PKI : A Wiley Tech Brief [Paperback]

Thomas Austin (Author)

Book Description

ISBN-10: 0471353809 | ISBN-13: 978-0471353805 | Publication Date: December 15, 2000 | Edition: 1

A plain-language tutorial on the most important security technology for Internet applications
With major efforts underway to standardize a successful public key infrastructure (PKI) system, there is a growing need among network and security managers for authoritative information on PKI technology. This book offers a plain-language tutorial for people with limited technical background but with acute business need to understand how PKI works. Written by a widely recognized expert in the field, Public Key Infrastructure Essentials explains how a successful PKI system can provide both security and privacy for Web-based applications through assigning encrypted keys to individuals or documents. Readers will find extensive business case studies and learn how to qualify vendors, write a Certification Practice Statement (CPS), build directories, and implement mechanisms for issuing, accepting, and revoking digital certificates.

Editorial Reviews

Amazon.com Review

Public key infrastructures (PKIs) are critical to all sorts of electronic security mechanisms. Though their machinations are often semiconcealed as part of operating systems, messaging environments, or database management systems, a working familiarity with the interior operations of PKIs can prove useful to all sorts of information technology experts. PKI: A Wiley Tech Brief explains PKIs at a level that's appropriate for experienced network administrators and security specialists who haven't looked into PKI technologies in a systematic way before. Tom Austin--an accomplished security consultant to begin with--has done his research, and he provides an accurate and readable assessment of the state of the art.

For a treatment of computer security and public-key encryption, this book has surprisingly little mathematical content. Instead, it focuses on the business case for PKI, and explains how various applications use trusted certificates. Key (pun intended) details get ample attention, including trusted and accurate time-stamping mechanisms, alternate certificate authorities, and PKI auditing. The procedure for acquiring certificates and establishing a PKI is also covered. It's the five case studies, though, that will most impress readers who prefer example to tutorial. The case studies show how organizations (including Perot Systems and the U.S. Patent and Trademark Office) implemented their PKIs. --David Wall

Topics covered: Public key infrastructures--why you might want one, and how to go about setting one up. Detailed explanations of what certificates and certificate authorities can do precede explanations of the efficiencies that PKI can create. Real-life PKI case studies conclude this specialized primer.

Review

"PKI is fast becoming the cornerstone of e-security, and this book provides an excellent perspective on PKI for both technology and business people." —Fran Rooney, CEO, Baltimore Technologies

"An excellent overview of PKI technology. A must read for anyone considering deployment of a public key infrastructure." —John A. Ryan, President & CEO, Entrust Technologies

"The organization of the book, and the choice and weighting of topics, are excellent. I am not aware of any other books on PKI that emphasize deployment and acquisition concerns like this one. The case studies and example RFP were particularly useful. This book will appeal to those in charge of procuring and operating a PKI." —Rich Ankney, Vice President, CertCo

A must read for anyone who will be involved assessing, recommending, approving, buying or implementing digital asset security at any level in a enterprise, but especially recommended for management, corporate IT security function, risk assessment group and legal department. Austin not only brings together an impressive array of authoritative experts, but also attains seamless topic integration presenting the right flow of ideas to the reader. Austin achieves a difficult balance between case studies and theory. Hard to imagine, but he succeeds delivering a PKI treatise with sufficient depth and breadth to please the initiated, yet easy to read from the boardroom to the heart of the IT function. —Juan Rodriguez-Torrent, PKI Forum founder, President & CEO Aposematic Corporation.

"Grounded in the real world of the business benefits PKI provides. Case studies show how PKI has been implemented by a variety of companies today, allowing readers to learn from the experiences of others without vendor hype or bias. Austin's conversational style that explains the nuts and bolts of PKI along with substantive, practical case studies make this book a must-have resource for anyone considering PKI deployment. —Debra Cameron, President, Cameron Consulting

"This thorough look at PKI will help to enrich understanding in the industry and help to move efforts in e-business forward." —Laura Rime, Global Marketing Manager, Identrus

See all Editorial Reviews

Product Details

• Paperback: 288 pages
• Publisher: Wiley; 1 edition (December 15, 2000)
• Language: English
• ISBN-10: 0471353809
• ISBN-13: 978-0471353805
• Product Dimensions: 9.1 x 7.3 x 0.6 inches
• Shipping Weight: 1.1 pounds
• Average Customer Review: 4.0 out of 5 stars  See all reviews (11 customer reviews)
• Amazon Best Sellers Rank: #1,391,769 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

