------------------------------
+
+The library is normally released along two different trees, termed
+stable and development. The stable tree is a branch off the main line,
+and typically only sees bug fixes; almost all new development occurs
+in the unstable/development releases. The primary issue is not
+stability of the program (bugs of course do occur, and are more likely
+to occur in code that is more in flux), but rather stability of API
+and ABI. In particular, you should not expect any level of ABI
+stability between releases on the development branch, and API changes
+may be made without notice. Feel free to send comments on API changes,
+or API problems, to the list.
+
+If you don't want to have to worry about tracking a moving target, and
+just want something that works, you'll probably prefer using the
+stable releases. If you want to get the latest features, the
+development releases are the obvious choice.
+
+If you want to ship a binary that is usable out of the box on a Linux
+distro that ships botan, you'll probably want to match versions with
+that distro; as of this writing most ship with 1.8 though some are
+moving to 1.10.
+
+If you're building an application that will embed botan into it
+(without relying on a shared library), you want to use an amalgamation
+build, which basically turns botan into a single header and a single
+source file which you can easily include in your existing application
+build. This feature is available in all versions of 1.10 and all later
+branches.
+
+Why do I get a SyntaxError when I run configure.py?
+----------------------------------------------------
+
+The ``configure.py`` script in 1.10 and later versions requires Python
+2.6 or higher. In Python 3 the exception catching syntax changed, and
+while 2.6 and 2.7 understand both syntaxes, 2.5 does not. If you see
+an error like this::
+
+   File "./configure.py", line 62
+     except OSError as e:
+                    ^
+   SyntaxError: invalid syntax
+
+Then you are using Python 2.5 (or earlier). For Python 2.5, a Perl
+one liner can fix the syntax::
+
+   perl -pi -e "s/except (.*) as (.*):/except $1, $2:/g" configure.py
+
+or in Python::
+
+   import re
+
+   lines = re.sub(r"except (.*) as (.*):", r"except \1, \2:",
+                  "".join(open("configure.py").readlines()))
+   open("configure.py", "w").write(lines)
+
+However Python 2.4 is missing a number of features and cannot be used
+to configure the build in 1.10; you'll need to upgrade to at least 2.5
+(or preferably 2.7 or 3.1).
+
+The self-test program can't locate the library
+-----------------------------------------------
+
+Are you sure either the current working directory ('.') or the
+directory botan is building into are in the dynamic library path? On
+many Unix systems this is controlled by the ``LD_LIBRARY_PATH``
+variable. You can add the currently directory to the list of
+directories to search with this Bourne shell command::
+
+  $ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:.
+
+If you install the library into a well known location like
+``/usr/local/lib``, then probably no particular
+``LD_LIBRARY_PATH`` needs to be set.
+
+My program aborts with any message
+----------------------------------------
+
+Does your main function wrap all code inside a try/catch block? If an
+exception is thrown and is not caught, many C++ runtimes simply crash
+the process without providing any sort of diagnostic.
+
+Is the library thread-safe?
+----------------------------------------
+
+Yes, botan is thread safe. However, because mutual exclusion depends
+on OS specific code, you must load a module to help. POSIX threads and
+Win32 critical sections are both supported out of the box, other
+thread libraries are very easy to add. To enable thread safe
+operation, include "thread_safe" in the string you pass to
+``Botan::LibraryInitializer`` constructor. If for whatever reason a
+working mutex implementation cannot be found, LibraryInitializer will
+throw an exception rather than continue operating in a bad state.
+
+How do I load this key generated by OpenSSL into botan?
+--------------------------------------------------------
+
+The encrypted key format used by the ``openssl`` command line tool is
+undocumented and apparently specific to OpenSSL. The easiest approach
+is to convert it to the (standard) PKCS #8 format, using::
+
+  openssl pkcs8 -topk8 -in my_key.pem
+
+Add ``-nocrypt`` to the command line if you want the resulting PKCS #8
+file to be unencrypted, otherwise it will ask you for a new password
+to use.
