Understanding PKI: Concepts, Standards, and Deployment Considerations (2nd Edition) [Hardcover]

Carlisle Adams (Author), Steve Lloyd (Author)

Book Description

ISBN-10: 0672323915 | ISBN-13: 978-0672323911 | Publication Date: November 16, 2002 | Edition: 2

PKI (public-key infrastructure) enables the secure exchange of data over otherwise unsecured media, such as the Internet. PKI is the underlying cryptographic security mechanism for digital certificates and certificate directories, which are used to authenticate a message sender. Because PKI is the standard for authenticating commercial electronic transactions, Understanding PKI, Second Edition, provides network and security architects with the tools they need to grasp each phase of the key/certificate life cycle, including generation, publication, deployment, and recovery.

Editorial Reviews

From the Publisher

Without doubt, the promise of public-key infrastructure (PKI) technology has attracted a significant amount of attention in the last few years. Hardly a week goes by without some facet of PKI being addressed in a newspaper, trade journal, or conference paper. We hear and read about the promise of authentication and non-repudiation services provided through the use of digital signature techniques and about confidentiality and key management services based on a combination of symmetric and asymmetric cryptography—all facilitated through the realization of a supporting technology referred to as PKI. In fact, many people consider the widespread deployment of PKI technology to be an important enabler of secure global electronic commerce.

Although the foundation for PKI was established over two decades ago with the invention of public-key cryptography, PKI technology has been offered as a commercially viable solution only within the last few years. But what started as a handful of technology vendors a few years ago has seen the birth of dozens, perhaps hundreds, of products that offer one form or another of PKI-related service. Further, the commercial demand for PKI-based services remains strong, and available evidence suggests that this will continue for the foreseeable future.

Still, as a technology, PKI is fairly new. And to many, PKI technology is shrouded in mystery to some extent. This situation appears to be exacerbated by the proliferation of conflicting documentation, standards, and vendor approaches. Furthermore, there are few comprehensive books devoted to PKI that provide a good introduction to its critical concepts and technology fundamentals.

Thus, the authors share a common motivation in writing this book: to provide a vendor-neutral source of information that can be used to establish a baseline for understanding PKI. In this book, we provide answers to many of the fundamental PKI-related questions, including

What exactly is a PKI?
What constitutes a digital signature?
What is a certificate?
What is certificate revocation?
What is a Certification Authority (CA)?
What are the governing standards?
What are the issues associated with large-scale PKI deployment within an enterprise?
These are just some of the questions we explore in this book.

Motivations for PKI
It is important to recognize that PKI is not simply a "neat" technology without tangible benefits.When deployed judiciously, PKI offers certain fundamental advantages to an organization, including the potential for substantial cost savings. PKI can be used as the underlying technology to support authentication, integrity, confidentiality, and non-repudiation. This is accomplished through a combination of symmetric and asymmetric cryptographic techniques enabled through the use of a single, easily managed infrastructure rather than multiple security solutions. (See Chapter 2, Public-Key Cryptography; Chapter 3, The Concept of an Infrastructure; Chapter 4, Core PKI Services: Authentication, Integrity, and Confidentiality; and Chapter 5, PKI-Enabled Services.) PKI offers scalable key management in that the overhead associated with the distribution of keying material to communicating parties is reduced significantly when compared with solutions based solely on symmetric cryptography. (See Chapter 2 for a description of symmetric and asymmetric cryptographic techniques.) Ultimately, however, the primary motivations from a business standpoint are not technical but economic: How can PKI give a positive return on investment? To that end, judicious deployment of a single, unifying PKI technology can help, among other things

Reduce administrative overhead (when compared with the deployment of multiple point solutions)
Reduce the number of passwords required by end users (and, consequently, the administrative and help desk costs associated with managing them)
Reduce paperwork and improve workflow efficiencies through more automated (and more secure) business processes
Optimize work-force productivity (by ensuring that users spend less time contending with the security infrastructure and more time on the job at hand)
Reduce requirements for end-user training related to the use of the security services (because there is one security solution rather than many)
Not only does PKI technology have the potential to realize cost savings, but in some cases it also might even be a source of revenue for an organization (through support for new services that might otherwise not be offered). Benefits and related business considerations associated with PKI technology are discussed further in Part III, Deployment Considerations.

Changes in the Second Edition
The world, and PKI's place in the world, has evolved somewhat since the first edition of this book was written. Like many technologies, PKI has experienced the highs and lows of media attention and analyst focus: In three short years, the descriptions have covered the spectrum from "silver bullet" to "snake oil." There is still confusion regarding naming of entities and the use of PKI in real-world business applications such as e-mail. Occasionally, the long-term viability of PKI is questioned in journals or trade publications. In this second edition, two new chapters have been added to address precisely these areas:

Chapter 14, PKI in Practice, looks at the use of this technology in the real world and tries to clarify where PKI can be beneficial and where it cannot.

Chapter 15, The Future of PKI, is based upon an observation of how the world has been evolving and attempts to answer the question: Will this technology survive and, if so, why?

For the most part, however, the roller coaster of public opinion has now largely stabilized. There is general consensus that PKI is one viable option for a good, solid authentication technology with a number of appealing benefits compared with other technologies. In conjunction with this, PKI itself has matured and evolved to better meet the needs of the environments that might deploy it and rely on it for various services. In this edition, changes and additions have been made throughout the book to capture and explain this evolution. Some specific examples include the following:

Chapter 5, PKI-Enabled Services, now includes a section on privacy as a service that may be enabled by a PKI.

