Customer Reviews

SSL and TLS: Designing and Building Secure Systems

5 star:		(18)
4 star:		(2)
3 star:		(0)
2 star:		(0)
1 star:		(4)

 

 

As one of the three co-designers of SSL v3, I highly recommend this book -- it's the best book I've seen on SSL/TLS. Eric knows the protocol inside and out and does an excellent job of explaining both the practice and theory of SSL and TLS. The book also includes includes lots of practical information that isn't in the spec about how things are actually done and does a great job explaining the underlying cryptography and security.

I was basically hoping for an SSL appendix to Stevens's TCP/IP Illustrated and was not at all disappointed. Rescorla makes excellent use of chronological network traces and has written an SSL equivalent to tcpdump to help illustrate what's going on. This makes for clear explainations, and a steep but none the less thoroughly attainable learning curve.

One word I noticed being used a whole lot was 'why'. Rescorla goes to some lengths to explain the why's of network security, and uses simple concepts to illustrate these.

It also presents a fairly precise history of the whole SSL thing from an entirely neutral political standpoint. He gives credit where it is due - even to Microsoft who, as it turns out, were trying to do the right thing all along. The neutrality also shows when Rescorla goes to lengths to point out potential conflicts of interest when the story involves him, personally.

All in all, if you couldn't tell, I'm very impressed. This is a complex topic, perhaps *the* complex topic and it is handled in a controlled manner. You'll need to be reasonably au fait with TCP/IP and internet protocols in general, but from that point on you're in safe hands.

The definitive reference on SSL and TLS. If you rely on SSL/TLS, need a way to secure communications channels of some system, or are just curious about the protocol, this is the book for you. The author has a very clear and down-to-earth writing style that makes the technical material easy to follow, and the diagrams and protocol traces help make the workings of the protocol more concrete. As a result, it is easier to follow, and gives more practical details, than the RFCs. This one is staying on my shelf.

I agree with the other reviewers that this is a great book. It's written in such a way that it's useful for readers that intend to use SSL at different levels. For example, there are places that tell you can skip ahead to the next chapter unless you are actually implementing SSL. I also really liked the initial chapter about the general security concepts involved in SSL. It was something I didn't know a lot about and it was very well explained.

Before this book came along documentation about SSL was fragmentary. You had to learn about SSL from old Netscape draft standards documents, notes, examples, RFCs, existing code, etc. I wished for just such a book as this one. All the essential up-to-date information in one place. I bought it shortly after publication and it exceeded all my expectations. Thorough, clear introduction to the subject of SSL for programmers. The author also provides interesting background material, such as how TLS evolved from pre-existing protocols. The book is very readable and I practically read it from start to finish which is unusual for a technical book. If someone asked me to recommend a book I would suggest this one. And now I am waiting for the book on X.509.

Making applications enabled with SSL isn't trivial, and the path is dark and undocumented. This book provides illumination for the moderately capable network programmer, who is interested in doing the responsible thing. This book is not the end-all to secure system design, and I think the sub title "Designing and Building Secure Systems" is a bit ambitious for a hardcore SSL book and is more covered by "Building Secure Software".

However, this book is very good at providing insight, working examples (I typed them in and compiled them myself (atleast the C ones using openssl)), and implementation details so that a developer can secure the network application layer of their program using a robust, standard/open protocol.

I can't vouch for the completeness or accuracy as it relates to other SSL implementations, but it helped me understand how to easily and quickly incorporate SSL/TLS (using openssl) into my applications.

The book also provides many, many tips and techniques in how to incorporate SSL the right way, the secure way. Understanding the details provided by this book, helped me measure the amount of risk and exposure so I could further gauge what was acceptable for my application.

At the end of the day, if you need to use SSL/TLS in your application you won't be disappointed by this book. If you are looking for ways to build and design secure network systems, this book is too heavily focused on the aspects of crypto to cover that topic well, and you would be better served by other books. 5 stars for what it covers well.

Have been waiting long for such a book about SSL/TLS topic. 2 big thumbs up !!

This books covers everything you want to know about SSL/TLS and specific about SSL/TLS. For anyone who ever looking for more resources on SSL and only found the RFC and spec this is the book you would love to see ... It provides enough cryptogrphic topics details enough to understand the protocol yet not making you bored to sleep. The layout of each chapter also seperated to be overview and detail oriented so you can pick whatever appropriate for you. Covers varieties topics such as SSL application(other than HTTP), SSL history (where the confusions come from), SSL performance measurement (with real data comparison), real SSL trace, code example (best part for programmers !), good reference, .... and so on. Only thing it doesn't cover is to show you how to break SSL (it does cover the known attack, the damage, and the countermeasures, though). Recommend to anyone who is planning, implementing or want to know more about SSL.

Not only is this an extremely useful book on explaining SSL/TLS, but its comparisons of those protocols to other security protocols is priceless. For example, the concise explanation of IPSec is far better than entire other books devoted to the topic. I can't recommend this highly enough!!

This is a great book. Well written, good diagrams, very good overview as well as detailed data dump of the protocol. I highly recommend.

simply put there is no finer book on the subject. this is to SSL and TLS what TCP/IP illustrated is to Ip networking.

you wont learn much about crytography here (you'll definitely want a book on that, too), but you will learn the nuances of how SSL and TLS work. this is, to the best of my knowledge, the first such attempt at this kind of handbook. and i find it succeeds very well. rescorla's attention to detail shows in everything, and that's exatcly what a book like this needs.

reccomended ...