+
+For unencrypted keys, you can also manually decode the parameters
+using the existing PEM and BER support; see :botan-devel:`this post
+<2010-June/001156>` to the dev list for an example.
+
+Is botan FIPS 140 certified?
+----------------------------------------
+
+No version of botan has been certified under FIPS 140. This is
+unlikely to happen unless/until an organization is willing to fund and
+shepherd the validation process, which typically requires several
+months and many thousands of dollars.
+
+Is this thing safe to use?
+----------------------------------------
+
+The primary author/maintainer (Jack Lloyd) has 5+ years of experience
+reviewing code for security flaws, and has additionally performed
+several FIPS 140 validations of hardware and software crypto
+implementations. However the library has never undergone an
+*impartial* third-party security review, and thus it is entirely
+possible/probable that a number of exploitable flaws remain in the
+source. (If your company is interested in handling such a review,
+please contact the maintainers).
+
+There has been one known security flaw. Between versions 0.7.8
+(released Feb 2002) and 1.3.7 (released Dec 2003), the ``es_unix``
+module, which runs Unix programs to gather entropy for seeding a
+random number generator, ran programs by invoking the ``popen``
+library function with commands with no leading directory names. This
+means setuid or setgid programs that used this entropy source could be
+tricked into executing arbitrary programs via manipulation of the PATH
+variable. Later versions will only search through specific (presumed
+safe) directories like ``/usr/bin``; the list of directories to search
+can be controlled by the application.
+
+Is botan vulnerable to timing attacks?
+----------------------------------------
+
+Botan's public key implementations do make some attempt to defend
+against timing attacks; random blinding is used to protect all RSA,
+Rabin-Williams, ElGamal, and Diffie-Hellman private key operations.
+
+Public key algorithms implemented using the Chinese Remainder Theorem
+(RSA and Rabin-Williams) are subject to a catastrophic failure: if a
+computational error (either induced by an attacker or merely
+accidental) occurs during the private key operation, the private key
+can be revealed. Other, more subtle, fault attacks are possible against
+other schemes.  For this reason, private key operations are checked
+for consistency with the public key - if the results are not
+consistent, then an exception is thrown indicating an error has
+occurred rather than release information that might compromise the
+key.
+
+AES implementations are usually quite vulnerable to timing attacks.
+The table based implementation of AES included in botan uses small
+tables in the first and last rounds which makes such attacks somewhat
+more difficult. Alternate implementations of AES using SSSE3 and
+AES-NI instruction sets are also included, and run in constant time,
+but of course require a processor that supports these instruction
+sets.
+
+I think I've found a security flaw. What should I do?
+------------------------------------------------------------
+
+You can do any combination of:
+
+* Contact the current lead maintainer personally; currently
+  `Jack Lloyd <http://www.randombit.net>`_
+  (`personal PGP key <http://www.randombit.net/keys/pgpkey.html>`_)
+
+* Email the `development list
+  <http://lists.randombit.net/mailman/listinfo/botan-devel>`_
+
+* File a bug in `Bugzilla <http://bugs.randombit.net/>`_
+
+Does botan support SSL/TLS, SSH, S/MIME, OpenPGP...
+------------------------------------------------------------
+
+The latest development (1.11) releases support TLS up to TLS v1.2.
+The 1.10 releases support up to TLS v1.1 using a different design
+and API; new applications intending to use TLS should use 1.11.
+
+`NetSieben SSH <http://netsieben.com/products/ssh/>`_ is an open
+source SSHv2 client implementation that uses botan.
+
+There is currently no support for OpenPGP, CMS, OTR, or SSHv2 servers.
+
+Will it work on my platform XYZ??
