BN.com Gift Guide

Understanding PKI: Concepts, Standards, and Deployment Considerations / Edition 2

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $14.27
Usually ships in 1-2 business days
(Save 78%)
Other sellers (Hardcover)
  • All (6) from $14.27   
  • New (1) from $136.61   
  • Used (5) from $14.27   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$136.61
Seller since 2014

Feedback rating:

(322)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Page 1 of 1
Showing All
Close
Sort by

Overview

Public-Key Infrastructure (PKI) is the foundation of the four major elements of digital security: authentication, integrity, confidentiality, and non-repudiation. The idea of a public-key infrastructure has existed for more than a decade, but the need for PKI has intensified over the last few years as the Internet has expanded its reach into business, government, the legal system, the military, and other areas that depend on secure communications.

Understanding PKI, Second Edition, is both a guide for software engineers involved in PKI development and a readable resource for technical managers responsible for their organization’s security policies and investments. It is a comprehensive primer to the latest in PKI technology and how it is used today. Taking a non-vendor-specific approach, this book explains fundamental concepts, examines emerging standards, and discusses deployment considerations and strategies that effect success.

This second edition has been updated throughout to incorporate all of the most recent developments in the PKI field. Two new chapters have been added to address the use of PKI in the real world and to explore the technology’s future. This new edition also addresses:

  • The X.509 standard
  • PKI for privacy
  • The emergence of electronic signatures and accompanying legislation
  • New PKI initiatives supported by the

In addition to this specific information, the authors lend their informed opinions on how emerging trends will drive the expansion of PKI.

Read More Show Less

Product Details

  • ISBN-13: 9780672323911
  • Publisher: Addison-Wesley
  • Publication date: 11/28/2002
  • Edition description: Subsequent
  • Edition number: 2
  • Pages: 322
  • Product dimensions: 7.64 (w) x 9.54 (h) x 0.88 (d)

Meet the Author

Carlisle Adams is recognized internationally for his many contributions to the design, specification, and standardization of public-key infrastructures. He is senior cryptographer and principal of security at Entrust, Inc. He has been an active participant in the IETF Public-Key Infrastructure X.509 (PKIX) and Common Authentication Technology (CAT) working groups.

Steve Lloyd has more than 20 years experience in data communications and distributed systems security. His areas of expertise include distributed message handling systems and directory services, TCP/IP, security protocols, security architectures, and large-scale Public-Key Infrastructure policy and technology. He is currently manager of IT security consulting at AEPOS Technologies Corporation.

Read More Show Less

Read an Excerpt

Without doubt, the promise of public-key infrastructure (PKI) technology has attracted a significant amount of attention in the last few years. Hardly a week goes by without some facet of PKI being addressed in a newspaper, trade journal, or conference paper. We hear and read about the promise of authentication and non-repudiation services provided through the use of digital signature techniques and about confidentiality and key management services based on a combination of symmetric and asymmetric cryptography—all facilitated through the realization of a supporting technology referred to as PKI. In fact, many people consider the widespread deployment of PKI technology to be an important enabler of secure global electronic commerce.

Although the foundation for PKI was established over two decades ago with the invention of public-key cryptography, PKI technology has been offered as a commercially viable solution only within the last few years. But what started as a handful of technology vendors a few years ago has seen the birth of dozens, perhaps hundreds, of products that offer one form or another of PKI-related service. Further, the commercial demand for PKI-based services remains strong, and available evidence suggests that this will continue for the foreseeable future.

Still, as a technology, PKI is fairly new. And to many, PKI technology is shrouded in mystery to some extent. This situation appears to be exacerbated by the proliferation of conflicting documentation, standards, and vendor approaches. Furthermore, there are few comprehensive books devoted to PKI that provide a good introduction to its critical concepts and technology fundamentals.

