- Paperback: 322 pages
- Publisher: Addison-Wesley Professional; 2 edition (November 16, 2002)
- Language: English
- ISBN-10: 0321743091
- ISBN-13: 978-0321743091
- Product Dimensions: 7.9 x 0.9 x 9.9 inches
- Shipping Weight: 1.6 pounds (View shipping rates and policies)
- Average Customer Review: 16 customer reviews
- Amazon Best Sellers Rank: #1,186,616 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Understanding PKI: Concepts, Standards, and Deployment Considerations (paperback) (2nd Edition) 2nd Edition
Use the Amazon App to scan ISBNs and compare prices.
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
Customers who viewed this item also viewed
From the Publisher
Without doubt, the promise of public-key infrastructure (PKI) technology has attracted a significant amount of attention in the last few years. Hardly a week goes by without some facet of PKI being addressed in a newspaper, trade journal, or conference paper. We hear and read about the promise of authentication and non-repudiation services provided through the use of digital signature techniques and about confidentiality and key management services based on a combination of symmetric and asymmetric cryptographyall facilitated through the realization of a supporting technology referred to as PKI. In fact, many people consider the widespread deployment of PKI technology to be an important enabler of secure global electronic commerce.
Although the foundation for PKI was established over two decades ago with the invention of public-key cryptography, PKI technology has been offered as a commercially viable solution only within the last few years. But what started as a handful of technology vendors a few years ago has seen the birth of dozens, perhaps hundreds, of products that offer one form or another of PKI-related service. Further, the commercial demand for PKI-based services remains strong, and available evidence suggests that this will continue for the foreseeable future.
Still, as a technology, PKI is fairly new. And to many, PKI technology is shrouded in mystery to some extent. This situation appears to be exacerbated by the proliferation of conflicting documentation, standards, and vendor approaches. Furthermore, there are few comprehensive books devoted to PKI that provide a good introduction to its critical concepts and technology fundamentals.
Thus, the authors share a common motivation in writing this book: to provide a vendor-neutral source of information that can be used to establish a baseline for understanding PKI. In this book, we provide answers to many of the fundamental PKI-related questions, including
What exactly is a PKI?
What constitutes a digital signature?
What is a certificate?
What is certificate revocation?
What is a Certification Authority (CA)?
What are the governing standards?
What are the issues associated with large-scale PKI deployment within an enterprise?
These are just some of the questions we explore in this book.
Motivations for PKI
It is important to recognize that PKI is not simply a "neat" technology without tangible benefits.When deployed judiciously, PKI offers certain fundamental advantages to an organization, including the potential for substantial cost savings. PKI can be used as the underlying technology to support authentication, integrity, confidentiality, and non-repudiation. This is accomplished through a combination of symmetric and asymmetric cryptographic techniques enabled through the use of a single, easily managed infrastructure rather than multiple security solutions. (See Chapter 2, Public-Key Cryptography; Chapter 3, The Concept of an Infrastructure; Chapter 4, Core PKI Services: Authentication, Integrity, and Confidentiality; and Chapter 5, PKI-Enabled Services.) PKI offers scalable key management in that the overhead associated with the distribution of keying material to communicating parties is reduced significantly when compared with solutions based solely on symmetric cryptography. (See Chapter 2 for a description of symmetric and asymmetric cryptographic techniques.) Ultimately, however, the primary motivations from a business standpoint are not technical but economic: How can PKI give a positive return on investment? To that end, judicious deployment of a single, unifying PKI technology can help, among other things
Reduce administrative overhead (when compared with the deployment of multiple point solutions)
Reduce the number of passwords required by end users (and, consequently, the administrative and help desk costs associated with managing them)
Reduce paperwork and improve workflow efficiencies through more automated (and more secure) business processes
Optimize work-force productivity (by ensuring that users spend less time contending with the security infrastructure and more time on the job at hand)
Reduce requirements for end-user training related to the use of the security services (because there is one security solution rather than many)
Not only does PKI technology have the potential to realize cost savings, but in some cases it also might even be a source of revenue for an organization (through support for new services that might otherwise not be offered). Benefits and related business considerations associated with PKI technology are discussed further in Part III, Deployment Considerations.