+----------------------------------------
+
+It runs on most common operating systems and can be used with a number
+of different commercial and open source compilers, and is already
+included in most major package distributions, including
+\
+`Fedora <https://admin.fedoraproject.org/pkgdb/acls/name/botan>`_,
+`EPEL <http://dl.fedoraproject.org/pub/epel/6/SRPMS/repoview/botan.html>`_ (for RHEL/CentOS),
+`Debian <http://packages.debian.org/search?keywords=libbotan>`_,
+`Ubuntu <http://packages.ubuntu.com/search?keywords=botan>`_,
+`Gentoo <http://packages.gentoo.org/package/botan>`_,
+`Arch Linux <http://www.archlinux.org/packages/extra/x86_64/botan/>`_,
+`Slackbuild <http://slackbuilds.org/result/?search=Botan>`_,
+`FreeBSD <http://www.freshports.org/security/botan>`_,
+`NetBSD <ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/security/botan/README.html>`_,
+`Cygwin <http://cygwin.com/packages/botan/>`_,
+`MacPorts <http://www.macports.org/ports.php?by=name&substr=botan>`_,
+`OpenPKG <http://www.openpkg.org/product/packages/?package=botan>`_, and
+`T2 SDE <http://www.t2-project.org/packages/botan.html>`_
+
+The most common stumbling block is a compiler that is buggy or can't
+handle modern C++ (specifically, C++98). Most any recent release of
+GCC, Clang, Intel C++, Visual C++, etc are all fine. It is tested most
+heavily on Linux but especially the stable versions are built and
+tested across a range of Unices as well as OS X and Windows.
+
+Versions 1.11.0 and higher require a C++11 compiler as well as Boost
+filesystem (plus optional use of Boost asio). GCC 4.7.0 and Clang 3.1
+or higher should work. Visual C++ 2013 seems to support all the
+required features, but probably needs a bit of work, as Windows has
+not seen much attention.
+
+I'm not feeling this, what can I use instead?
+------------------------------------------------------------
+
+* `NaCl <http://nacl.cr.yp.to/>`_ (and portable derivatives such as
+  `libsodium <https://github.com/jedisct1/libsodium>`_) provide a
+  small selection of algorithms for ECC key exchange (Curve25519) and
+  message encryption and authentication (XSalsa20+Poly1305) carefully
+  implemented for performance and side channel security. It is an
+  excellent choice if you do not need compatability with any other
+  software.
+
+* `OpenSSL <http://www.openssl.org>`_ is written in C and mostly
+  targeted to being an SSL/TLS implementation but there is a lot of
+  other stuff in there as well. BSD plus wonky advertising clause.
+
+* `Crypto++ <http://www.cryptopp.com/>`_ is a C++ crypto library which
+  is roughly feature comparable to botan but with a very different
+  approach to the API. Boost license.
diff --git a/doc/website/index.rst b/doc/website/index.rst
new file mode 100644
index 000000000..c6b6c1b0b
--- /dev/null
+++ b/doc/website/index.rst
@@ -0,0 +1,30 @@
+
+Welcome
+========================================
+
+Botan is a crypto library for C++ released under the permissive
+:doc:`BSD-2 license <license>`.
+
+It provides useful things like SSL/TLS, X.509 certificates, ECDSA,
+AES, GCM, and bcrypt, plus a kitchen sink of crypto algorithms of
+various utility. A third party open source implementation of `SSHv2
+<http://www.netsieben.com/products/ssh/>`_ that uses botan is also
+available. In addition to C++ you can use botan from Python or Perl
+(both included in tree), or with `Node.js
+<https://github.com/justinfreitag/node-botan>`_.
+
+See the :doc:`faq` for a list of common questions and answers and
+:doc:`download` for information about getting the latest release.
+
+If you need help or have questions, send a mail to the `development
+mailing list
+<http://lists.randombit.net/mailman/listinfo/botan-devel/>`_.
+Patches, "philosophical" bug reports, announcements of programs using
+the library, and related topics are also welcome. If you find what you
+believe to be a bug, please file a ticket in `Bugzilla
+<http://bugs.randombit.net/>`_.
+
+The `manual <http://botan.randombt.net>`_ and
+`Doxygen reference <http://botan.randombit.net/doxygen>`_ for
+the most recent revision is available online.