Chapters 6, Certificates and Certification, and 8, Certificate Revocation, have been updated to reflect new extensions and clarification text that were introduced in the X.509 (2000) standard.

Chapter 9, Trust Models, now incorporates material on several additional trust models that may be appropriate in some environments.

Chapter 13, Electronic Signature Legislation and Considerations, has been revised and updated to reflect the significant progress that has been made in that area since late 1999. * The whole of Part II, Standards, has been updated to incorporate the latest achievements in that area, as well as the new initiatives that have been started, especially in the eXtensible Markup Language (XML) standards bodies. Numerous other, more minor, updates and revisions may be found throughout the book.

Audience
The main purpose of this book is to provide a fairly comprehensive overview that will help the reader better understand the technical and operational considerations behind PKI technology. You will benefit from this book if you are responsible for the planning, deployment, and/or operation of an enterprise PKI. Those who are simply interested in the basic principles behind a PKI should also find this book useful.

We hope that this book will become an educational tool for many and a handy reference guide for others. This book is not intended to resolve extremely detailed implementation questions, although it can serve as a primer for someone who will eventually be more interested in the finer implementation details.

From the Back Cover

Public-Key Infrastructure (PKI) is the foundation of the four major elements of digital security: authentication, integrity, confidentiality, and non-repudiation. The idea of a public-key infrastructure has existed for more than a decade, but the need for PKI has intensified over the last few years as the Internet has expanded its reach into business, government, the legal system, the military, and other areas that depend on secure communications.

Understanding PKI, Second Edition, is both a guide for software engineers involved in PKI development and a readable resource for technical managers responsible for their organization’s security policies and investments. It is a comprehensive primer to the latest in PKI technology and how it is used today. Taking a non-vendor-specific approach, this book explains fundamental concepts, examines emerging standards, and discusses deployment considerations and strategies that effect success.

This second edition has been updated throughout to incorporate all of the most recent developments in the PKI field. Two new chapters have been added to address the use of PKI in the real world and to explore the technology’s future. This new edition also addresses:

The X.509 standard

PKI for privacy

The emergence of electronic signatures and accompanying legislation

New PKI initiatives supported by the XML standards bodies

In addition to this specific information, the authors lend their informed opinions on how emerging trends will drive the expansion of PKI.

0672323915B10162002

See all Editorial Reviews

Product Details

• Hardcover: 352 pages
• Publisher: Addison-Wesley Professional; 2 edition (November 16, 2002)
• Language: English
• ISBN-10: 0672323915
• ISBN-13: 978-0672323911
• Product Dimensions: 9.3 x 7.4 x 0.9 inches
• Shipping Weight: 1.6 pounds
• Average Customer Review: 4.0 out of 5 stars  See all reviews (14 customer reviews)
• Amazon Best Sellers Rank: #850,383 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

57 of 62 people found the following review helpful:

5.0 out of 5 stars Great PKI Project Manager's Guide/tutorial/overview, January 26, 2000

By 

Smiling Hotei (Grass Valley, CA) - See all my reviews

Amazon Verified Purchase

This review is from: Understanding the Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations (Hardcover)

I gave this five stars for the breadth of coverage. I don't need yet another book on cryptography -- I already have a shelf full. Carlisle and Steve cover the PKI turf without getting unnecessarily bogged down in technical details. For example, they cover the functions and differences of ECDSA versus ECDH in about a paragraph. If you want to know how the algorithms work, read Applied Cryptography. This has a clear, concise, and non-technical explanation of just about every concept, standard, and issue a project manager would need to know about PKI. I give credit for not trying to cover the technical issues in depth -- rather, this takes the approach of: here's the issue, here are the alternatives, and if you want to know more read ...The concepts and issues are very current, and cover proposed and draft standards, including Privilege Management Infrastructure, certificate revocation mechanisms, trust models, etc. Excellent coverage!

22 of 23 people found the following review helpful:

5.0 out of 5 stars comprehensive and still very readable: a must!, June 4, 2000

By A Customer

This review is from: Understanding the Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations (Hardcover)

I'm giving courses on PKI. I was looking for a good reference for my students. Finally found one! I read it cover to cover: comprehensive, very easy to read, vendor-neutral (very important to me), not biaised: also gives you the pros and cons, issues with PKI. A must to read if interested in PKI.

7 of 7 people found the following review helpful:

3.0 out of 5 stars Has value for Technical Architects / Security Analysts, May 7, 2004

By 

Mark "Technology, Music and Movies" (East Coast) - See all my reviews
(TOP 100 REVIEWER)    (VINE VOICE)    (#1 Hall OF FAME REVIEWER)    (2008 HOLIDAY TEAM)   

This review is from: Understanding the Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations (Hardcover)

I think there's some merit to people expecting a more hands on approach in a book like this. But those expectations seems unrealistic. The book is not titled "Implementing PKI," it's called "Understanding PKI."

There is value in a concepts book. For experienced technical professional trying to get a grip on the terminologies and concepts of security and PKI, this book is succinct and touches all the major points.

For those looking for screenshots of people right clicking icons, there's a thousand other books like that! Most of those so called "technical books" are not that technical. It's nice to have a book that's not product specific for a change.

This book does what it intends to do well. There is a need for more technical books but this book is valuable in it's present form. I have given several copies to peers.

I hope this review helps you balance out your opinions before deciding for or against this book.