Thus, the authorsshare a common motivation in writing this book: to provide a vendor-neutral source of information that can be used to establish a baseline for understanding PKI. In this book, we provide answers to many of the fundamental PKI-related questions, including

  • What exactly is a PKI?
  • What constitutes a digital signature?
  • What is a certificate?
  • What is certificate revocation?
  • What is a Certification Authority (CA)?
  • What are the governing standards?
  • What are the issues associated with large-scale PKI deployment within an enterprise?

These are just some of the questions we explore in this book.Motivations for PKI

It is important to recognize that PKI is not simply a "neat" technology without tangible benefits.When deployed judiciously, PKI offers certain fundamental advantages to an organization, including the potential for substantial cost savings. PKI can be used as the underlying technology to support authentication, integrity, confidentiality, and non-repudiation. This is accomplished through a combination of symmetric and asymmetric cryptographic techniques enabled through the use of a single, easily managed infrastructure rather than multiple security solutions. (See Chapter 2, Public-Key Cryptography; Chapter 3, The Concept of an Infrastructure; Chapter 4, Core PKI Services: Authentication, Integrity, and Confidentiality; and Chapter 5, PKI-Enabled Services.) PKI offers scalable key management in that the overhead associated with the distribution of keying material to communicating parties is reduced significantly when compared with solutions based solely on symmetric cryptography. (See Chapter 2 for a description of symmetric and asymmetric cryptographic techniques.) Ultimately, however, the primary motivations from a business standpoint are not technical but economic: How can PKI give a positive return on investment? To that end, judicious deployment of a single, unifying PKI technology can help, among other things

  • Reduce administrative overhead (when compared with the deployment of multiple point solutions)
  • Reduce the number of passwords required by end users (and, consequently, the administrative and help desk costs associated with managing them)
  • Reduce paperwork and improve workflow efficiencies through more automated (and more secure) business processes
  • Optimize work-force productivity (by ensuring that users spend less time contending with the security infrastructure and more time on the job at hand)
  • Reduce requirements for end-user training related to the use of the security services (because there is one security solution rather than many)

Not only does PKI technology have the potential to realize cost savings, but in some cases it also might even be a source of revenue for an organization (through support for new services that might otherwise not be offered). Benefits and related business considerations associated with PKI technology are discussed further in Part III, Deployment Considerations.Changes in the Second Edition

The world, and PKI's place in the world, has evolved somewhat since the first edition of this book was written. Like many technologies, PKI has experienced the highs and lows of media attention and analyst focus: In three short years, the descriptions have covered the spectrum from "silver bullet" to "snake oil." There is still confusion regarding naming of entities and the use of PKI in real-world business applications such as e-mail. Occasionally, the long-term viability of PKI is questioned in journals or trade publications. In this second edition, two new chapters have been added to address precisely these areas:

  • Chapter 14, PKI in Practice, looks at the use of this technology in the real world and tries to clarify where PKI can be beneficial and where it cannot.
  • Chapter 15, The Future of PKI, is based upon an observation of how the world has been evolving and attempts to answer the question: Will this technology survive and, if so, why?

For the most part, however, the roller coaster of public opinion has now largely stabilized. There is general consensus that PKI is one viable option for a good, solid authentication technology with a number of appealing benefits compared with other technologies. In conjunction with this, PKI itself has matured and evolved to better meet the needs of the environments that might deploy it and rely on it for various services. In this edition, changes and additions have been made throughout the book to capture and explain this evolution. Some specific examples include the following:

  • Chapter 5, PKI-Enabled Services, now includes a section on privacy as a service that may be enabled by a PKI.
  • Chapters 6, Certificates and Certification, and 8, Certificate Revocation, have been updated to reflect new extensions and clarification text that were introduced in the X.509 (2000) standard.
  • Chapter 9, Trust Models, now incorporates material on several additional trust models that may be appropriate in some environments.
  • Chapter 13, Electronic Signature Legislation and Considerations, has been revised and updated to reflect the significant progress that has been made in that area since late 1999. * The whole of Part II, Standards, has been updated to incorporate the latest achievements in that area, as well as the new initiatives that have been started, especially in the eXtensible Markup Language (

Audience

The main purpose of this book is to provide a fairly comprehensive overview that will help the reader better understand the technical and operational considerations behind PKI technology. You will benefit from this book if you are responsible for the planning, deployment, and/or operation of an enterprise PKI. Those who are simply interested in the basic principles behind a PKI should also find this book useful.

