- Hardcover: 352 pages
- Publisher: Addison-Wesley Professional; 2 edition (November 16, 2002)
- Language: English
- ISBN-10: 0672323915
- ISBN-13: 978-0672323911
- Product Dimensions: 7.6 x 0.9 x 9.5 inches
- Shipping Weight: 1.6 pounds
- Average Customer Review: 3.3 out of 5 stars See all reviews (16 customer reviews)
- Amazon Best Sellers Rank: #1,850,093 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Understanding PKI: Concepts, Standards, and Deployment Considerations (2nd Edition) 2nd Edition
Use the Amazon App to scan ISBNs and compare prices.
Customers who bought this item also bought
What other items do customers buy after viewing this item?
From the Publisher
Without doubt, the promise of public-key infrastructure (PKI) technology has attracted a significant amount of attention in the last few years. Hardly a week goes by without some facet of PKI being addressed in a newspaper, trade journal, or conference paper. We hear and read about the promise of authentication and non-repudiation services provided through the use of digital signature techniques and about confidentiality and key management services based on a combination of symmetric and asymmetric cryptographyall facilitated through the realization of a supporting technology referred to as PKI. In fact, many people consider the widespread deployment of PKI technology to be an important enabler of secure global electronic commerce.
Although the foundation for PKI was established over two decades ago with the invention of public-key cryptography, PKI technology has been offered as a commercially viable solution only within the last few years. But what started as a handful of technology vendors a few years ago has seen the birth of dozens, perhaps hundreds, of products that offer one form or another of PKI-related service. Further, the commercial demand for PKI-based services remains strong, and available evidence suggests that this will continue for the foreseeable future.
Still, as a technology, PKI is fairly new. And to many, PKI technology is shrouded in mystery to some extent. This situation appears to be exacerbated by the proliferation of conflicting documentation, standards, and vendor approaches. Furthermore, there are few comprehensive books devoted to PKI that provide a good introduction to its critical concepts and technology fundamentals.
Thus, the authors share a common motivation in writing this book: to provide a vendor-neutral source of information that can be used to establish a baseline for understanding PKI. In this book, we provide answers to many of the fundamental PKI-related questions, including
What exactly is a PKI?
What constitutes a digital signature?
What is a certificate?
What is certificate revocation?
What is a Certification Authority (CA)?
What are the governing standards?
What are the issues associated with large-scale PKI deployment within an enterprise?
These are just some of the questions we explore in this book.
Motivations for PKI
It is important to recognize that PKI is not simply a "neat" technology without tangible benefits.When deployed judiciously, PKI offers certain fundamental advantages to an organization, including the potential for substantial cost savings. PKI can be used as the underlying technology to support authentication, integrity, confidentiality, and non-repudiation. This is accomplished through a combination of symmetric and asymmetric cryptographic techniques enabled through the use of a single, easily managed infrastructure rather than multiple security solutions. (See Chapter 2, Public-Key Cryptography; Chapter 3, The Concept of an Infrastructure; Chapter 4, Core PKI Services: Authentication, Integrity, and Confidentiality; and Chapter 5, PKI-Enabled Services.) PKI offers scalable key management in that the overhead associated with the distribution of keying material to communicating parties is reduced significantly when compared with solutions based solely on symmetric cryptography. (See Chapter 2 for a description of symmetric and asymmetric cryptographic techniques.) Ultimately, however, the primary motivations from a business standpoint are not technical but economic: How can PKI give a positive return on investment? To that end, judicious deployment of a single, unifying PKI technology can help, among other things
Reduce administrative overhead (when compared with the deployment of multiple point solutions)
Reduce the number of passwords required by end users (and, consequently, the administrative and help desk costs associated with managing them)
Reduce paperwork and improve workflow efficiencies through more automated (and more secure) business processes
Optimize work-force productivity (by ensuring that users spend less time contending with the security infrastructure and more time on the job at hand)
Reduce requirements for end-user training related to the use of the security services (because there is one security solution rather than many)
Not only does PKI technology have the potential to realize cost savings, but in some cases it also might even be a source of revenue for an organization (through support for new services that might otherwise not be offered). Benefits and related business considerations associated with PKI technology are discussed further in Part III, Deployment Considerations.
Changes in the Second Edition
The world, and PKI's place in the world, has evolved somewhat since the first edition of this book was written. Like many technologies, PKI has experienced the highs and lows of media attention and analyst focus: In three short years, the descriptions have covered the spectrum from "silver bullet" to "snake oil." There is still confusion regarding naming of entities and the use of PKI in real-world business applications such as e-mail. Occasionally, the long-term viability of PKI is questioned in journals or trade publications. In this second edition, two new chapters have been added to address precisely these areas:
Chapter 14, PKI in Practice, looks at the use of this technology in the real world and tries to clarify where PKI can be beneficial and where it cannot.