+
diff --git a/doc/website/pgpkey.rst b/doc/website/pgpkey.rst
new file mode 100644
index 000000000..ef8827835
--- /dev/null
+++ b/doc/website/pgpkey.rst
@@ -0,0 +1,43 @@
+
+PGP Code Signing Key
+========================================
+
+.. highlight:: none
+
+The following PGP key is used to sign all releases::
+
+  pub   2048R/EFBADFBC 2004-10-30
+        Key fingerprint = 621D AF64 11E1 851C 4CF9  A2E1 6211 EBF1 EFBA DFBC
+  uid                  Botan Distribution Key
+
+  -----BEGIN PGP PUBLIC KEY BLOCK-----
+  Version: GnuPG v2.0.17 (GNU/Linux)
+
+  mQELBEGD1j0BCADHxPJkPcjJE+4Dlisx2hVc0Dj6JI1MSLrkM8R+2bOhVUSferxP
+  T1EMPhfrAdOHTAloyvRThJztnZsNKqfLL49GGcBLdEGAVNks1pG37Teze5Lx1XIu
+  zJFrozL2sqBy5C6nHpFgd1tcD68Rah2wp0u2cR9owXf1IqKdEfuo661+MTv7wTB1
+  4hKV75nB7ZO6676SEZRILYM+7RJwKAKEmEPJc6hEf94VXn9ecNzaTlHgYkjhz9db
+  LOd3od9XvuUw+LMR1dwBqMxbvR90MiXjbedDEkbArcZB9YOAIvEX/lC3qaW4XJt4
+  iwHWl/YVZEfALcvQywe2CDrH5hO794wd9MpBAAYptBZCb3RhbiBEaXN0cmlidXRp
+  b24gS2V5iQEqBBMBAgAUAhsDAh4BAheABQJKfFpnBBUKCQgACgkQYhHr8e+637xk
+  PQf/aOi78XenwwvFrwXOVIVTdZIf8rK1zJksf26h09UD8uVV6z5iiTcpn86+eN9p
+  6Ar8IH3tD+JuFnPSwZ/r9MNC2XZwenYo4Gb14jqM6/9hBe328vmeM4Y1G7bD4HrL
+  kgV5WEyokqm3zbp3FBLr3Vh68TAC5JB9aHevra+cCA2u3vBNI3YUM5z4TdO150P3
+  J00whkqImQEUni8bgxvllBLFM+uhucsX3HZWkoDEpotbg8yd0bqMkiPEyMr1OnJq
+  eDVDMrB5wnyLgLFfRAAw3mopM0C1PNOAHr/BIYiaDHX2OwnOfep8rMDoRVf2Ge0D
+  DBgsJJ6LduQHLeg403SHWL2F6YkCHAQTAQIABgUCQYPWUgAKCRBcD5boTsFta+r9
+  EACWVis7YcaGkKKgRB/5ox8rM36XVhMXdh/hnnGHt5rapbbRRkRHRcWU8WIcFO1A
+  59+TfwNNd8gN1MEt/5aX5KHWVKHBDexJgIxm6Dm1pisYHf/dnYQPM18hmqqwNlKY
+  97hFkPpHd7enrtc/SvGbQhhLXYlpwBrdMl76e9xJLnnrRQksxegGPo8cr+C9HTs1
+  Lwa8zzBxyBwYBYX+0moDkDShEhuXx6mEOXrGvQanJuIvpoIwGH+62E65MbJGlwWp
+  w/MAtm2jFhBIhGV0bqJCFp9zIgdNgfskBaPr0oilbuJQZqP0Iqe/6CCt4XkS51yW
+  ZqxjLAFpEpvDec4PGw3witKf/koGon9X8C035+nEjLBrWy18Q91vw2USyLI+mm9d
+  iMAS8pY2gomfxBO2VwYHJryZykjCYQkccRA1tHteRj4gqTObo0Ak47y5MnplTWwi
+  40oP7K2cfhCRBmMioxmYES4xsHEupfRBo3xr1Jq9q0t688WTT1NXHPMPoueF9mKZ
+  Cf2pa9aHsqBmWTm3sCaNQKGubCDBEUmJUyndmSatJyYM7NVYoUp6EfqMACFuTNdB
+  sjKMh7aWVikQpbJDfA1BIU3lZeqgjgrghVAWkEOBfhG0IVZj+RVCJpsqoTJ8asY2
+  VreArSCyr/VnLEnfuH/QpgvCiCbepo3E34DJt4SaAOO2ZohGBBARAgAGBQJMGVc1
+  AAoJEKY/LL36AvvMgsoAn2G7kXd09BF7ffk1Sfh174SVrvM9AKC7+R7x0+yV3SCd
+  JkkUOo3xR5cOxw==
+  =1QuR
+  -----END PGP PUBLIC KEY BLOCK-----
diff --git a/doc/website/users.rst b/doc/website/users.rst
new file mode 100644
index 000000000..7cb0d924a
--- /dev/null
+++ b/doc/website/users.rst
@@ -0,0 +1,118 @@
+
+Users
+========================================
+
+This is a list of some of the known users of botan. The open source
+projects might be helpful as an additional reference for library
+usage.