We hope that this book will become an educational tool for many and a handy reference guide for others. This book is not intended to resolve extremely detailed implementation questions, although it can serve as a primer for someone who will eventually be more interested in the finer implementation details.Organization

The book is organized into three parts. Part I provides essential background information necessary to better understand the concepts and principles behind PKI. Part II addresses standards and related activities (for example, industry-sponsored interoperability initiatives) related to PKI. There are two primary purposes for including this section in the book:

  1. It provides an overview of the major standards bodies involved in the PKI arena and discusses the main focus of each group, giving a road map to some of these activities.
  2. It demonstrates the relative maturity and stability of this area, highlighting the fact that a solid basis for implementation and interoperability has already been laid.

Part III discusses PKI deployment considerations, providing guidance for some of the initial and fundamental decisions that must be made prior to any PKI deployment.Part I: Concepts

Part I of this book deals with fundamental PKI concepts. This includes background information (for example, a primer on cryptography is included), as well as detailed information with respect to public-key certificates and certificate revocation schemes.

Chapter 1, Introduction, introduces Part I and provides a list of the contents of Part I on a chapter-by-chapter basis.

Chapter 2, Public-Key Cryptography, provides a brief, nonmathematical introduction to the concepts of public-key cryptography relevant to the material presented throughout the remainder of the book. It includes the distinction between symmetric and public-key ciphers, the concept of a key pair, the services of this technology, terminology, and sample algorithms.

Chapter 3, The Concept of an Infrastructure, discusses an infrastructure, highlighting its usefulness as an application enabler, its role in secure single sign-on, and its capability to provide end-user transparency and comprehensive security. This chapter also provides a working definition of PKI.

Chapter 4, Core PKI Services: Authentication, Integrity, and Confidentiality, and Chapter 5, PKI-Enabled Services, examine services that a PKI can provide. Chapter 4 discusses the core services of authentication, integrity, and confidentiality; Chapter 5 looks at PKI-enabled services such as digital time stamping, notarization, non-repudiation, and privilege management.

Chapter 6, Certificates and Certification, introduces the concept of a certificate and discusses the process of certification. Certificate contents and format are described, along with the role of a Certification Authority (CA) and a Registration Authority (RA).

Chapter 7, Key and Certificate Management, looks at the whole area of key/certificate lifecycle management, including generation, publication, update, termination, key history, key backup, and key recovery.

Chapter 8, Certificate Revocation, discusses common techniques for certificate revocation, including both periodic publication mechanisms and on-line query mechanisms.

Chapter 9, Trust Models, examines the concept of trust models. Strict hierarchies, loose hierarchies, policy-based hierarchies, distributed architectures, the four-corner model, the Web model, user-centric trust, and cross-certification are presented and compared. We also discuss certificate path processing in this chapter.

Chapter 10, Multiple Certificates per Entity, includes an examination of key pair uses, support for non-repudiation, and independent certificate management.

Chapter 11, PKI Information Dissemination: Repositories and Other Techniques, looks at the area of certificate dissemination and repositories. Options for sharing public-key-related information between two or more cooperating PKI domains are discussed.

Chapter 12, PKI Operational Considerations, discusses client-side software, on-line requirements, physical security, and disaster planning/recovery, along with tradeoffs between system security and ease of use.