Chapter 15, The Future of PKI, is based upon an observation of how the world has been evolving and attempts to answer the question: Will this technology survive and, if so, why?
For the most part, however, the roller coaster of public opinion has now largely stabilized. There is general consensus that PKI is one viable option for a good, solid authentication technology with a number of appealing benefits compared with other technologies. In conjunction with this, PKI itself has matured and evolved to better meet the needs of the environments that might deploy it and rely on it for various services. In this edition, changes and additions have been made throughout the book to capture and explain this evolution. Some specific examples include the following:
Chapter 5, PKI-Enabled Services, now includes a section on privacy as a service that may be enabled by a PKI.
Chapters 6, Certificates and Certification, and 8, Certificate Revocation, have been updated to reflect new extensions and clarification text that were introduced in the X.509 (2000) standard.
Chapter 9, Trust Models, now incorporates material on several additional trust models that may be appropriate in some environments.
Chapter 13, Electronic Signature Legislation and Considerations, has been revised and updated to reflect the significant progress that has been made in that area since late 1999. * The whole of Part II, Standards, has been updated to incorporate the latest achievements in that area, as well as the new initiatives that have been started, especially in the eXtensible Markup Language (XML) standards bodies. Numerous other, more minor, updates and revisions may be found throughout the book.
The main purpose of this book is to provide a fairly comprehensive overview that will help the reader better understand the technical and operational considerations behind PKI technology. You will benefit from this book if you are responsible for the planning, deployment, and/or operation of an enterprise PKI. Those who are simply interested in the basic principles behind a PKI should also find this book useful.
We hope that this book will become an educational tool for many and a handy reference guide for others. This book is not intended to resolve extremely detailed implementation questions, although it can serve as a primer for someone who will eventually be more interested in the finer implementation details.
From the Back Cover
Public-Key Infrastructure (PKI) is the foundation of the four major elements of digital security: authentication, integrity, confidentiality, and non-repudiation. The idea of a public-key infrastructure has existed for more than a decade, but the need for PKI has intensified over the last few years as the Internet has expanded its reach into business, government, the legal system, the military, and other areas that depend on secure communications.
Understanding PKI, Second Edition, is both a guide for software engineers involved in PKI development and a readable resource for technical managers responsible for their organization’s security policies and investments. It is a comprehensive primer to the latest in PKI technology and how it is used today. Taking a non-vendor-specific approach, this book explains fundamental concepts, examines emerging standards, and discusses deployment considerations and strategies that effect success.
This second edition has been updated throughout to incorporate all of the most recent developments in the PKI field. Two new chapters have been added to address the use of PKI in the real world and to explore the technology’s future. This new edition also addresses:
In addition to this specific information, the authors lend their informed opinions on how emerging trends will drive the expansion of PKI.
Browse award-winning titles. See more
If you are a seller for this product, would you like to suggest updates through seller support?
Top Customer Reviews
There is value in a concepts book. For experienced technical professional trying to get a grip on the terminologies and concepts of security and PKI, this book is succinct and touches all the major points.
For those looking for screenshots of people right clicking icons, there's a thousand other books like that! Most of those so called "technical books" are not that technical. It's nice to have a book that's not product specific for a change.
This book does what it intends to do well. There is a need for more technical books but this book is valuable in it's present form. I have given several copies to peers.
I hope this review helps you balance out your opinions before deciding for or against this book.
I am pleased to recommend the book to anyone looking for a very good, succinct but thorough treatment of the subject area.
In the physical world, trust is built through a complex web of social, legal, national, international, and business transactions that can take years or decades to develop. Items such as driver's licenses or passports create trust, because they are underwritten by the issuing authority. Unfortunately, the same level of trust is much harder to implement in the electronic world. One way to do so is via PKI.
As an example, one can use a passport for identification in the physical world. The cyberspace equivalent could be a digital certificate for authentication. Similarly, ink-based signatures are used on binding contracts. In the digital world, digital signatures are used to ensure a concept called nonrepudiation, by which the party involved in a process cannot later deny that he or she took part in it.
Understanding Public-Key Infrastructure is a guide to the effective deployment of PKI. The authors do a great job of covering the critical areas of PKI, including certification, operational considerations, standardization efforts, and deployment issues.
The authors deserve credit for producing a guide that avoids getting bogged down in minutiae and other technical details. Their approach is to cover a topic at a broad level, delve into some detail, then refer the reader to an appropriate source for particulars. They are also obsessively vendor-neutral.
This is an important book for those who expect to do e-commerce. Because whether anyone realizes it or not, this is the year of the PKI.
This review of mine originally appears at [...]