12 of 12 people found the following review helpful:

5.0 out of 5 stars I Wish this had been written three years ago!, February 25, 2001

By 

Ronald Szoc (Washington, DC USA) - See all my reviews

This review is from: PKI : A Wiley Tech Brief (Paperback)

I think that Austin's Book, a PKI primer is the right book at the right time. It's a good introduction to the whole field of PKI with a great deal of breadth. I wish it had been written three years ago when I first started thinking about implementing PKI. (Full disclosure note: My company was one of the ones profiled in the book, but I hadn't seen any of the text of the book until its publication).

It's divided into five parts: Security Basics, PKI Technologies, PKI and Business Issues, Case Studies, and PKI Efforts Present and future. There are a total of 20 chapters spread out among those parts. The chapters in the first two parts are especially clear and offer a great introduction to this still new technology. The diagrams help the text and the text explain well what, in the end, are difficult concepts for the average business manager, even a technical one in charge of IT projects, to understand.

At the same time, the inclusion of the non-technological, but organizational related issues such as Certificate Practice Statements, evaluting vendor proposals, PKI audits, and others, rounds out the PKI "big picture". Like most technologies that need to work in the real business world. just buying a PKI solution from a vendor won't even begin to help you if you are not aware of organizational, legal, and implementation issues. From a business perspective, I found the "Vendor Evaluation Matrix" and the inclusion of a sample Request for Proposal(RFP) especially helpful.

Also helpful were the references to the current standard work being done by Internet Engineering Task Force (IETF) and the different European regulatory bodies.

One minor quibble: the book lists seven "contributors" but does not state who wrote which chapter or section. I hope that this will be corrected in a future edition.

If you want to get a very good grounding in PKI and the issues surrounding deploying it, or to answer the question of why you would even want deploy PKI, this book is a very good one to add to your knowledge arsenal. If or as you go implementing your own PKI solution, this book will be a handy "project check list" as well.

7 of 7 people found the following review helpful:

2.0 out of 5 stars Not for technical people, May 3, 2001

By 

Gregory A. Tucker "IT Service Manager" (Portland, OR) - See all my reviews

Amazon Verified Purchase

This review is from: PKI : A Wiley Tech Brief (Paperback)

I bought this book because the Amazon description said it "explains PKIs at a level that's appropriate for experienced network administrators and security specialists who haven't looked into PKI technologies in a systematic way before." In this review you will see that I disagree with this statement.

Let's start with Chapter 1: PKI Explained. The author states "So then, why PKI? Because PKI is a technology that can provide the infrastructure, the controls, and the underlying security services necessary to support the requirements business executives now face." Does this statement mean anything? Like many of the generalizations in the book, no it does not, but there are 3 things we can learn from it. 1) Who is REALLY the intended target of the book. 2) The technical level from which this book is starting. 3) That the author has no intention of separating the PKI hype from PKI reality. (For this, turn your attention to Bruce Scheier's recent writings.)

Moving on to chapter 3: "Securing the Environment for PKI" it explains the basics of security planning. Please note this is the BASICS; in fact, all decent network administrators will be more than familiar with all the concepts here. For 3 pages it describes security as analogous with a castle, and even provides us with a picture of a castle, complete with door guards and horse mounted knights. This analogy, as with most in the book, was not helpful.

I could go on with through every chapter, but I think you should get the point by now. I am the head of infrastructure for a financial firm that is mandated to roll out a PKI solution, and I was looking for a book that describes in the real world what the PKI really does, what it really doesn't do, and what are the real issues. Although the book dances around this in various ways, the technical level is too shallow and the analogies are too disruptive to accomplish this in a satisfying way. I will continue to look around for other sources.

I give it 2 stars for some good case studies.

8 of 9 people found the following review helpful:

5.0 out of 5 stars PKI by Tom Austin, January 29, 2001

By 

Bradley E. Hosmer (Concord, NH USA) - See all my reviews

This review is from: PKI : A Wiley Tech Brief (Paperback)

This is a complete and comprehensive look at PKI technology and its application. It was understandable and readable without being overly simplified. The many diagrams were helpful in illustrating the principles outlined in the text. Mr. Austin and those that assisted him have done an excellent job.