Chapter 13, Electronic Signature Legislation and Considerations, discusses some of the recent legislation and directives that pertain to electronic signatures and clarifies some of the terminology associated with various forms of electronic signatures, including digital signatures. Some of the requirements and obligations that may apply to Certification Authorities (CAs), subscribers, and relying parties are briefly discussed.

Chapter 14, PKI in Practice, focuses on the use of PKI in the real world and tries to clarify some common misunderstandings and sources of confusion about what PKI can do and what it can't do (and was never intended to do).

Chapter 15, The Future of PKI, considers this oft-posed question: Why has PKI not "taken off" yet? This chapter offers an opinion about why PKI adoption has been slower than many people expected and discusses—with a view to emerging trends in the industry—the future of PKI.

Chapter 16, Conclusions and Further Reading, concludes Part I and suggests some sources to consult for further reading in this area.Part II: Standards

Part II of this book addresses standards activities and interoperability initiatives.

Chapter 17, Introduction, introduces Part II and provides a list of the contents of Part II on a chapter-by-chapter basis.

Chapter 18, Major Standards Activities, discusses some of the most prominent activities taking place within formal standards bodies, as well as related efforts being undertaken outside the standards bodies.

Chapter 19, Standardization Status and Road Map, provides the current and projected nearterm standardization status of some of the most significant specifications.

Chapter 20, Standards: Necessary but Not Sufficient, considers the fact that the existence of a "standard," whether it is the product of a formal standards body or not, is necessary but not sufficient to guarantee that the products of different vendors will interoperate with one another. Some of the reasons for this are given, along with a discussion of the usefulness of profiling activities and interoperability pilots.

Finally, Chapter 21, Conclusions and Further Reading, provides concluding remarks and some suggestions for further reading.Part III: Deployment Considerations

Part III of this book addresses deployment. Not intended to be a deployment handbook, this part of the book primarily identifies many of the deployment questions that should be asked (and answered) when considering any large-scale enterprise PKI deployment.

Chapter 22, Introduction, introduces Part III and provides a list of the contents of Part III on a chapter-by-chapter basis.

Chapter 23, Benefits and Costs of a PKI, discusses the benefits realized through the deployment of a PKI. It also discusses cost considerations. This chapter helps identify sound business reasons for deploying a PKI in the enterprise environment.

Chapter 24, Deployment Issues and Decisions, discusses a number of issues that should be resolved before initial deployment occurs. Essentially, this chapter provides a basic foundation for product selection.

Chapter 25, Barriers to Deployment, addresses some of the more common hurdles to deployment,issues that one must consider in terms of long-term strategy.

Chapter 26, Typical Business Models, explains some of the more common business models one may want to implement. It also provides a brief discussion of some initiatives that can be used as a basis to establish interdomain trust.

Chapter 27, Conclusions and Further Reading, concludes Part III and offers suggestions for further reading.Vendor-Neutral Policy

We would like to emphasize that we have made every attempt to ensure that this book is as vendor neutral as possible. In fact, some of the original text has been modified at the request of one or more reviewers when (unintentionally) it even remotely appeared that we were advocating one approach over another. As authors, we are describing in this book our "vision" of what constitutes a comprehensive PKI. Although this viewpoint occasionally aligns more closely with some environments and certain specific vendor products than others, we hasten to point out that we are not aware of any one vendor that offers all the services that are described within this book.

We also recognize that some environments are necessarily more closely aligned with a subset of the components and services described herein (because of their specific requirements and target users), and we fully understand that these environments may never need to fully align with what we refer to as a comprehensive PKI. This is as it should be. This book is not about the "Internet PKI," nor is it meant to be limited to the "enterprise PKI"—although, arguably, the enterprise environment is closer today to our notion of the comprehensive PKI than many alternative deployment environments. This book attempts to describe all aspects of a PKI; specific environments will implement subsets as needed. We have provided a discussion of some of today's PKI variations at the end of Chapter 5 in order to clarify these concepts.

