Digital Certificates: Applied Internet Security (Paperback)

~ Jalal Feghhi (Author), Peter Williams (Author)

Editorial Reviews

Amazon.com Review

Because the Internet is based on connectionless protocols that route messages through more or less public machines, standard means of Internet communication offer no guarantees of integrity or authenticity. A variety of schemes have sprung up to solve this problem, and Digital Certificates: Applied Internet Security does a great job of explaining the Microsoft approach to securing Internet communications.

Helpfully, the authors spend a fair amount of time explaining the problem of network security and the broad technologies (public-key encryption, key length considerations, authentication, and so on). Having explained the universe in which a security system must work, they then show how to acquire a digital certificate from a certification authority (CA). From there, they show how to use the digital certificate with several pieces of software, including Internet Explorer 3 and 4 (but not 5), Netscape Communicator 4, and Outlook Express 4.

Of more interest to administrators and developers are code snippets that show how to request and process digital certificates in a variety of environments, including Active Server Pages (ASP) and Java. There's background information on the newly standardized Public Key Infrastructure with X.509 (PKIX) and the Secure Electronic Transaction (SET) standard for financial operations too. Coverage of Microsoft Certificate Server includes a lot of programming information, including coverage of the Policy and Exit Modules. --David Wall

Topics covered: Encryption, authentication, X.509 digital certificates, certification authorities, S/MIME, trust relationships, and Microsoft Certificate Server.

Product Description

Detailed & practical guide to understanding & working with digital certificates. Presents an overview of this important technology & its role in Internet security, and looks at the business infrastructure that is essential to its effective utilization. Paper. CD ROM included. DLC: Internet (Computer network) - Security.

See all Editorial Reviews

Product Details

• Paperback: 480 pages
• Publisher: Addison-Wesley Professional (October 9, 1998)
• Language: English
• ISBN-10: 0201309807
• ISBN-13: 978-0201309805
• Product Dimensions: 9.4 x 7.3 x 0.9 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 3.8 out of 5 stars  See all reviews (10 customer reviews)
• Amazon.com Sales Rank: #865,793 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

8 of 8 people found the following review helpful:

4.0 out of 5 stars A good help to develop digital certificates based systems, January 14, 1999

By	Giulio Carducci (g.carducci@securteam.it) (Rome, Italy) - See all my reviews

This book is a valuable help for everybody involved in digital certificates based systems design and implementation. It covers both digital certificates technical matter (strating from crypto basics) and the most popular certification based applications of to-day. The book may be regarded as built up with three main sections plus appendixes. In the first section (including three chapters) are introduced, with clearness and property, basic terms and concepts reagarding data security in the Internet context (and beyond). A chapter is for cryptography, discussing for non math professionals, buth in reasonable depth, crypto basics and secret key, public key and message digest algorithms. A third, accurate chapter covers both the format and the functionalities of digital certificate. The consistent second section (chapters 3 to 15) covers the most popular digital certificate based applications, taking into account both technical and functional aspects: code authentication, secure e-mail, secure Web-site, Certification Authority services and so on. Some popular certification management platforms and engines are covered in detail. The third section (chapters 16 to 20) is the most system oriented part of the book, and may be see as a working companion for the system developer. It covers in depth, additionally supported by the included CD-ROM content, the usage of Microsoft Certificate Server to develop a complete C.A. Appendix contains Microsoft Certification Server related additional material and a short description of ASN.1, a popular abstract syntax notation language used to describe security mechanisms. The CD-ROM completes with a ful PKCS standard set. Plenty of useful security standard references, pertinent and well organised bibliography, intriguing Web site documentation sources are additional pay-off when buying this professional and highly commendable book.

9 of 10 people found the following review helpful:

2.0 out of 5 stars Not recommended, July 21, 2005

By	Roedy Green (Victoria, BC, Canada) - See all my reviews (REAL NAME)

This book is a classic example on how not to write a book.

First the authors were never clear on the intended audience. Sometimes they seem to be talking a grandmother touching a mouse for the first time, driving you crazy with obvious details. Other times they seem to be chatting to the boys in the backroom at Verisign, way over your head with undefined acronym soup.

The book constantly uses terms without defining them. The books explains in great detail how to do unspeakable acts to a certificate server without first explaining WHY you might want to do such things or why you might want your own certificate server in the first place.

Sometimes the book reads like a sales promo for Verisign where some of the authors work.

The book does not explain how to compute any of the digests or public/private key computations, but it does give a reasonable overview of how they work.

For a book on certificates, oddly it shows no examples, or their format.

The authors did a reasonable, if somewhat belaboured, job of explaining S/MIME email signing and encryption. I have not encountered one before.

3 of 3 people found the following review helpful:

4.0 out of 5 stars Great book on Digital Certificates, March 26, 2001

By	"dayveg" (New York, NY USA) - See all my reviews

I really got a lot out of this book. While I was not thrilled with the Microsoft-centricity of the book, I don't feel it detracted from the purpose of the book. They go at a reasonable pace, and do an excellent job at explaining complex subjects.

I do disagree with some of the other reviewers about it being a good book for learning about digital and/or network security. Digital certificates are a small albeit important component of computer security.