Changes in the Second Edition
The world, and PKI's place in the world, has evolved somewhat since the first edition of this book was written. Like many technologies, PKI has experienced the highs and lows of media attention and analyst focus: In three short years, the descriptions have covered the spectrum from "silver bullet" to "snake oil." There is still confusion regarding naming of entities and the use of PKI in real-world business applications such as e-mail. Occasionally, the long-term viability of PKI is questioned in journals or trade publications. In this second edition, two new chapters have been added to address precisely these areas:
Chapter 14, PKI in Practice, looks at the use of this technology in the real world and tries to clarify where PKI can be beneficial and where it cannot.
Chapter 15, The Future of PKI, is based upon an observation of how the world has been evolving and attempts to answer the question: Will this technology survive and, if so, why?
For the most part, however, the roller coaster of public opinion has now largely stabilized. There is general consensus that PKI is one viable option for a good, solid authentication technology with a number of appealing benefits compared with other technologies. In conjunction with this, PKI itself has matured and evolved to better meet the needs of the environments that might deploy it and rely on it for various services. In this edition, changes and additions have been made throughout the book to capture and explain this evolution. Some specific examples include the following:
Chapter 5, PKI-Enabled Services, now includes a section on privacy as a service that may be enabled by a PKI.
Chapters 6, Certificates and Certification, and 8, Certificate Revocation, have been updated to reflect new extensions and clarification text that were introduced in the X.509 (2000) standard.
Chapter 9, Trust Models, now incorporates material on several additional trust models that may be appropriate in some environments.
Chapter 13, Electronic Signature Legislation and Considerations, has been revised and updated to reflect the significant progress that has been made in that area since late 1999. * The whole of Part II, Standards, has been updated to incorporate the latest achievements in that area, as well as the new initiatives that have been started, especially in the eXtensible Markup Language (XML) standards bodies. Numerous other, more minor, updates and revisions may be found throughout the book.
The main purpose of this book is to provide a fairly comprehensive overview that will help the reader better understand the technical and operational considerations behind PKI technology. You will benefit from this book if you are responsible for the planning, deployment, and/or operation of an enterprise PKI. Those who are simply interested in the basic principles behind a PKI should also find this book useful.
We hope that this book will become an educational tool for many and a handy reference guide for others. This book is not intended to resolve extremely detailed implementation questions, although it can serve as a primer for someone who will eventually be more interested in the finer implementation details. --This text refers to an out of print or unavailable edition of this title.
From the Back Cover
This book is a tutorial on, and a guide to the deployment of, Public-Key Infrastructures. It covers a broad range of material related to PKIs, including certification, operational considerations and standardization efforts, as well as deployment issues and considerations. Emphasis is placed on explaining the interrelated fields within the topic area, to assist those who will be responsible for making deployment decisions and architecting a PKI within an organization. --This text refers to an out of print or unavailable edition of this title.
Top customer reviews
I am pleased to recommend the book to anyone looking for a very good, succinct but thorough treatment of the subject area.
In the physical world, trust is built through a complex web of social, legal, national, international, and business transactions that can take years or decades to develop. Items such as driver's licenses or passports create trust, because they are underwritten by the issuing authority. Unfortunately, the same level of trust is much harder to implement in the electronic world. One way to do so is via PKI.
As an example, one can use a passport for identification in the physical world. The cyberspace equivalent could be a digital certificate for authentication. Similarly, ink-based signatures are used on binding contracts. In the digital world, digital signatures are used to ensure a concept called nonrepudiation, by which the party involved in a process cannot later deny that he or she took part in it.
Understanding Public-Key Infrastructure is a guide to the effective deployment of PKI. The authors do a great job of covering the critical areas of PKI, including certification, operational considerations, standardization efforts, and deployment issues.
The authors deserve credit for producing a guide that avoids getting bogged down in minutiae and other technical details. Their approach is to cover a topic at a broad level, delve into some detail, then refer the reader to an appropriate source for particulars. They are also obsessively vendor-neutral.
This is an important book for those who expect to do e-commerce. Because whether anyone realizes it or not, this is the year of the PKI.
This review of mine originally appears at [...]