Read More Show Less

Table of Contents

Foreword
Preface
About the Authors
Pt. I Concepts 1
1 Introduction 3
2 Public-Key Cryptography 7
3 The Concept of an Infrastructure 21
4 Core PKI Services: Authentication, Integrity, and Confidentiality 37
5 PKI-Enabled Services 49
6 Certificates and Certification 69
7 Key and Certificate Management 89
8 Certificate Revocation 105
9 Trust Models 131
10 Multiple Certificates per Entity 151
11 PKI Information Dissemination: Repositories and Other Techniques 159
12 PKI Operational Considerations 171
13 Electronic Signature Legislation and Considerations 183
14 PKI in Practice 195
15 The Future of PKI 207
16 Conclusions and Further Reading 217
Pt. II Standards 219
17 Introduction 221
18 Major Standards Activities 223
19 Standardization Status and Road Map 237
20 Standards: Necessary but Not Sufficient 243
21 Conclusions and Further Reading 253
Pt. III Deployment Considerations 259
22 Introduction 261
23 Benefits and Costs of a PKI 263
24 Deployment Issues and Decisions 269
25 Barriers to Deployment 283
26 Typical Business Models 287
27 Conclusions and Further Reading 295
References 297
Index 311
Read More Show Less

Preface

Without doubt, the promise of public-key infrastructure (PKI) technology has attracted a significant amount of attention in the last few years. Hardly a week goes by without some facet of PKI being addressed in a newspaper, trade journal, or conference paper. We hear and read about the promise of authentication and non-repudiation services provided through the use of digital signature techniques and about confidentiality and key management services based on a combination of symmetric and asymmetric cryptography—all facilitated through the realization of a supporting technology referred to as PKI. In fact, many people consider the widespread deployment of PKI technology to be an important enabler of secure global electronic commerce.

Although the foundation for PKI was established over two decades ago with the invention of public-key cryptography, PKI technology has been offered as a commercially viable solution only within the last few years. But what started as a handful of technology vendors a few years ago has seen the birth of dozens, perhaps hundreds, of products that offer one form or another of PKI-related service. Further, the commercial demand for PKI-based services remains strong, and available evidence suggests that this will continue for the foreseeable future.

Still, as a technology, PKI is fairly new. And to many, PKI technology is shrouded in mystery to some extent. This situation appears to be exacerbated by the proliferation of conflicting documentation, standards, and vendor approaches. Furthermore, there are few comprehensive books devoted to PKI that provide a good introduction to its critical concepts and technology fundamentals.

Thus, the authors sharea common motivation in writing this book: to provide a vendor-neutral source of information that can be used to establish a baseline for understanding PKI. In this book, we provide answers to many of the fundamental PKI-related questions, including

  • What exactly is a PKI?
  • What constitutes a digital signature?
  • What is a certificate?
  • What is certificate revocation?
  • What is a Certification Authority (CA)?
  • What are the governing standards?
  • What are the issues associated with large-scale PKI deployment within an enterprise?
  • These are just some of the questions we explore in this book.

    Motivations for PKI

    It is important to recognize that PKI is not simply a "neat" technology without tangible benefits.When deployed judiciously, PKI offers certain fundamental advantages to an organization, including the potential for substantial cost savings. PKI can be used as the underlying technology to support authentication, integrity, confidentiality, and non-repudiation. This is accomplished through a combination of symmetric and asymmetric cryptographic techniques enabled through the use of a single, easily managed infrastructure rather than multiple security solutions. (See Chapter 2, Public-Key Cryptography; Chapter 3, The Concept of an Infrastructure; Chapter 4, Core PKI Services: Authentication, Integrity, and Confidentiality; and Chapter 5, PKI-Enabled Services.) PKI offers scalable key management in that the overhead associated with the distribution of keying material to communicating parties is reduced significantly when compared with solutions based solely on symmetric cryptography. description of symmetric and asymmetric cryptographic techniques.) Ultimately, however, the primary motivations from a business standpoint are not technical but economic: How can PKI give a positive return on investment? To that end, judicious deployment of a single, unifying PKI technology can help, among other things