+
+If you'd like to be added to the list, email the development list.
+
+Open Source Software
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* `BIND 10 <http://www.isc.org/bind10>`_ the new version of the BIND
+  DNS server uses botan for various crypto operations.
+
+* `SoftHSM <http://trac.opendnssec.org/wiki/SoftHSM>`_ an open sourced
+  software PKCS #11 implementation, which is used as part of the
+  `OpenDNSSEC <http://www.opendnssec.org>`_ project.
+
+* `Qt Creator <http://qt.nokia.com/products/developer-tools>`_, an
+  IDE for building Qt applications.
+
+* `NetSieben's <http://netsieben.com/products/ssh/>`_
+  SSH library provides SSHv2 client connections for C++
+  applications, using botan for the crypto. (GPL or commercial)
+
+* `InSiTo <http://www.flexsecure.eu/insito/index.html>`_ is a library
+  for ePassports based on botan which was commissioned by the German
+  Federal Office for Information Security.
+
+* `QCA <http://delta.affinix.com/qca/>`_, the Qt Cryptographic
+  Architecture (part of KDE4) uses parts of botan as an `embedded
+  crypto provider
+  <http://quickgit.kde.org/?p=qca.git&a=tree&hb=master&f=src%2Fbotantools%2Fbotan>`_
+  and also has a `qca-botan plugin <http://quickgit.kde.org/?p=qca.git&a=tree&hb=master&f=plugins%2Fqca-botan>`_.
+
+* `TCHead <http://16s.us/TCHead/>`_ is a utility for analyzing
+  TrueCrypt volume headers.
+
+* `Octopod <http://code.google.com/p/octopod/>`_ is a
+  file sharing system.
+
+* `Silverlock <http://www.petroules.com/products/silverlock/>`_
+  is a GPL password management tool for Windows, OS X, and Linux.</p>
+
+* `Monotone <http://monotone.ca/>`_, a free distributed
+  version control system, uses botan for RSA authentication,
+  content hashing, and message authentication.
+
+* `Publimark <http://www.gleguelv.org/soft/publimark/index.html>`_
+  is a tool for hiding messages in an audio file.
+
+* `KeySafe <http://therning.org/magnus/computer/keysafe>`_,
+  a password application for GNOME
+
+* `SuSE <http://gcc.opensuse.org>`_ uses botan as part
+  of a test suite for the GCC optimizer.
+
+* `Openbench <http://www.exactcode.de/site/open_source/openbench/>`_,
+  an open source benchmark suite, uses botan as a component.
+
+* `VNCcrack <http://www.randombit.net/code/vnccrack/>`_
+  is a password cracker for the VNC authentication/response protocol.
+
+Commercial Software
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* `Hulu Desktop <http://www.hulu.com/labs/hulu-desktop>`_ uses botan
+  on Windows `(ref)
+  <http://download.hulu.com/HuluDesktop_ThirdPartyLicenses.txt>`_.