  • Reduce administrative overhead (when compared with the deployment of multiple point solutions)
  • Reduce the number of passwords required by end users (and, consequently, the administrative and help desk costs associated with managing them)
  • Reduce paperwork and improve workflow efficiencies through more automated (and more secure) business processes
  • Optimize work-force productivity (by ensuring that users spend less time contending with the security infrastructure and more time on the job at hand)
  • Reduce requirements for end-user training related to the use of the security services (because there is one security solution rather than many)
  • Not only does PKI technology have the potential to realize cost savings, but in some cases it also might even be a source of revenue for an organization (through support for new services that might otherwise not be offered). Benefits and related business considerations associated with PKI technology are discussed further in Part III, Deployment Considerations.

    Changes in the Second Edition

    The world, and PKI's place in the world, has evolved somewhat since the first edition of this book was written. Like many technologies, PKI has experienced the highs and lows of media attention and analyst focus: In three short years, the descriptions have covered the spectrum from "silv bullet" to "snake oil." There is still confusion regarding naming of entities and the use of PKI in real-world business applications such as e-mail. Occasionally, the long-term viability of PKI is questioned in journals or trade publications. In this second edition, two new chapters have been added to address precisely these areas:

  • Chapter 14, PKI in Practice, looks at the use of this technology in the real world and tries to clarify where PKI can be beneficial and where it cannot.
  • Chapter 15, The Future of PKI, is based upon an observation of how the world has been evolving and attempts to answer the question: Will this technology survive and, if so, why?
  • For the most part, however, the roller coaster of public opinion has now largely stabilized. There is general consensus that PKI is one viable option for a good, solid authentication technology with a number of appealing benefits compared with other technologies. In conjunction with this, PKI itself has matured and evolved to better meet the needs of the environments that might deploy it and rely on it for various services. In this edition, changes and additions have been made throughout the book to capture and explain this evolution. Some specific examples include the following:

  • Chapter 5, PKI-Enabled Services, now includes a section on privacy as a service that may be enabled by a PKI.
  • Chapters 6, Certificates and Certification, and 8, Certificate Revocation, have been updated to reflect new extensions and clarification text that were introduced in the X.509 (2000) standard.
  • Chapter 9, Trust Models, now incorporates material on several additional trust model appropriate in some environments.
  • Chapter 13, Electronic Signature Legislation and Considerations, has been revised and updated to reflect the significant progress that has been made in that area since late 1999. * The whole of Part II, Standards, has been updated to incorporate the latest achievements in that area, as well as the new initiatives that have been started, especially in the eXtensible Markup Language (XML) standards bodies. Numerous other, more minor, updates and revisions may be found throughout the book.
  • Audience

    The main purpose of this book is to provide a fairly comprehensive overview that will help the reader better understand the technical and operational considerations behind PKI technology. You will benefit from this book if you are responsible for the planning, deployment, and/or operation of an enterprise PKI. Those who are simply interested in the basic principles behind a PKI should also find this book useful.

    We hope that this book will become an educational tool for many and a handy reference guide for others. This book is not intended to resolve extremely detailed implementation questions, although it can serve as a primer for someone who will eventually be more interested in the finer implementation details.

    Organization

    The book is organized into three parts. Part I provides essential background information necessary to better understand the concepts and principles behind PKI. Part II addresses standards and related activities (for example, industry-sponsored interoperability initiatives) related to PKI. There are two primary purposes for including this section in the book:

    1. It provides an overview of the major standards bodies involved in the PKI arena and discusses the main focus of each group, giving a road map to some of these activities.
    2. It demonstrates the relative maturity and stability of this area, highlighting the fact that a solid basis for implementation and interoperability has already been laid.

    Part III discusses PKI deployment considerations, providing guidance for some of the initial and fundamental decisions that must be made prior to any PKI deployment.

    Part I: Concepts

    Part I of this book deals with fundamental PKI concepts. This includes background information (for example, a primer on cryptography is included), as well as detailed information with respect to public-key certificates and certificate revocation schemes.

    Chapter 1, Introduction, introduces Part I and provides a list of the contents of Part I on a chapter-by-chapter basis.

    Chapter 2, Public-Key Cryptography, provides a brief, nonmathematical introduction to the concepts of public-key cryptography relevant to the material presented throughout the remainder of the book. It includes the distinction between symmetric and public-key ciphers, the concept of a key pair, the services of this technology, terminology, and sample algorithms.

    Chapter 3, The Concept of an Infrastructure, discusses an infrastructure, highlighting its usefulness as an application enabler, its role in secure single sign-on, and its capability to provide end-user transparency and comprehensive security. This chapter also provides a working definition of PKI.

    Chapter 4, Core PKI Services: Authentication, Integrity, and Confidentiality, and Chapter 5, PKI-Enabled Services, examine services that a PKI can provide. Chapter 4 discusses the core services of authentication, integrity, and confidentiality; Chapter 5 looks at PKI-enabled services such as digital time stamping, notarization, non-repudiation, and privilege management.

    Chapter 6, Certificates and Certification, introduces the concept of a certificate and discusses the process of certification. Certificate contents and format are described, along with the role of a Certification Authority (CA) and a Registration Authority (RA).

    Chapter 7, Key and Certificate Management, looks at the whole area of key/certificate lifecycle management, including generation, publication, update, termination, key history, key backup, and key recovery.

    Chapter 8, Certificate Revocation, discusses common techniques for certificate revocation, including both periodic publication mechanisms and on-line query mechanisms.

    Chapter 9, Trust Models, examines the concept of trust models. Strict hierarchies, loose hierarchies, policy-based hierarchies, distributed architectures, the four-corner model, the Web model, user-centric trust, and cross-certification are presented and compared. We also discuss certificate path processing in this chapter.

    Chapter 10, Multiple Certificates per Entity, includes an examination of key pair uses, support for non-repudiation, and independent certificate management.

    Chapter 11, PKI Information Dissemination: Repositories and Other Techniques, looks at the area of certificate dissemination and repositories. Options for sharing public-key-related information between two or more cooperating PKI domains are discussed.

    Chapter 12, PKI Operational Considerations, discusses client-side software, on-line requirements, physical security, and disaster planning/recovery, along with tradeoffs between system security and ease of use.

    Chapter 13, Electronic Signature Legislation and Considerations, discusses some of the recent legislation and directives that pertain to electronic signatures and clarifies some of the terminology associated with various forms of electronic signatures, including digital signatures. Some of the requirements and obligations that may apply to Certification Authorities (CAs), subscribers, and relying parties are briefly discussed.

    Chapter 14, PKI in Practice, focuses on the use of PKI in the real world and tries to clarify some common misunderstandings and sources of confusion about what PKI can do and what it can't do (and was never intended to do).

    Chapter 15, The Future of PKI, considers this oft-posed question: Why has PKI not "taken off" yet? This chapter offers an opinion about why PKI adoption has been slower than many people expected and discusses—with a view to emerging trends in the industry—the future of PKI.

    Chapter 16, Conclusions and Further Reading, concludes Part I and suggests some sources to consult for further reading in this area.

    Part II: Standards

    Part II of this book addresses standards activities and interoperability initiatives.

    Chapter 17, Introduction, introduces Part II and provides a list of the contents of Part II on a chapter-by-chapter basis.

    Chapter 18, Major Standards Activities, discusses some of the most prominent activities taking place within formal standards bodies, as well as related efforts being undertaken outside the standards bodies.

    Chapter 19, Standardization Status and Road Map, provides the current and projected nearterm standardization status of some of the most significant specifications.