+
+* `Hitman Pro <http://www.surfright.nl/en>`_ is a malware
+  scanner for Windows.
+
+* `Flying Lab Software <http://www.burningsea.com>`_, a Seattle based
+  game developer, uses botan as a part of their user authentication
+  process.
+
+* `CryptoTE <http://idlebox.net/2009/cryptote/>`_ is a text editor
+  with integrated strong cryptography.
+
+* `TextEgg <http://www.textegg.com/>`_ is an encrypted document editor.
+
+* `Seagate <http://www.seagate.com/www/en-us/support/downloads/>`_
+  uses botan for the drive encryption in the Maxtor OneTouch III Mini
+  Edition hard drive.
+
+* `E.V.E. Paradox <http://www.entropicsoftware.com/eve/eve.html>`_, a
+  suite of games for Windows.
+
+Research Projects
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* `A Unified Approach to Intra-Domain Security
+  <http://www.csiir.ornl.gov/shue/research/securecom09.pdf>`_
+  describes a system by researches from Oak Ridge National Lab and
+  Indiana University that uses botan to secure ARP and DHCP.
+
+* `CLL: A Cryptographic Link Layer for Local Area Networks
+  <http://www.springerlink.com/content/c4681m76808l4621/>`_ describes
+  a network encryption system using botan. (One of the coauthors, Yves
+  Jerschow, also contributed a number of optimizations to the
+  library).
+
+* The system described in `Enabling Intrusion Detection in IPsec
+  Protected IPv6 Networks Through Secret-key Sharing
+  <http://www.dtic.mil/dtic/tr/fulltext/u2/a431510.pdf>`_.
+
+* `An experimental tamper detection system
+  <http://www.cis.udel.edu/~hiper/passages/papers/jochenMILCOM03.pdf>`_
+  designed by researchers from the University of Delaware and the US
+  Army Research Laboratory.
+
+* A prototype implementation of a telephony signal security system,
+  described in `Prototyping and evaluation of TCAPsec
+  <http://www.cs.kau.se/cs/education/courses/davddiss/Uppsatser_2007/D2007-04.pdf>`_
+  by Kang Chung and Mathilda Gustafsson.
diff --git a/doc/website/vcs.rst b/doc/website/vcs.rst
new file mode 100644
index 000000000..e2353ee53
--- /dev/null
+++ b/doc/website/vcs.rst
@@ -0,0 +1,41 @@
+
+Accessing Version Control
+========================================
+
+Botan's development occurs using a distributed version control system
+called `Monotone <http://www.monotone.ca>`_ (though there is also a
+mirror on `github <https://github.com/randombit/botan>`_). The main
+branch of development occurs on the branch named
+``net.randombit.botan``. To download that branch and set up a new
+workspace, run::
+
+   $ mtn db init --db=botan.mtn
+   $ mtn pull --db=botan.mtn mtn.randombit.net 'net.randombit.botan'
+   [...]
+   $ mtn checkout --db=botan.mtn --branch=net.randombit.botan
+   [...]
+
+By default the ``checkout`` command will place the workspace in a
+directory with the same name as the branch you are checking out. If
+you want a different directory name, just include it after the
+``--branch`` option (you can also rename this directory at any time).
+
+If this is the first time you've connected to the server, Monotone
+will print::
+
+  mtn: first time connecting to server mtn.randombit.net
+  mtn: I'll assume it's really them, but you might want to double-check
+  mtn: their key's fingerprint: 8c0b868f2247215c63c96983b1c8ca0f0f0cfd9a
+
+The fingerprint shown above was the correct one as of March 21, 2013.
+
+To pull further changes, from anywhere in the workspace run these
+commands::
+
+  $ mtn pull
+  [...]
+  $ mtn update
+  [summary of changes]
+
+The ``mtn update`` command will give you a summary of which files
+changed; to view the full changelog, run ``mtn log``.