    Chapter 20, Standards: Necessary but Not Sufficient, considers the fact that the existence of a "standard," whether it is the product of a formal standards body or not, is necessary but not sufficient to guarantee that the products of different vendors will interoperate with one another. Some of the reasons for this are given, along with a discussion of the usefulness of profiling activities and interoperability pilots.

    Finally, Chapter 21, Conclusions and Further Reading, provides concluding remarks and some suggestions for further reading.

    Part III: Deployment Considerations

    Part III of this book addresses deployment. Not intended to be a deployment handbook, this part of the book primarily identifies many of the deployment questions that should be asked (and answered) when considering any large-scale enterprise PKI deployment.

    Chapter 22, Introduction, introduces Part III and provides a list of the contents of Part III on a chapter-by-chapter basis.

    Chapter 23, Benefits and Costs of a PKI, discusses the benefits realized through the deployment of a PKI. It also discusses cost considerations. This chapter helps identify sound business reasons for deploying a PKI in the enterprise environment.

    Chapter 24, Deployment Issues and Decisions, discusses a number of issues that should be resolved before initial deployment occurs. Essentially, this chapter provides a basic foundation for product selection.

    Chapter 25, Barriers to Deployment, addresses some of the more common hurdles to deployment,issues that one must consider in terms of long-term strategy.

    Chapter 26, Typical Business Models, explains some of the more common business models one may want to implement. It also provides a brief discussion of some initiatives that can be used as a basis to establish interdomain trust.

    Chapter 27, Conclusions and Further Reading, concludes Part III and offers suggestions for further reading.

    Vendor-Neutral Policy

    We would like to emphasize that we have made every attempt to ensure that this book is as vendor neutral as possible. In fact, some of the original text has been modified at the request of one or more reviewers when (unintentionally) it even remotely appeared that we were advocating one approach over another. As authors, we are describing in this book our "vision" of what constitutes a comprehensive PKI. Although this viewpoint occasionally aligns more closely with some environments and certain specific vendor products than others, we hasten to point out that we are not aware of any one vendor that offers all the services that are described within this book.

    We also recognize that some environments are necessarily more closely aligned with a subset of the components and services described herein (because of their specific requirements and target users), and we fully understand that these environments may never need to fully align with what we refer to as a comprehensive PKI. This is as it should be. This book is not about the "Internet PKI," nor is it meant to be limited to the "enterprise PKI"—although, arguably, the enterprise environment is closer today to our notion of the comprehensive PKI than many alternative deployment environments. This book attempts to describe all aspects of a PKI; specific environments will implement subsets as needed. We have provided a discussion of some of today's PKI variations at the end of Chapter 5 in order to clarify these concepts.

    Read More Show Less

    Customer Reviews

    Be the first to write a review
    ( 0 )
    Rating Distribution

    5 Star

    (0)

    4 Star

    (0)

    3 Star

    (0)

    2 Star

    (0)

    1 Star

    (0)

    Your Rating:

    Your Name: Create a Pen Name or

    Barnes & Noble.com Review Rules

    Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

    Reviews by Our Customers Under the Age of 13

    We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

    What to exclude from your review:

    Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

    Reviews should not contain any of the following:

    • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
    • - Time-sensitive information such as tour dates, signings, lectures, etc.
    • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
    • - Comments focusing on the author or that may ruin the ending for others
    • - Phone numbers, addresses, URLs
    • - Pricing and availability information or alternative ordering information
    • - Advertisements or commercial solicitation

    Reminder:

    • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
    • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
    • - See Terms of Use for other conditions and disclaimers.
    Search for Products You'd Like to Recommend

    Recommend other products that relate to your review. Just search for them below and share!

    Create a Pen Name

    Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

     
    Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

    Continue Anonymously

      If you find inappropriate content, please report it to Barnes & Noble
      Why is this product inappropriate?
      Comments (optional)