CertCities.com -- The Ultimate Site for Certified IT Professionals
Free CertCities.com Newsletter via E-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story:
IT Gone Bad

The SharePoint Diaries

Server Core: Windows Without Windows

Reader Review: Virtual Server Has Real Fans

Beta Man: Windows PowerShell: Command Performance


CertCities.com
Let us know what you
think! E-mail us at:



Visit Redmond Media Group

-- advertisement --
Traveling to a
Tradeshow or Event?
shafer lake hotels
hotels huntley illinois
hotels in tel aviv
Bellagio Hotel Las Vegas
pickwick arms hotel in new york
embassy suites atlanta - buckhead
find hotels in costa rica
hotels great american baseball park
burlington vt
georgetown conference marriott

 
 
...Home ... Editorial ... Reviews ..Book Review Article Monday: October 30, 2006




PKI Primer
Understanding PKI is a compelling read that proves itself as an (almost) complete introduction to PKI.

by Roberta Bragg

3/12/2001 --
Book Review

Unix and Windows Integration

Title  Understanding Public-Key Infrastructure: Concepts, Standards and Deployment Considerations
Authors Carlisle Adams, Steve Lloyd
Publisher New Riders
Publication Date November 1999
ISBN 1-57870-166-x
Price $50.00 (U.S.)
Pros Brings up thought-provoking issues.
Cons Some sections don't go into enough detail.
Verdict This book raises questions about the difficulties that are inherent in PKI.
If you're seeking a general introduction to the nomenclature, operation and pitfalls of Public-Key Infrastructure (PKI) look no further. However, if you are expecting unequivocal support for PKI as the next best thing since sliced bread, you won’t find that here.

In the first section of "Understanding Public-Key Infrastructure" authors Carlisle Adams and Steve Lloyd cover the concepts. This is the part that you will find most interesting and thought-provoking. You'll find the definition of terms and concepts of PKI, as well as exposure of its shortcomings. Super definitions of security terms like non-repudiation ("the service that assures, to the extent technically possible, that entities remain honest about their actions"), and authorization ("what the identity is allowed to see and do") abound the ability of PKI to provide these things is challenged.

The authors don't attack PKI nor do they dismiss it as a security infrastructure; rather, they're attempting to make sure that any consideration of PKI also includes careful consideration of its vulnerabilities. No system is perfect, they point out, and we need to know that if we're going to use it.

A good example of their treatment can be found in their discussion of non-repudiation. Non-repudiation is often referred to as the ability to prevent a user from falsely denying have originated a message or document, or falsely denying having received it. Can this be done? Here's where all that time you spent watching "Matlock" and "Murder She Wrote" comes in.

Imagine that Alice sends Bob a message. If Bob sends Alice a digitally signed receipt, then it seems clear that he received the message. However, what if Bob gave his private key (the key used to digitally sign the receipt) away, or it was stolen? Can he then claim that he didn't send the receipt? What if it could be shown that when his key pair was calculated, it was done so in a manner that it cannot be proven, that someone else could not have gotten a copy of the private key?

-- advertisement (story continued below) --

Non-repudiation also requires other PKI structures to be in place. A secure time service and a secure data archive are important factors. Every good detective knows that timing is important to an investigation, and factors involving the storage of the receipt and other data are critical. What if Bob claims that he requested the revocation of his certificate and private key prior to the time the message was sent? Can it be proved that the time stamp on the receipt is correct? Is the archive where the receipt is stored tamper proof? What if Bob was on vacation when the message was sent? When he returns he realizes his private key was compromised and requests its revocation, is he still culpable for the uses of the key while he was gone? This text focuses on many of these issues.

The second part of "Understanding Public-Key Infrastructure" introduces the standards as they were at the time of writing. Note the references and give it the biblical treatment (skim through the "begats" to get to the conclusion -- as the authors say "Standards: Necessary but Not Sufficient").

The last section of the book purports to be a treatment of deployment considerations. It seems more like a section that should have been longer and more comprehensive but the authors got tired. I know I was by the time I got there.

While not every concept is challenged, you'll find plenty of intriguing ideas in this book. Overall, this is a well laid out, thought-provoking introduction to PKI by authors with the credentials to back up their statements. I think this book is a must (and bargain at the price) for anyone who is or is considering the implementation of PKI, or just wants to know what all the fuss is about.

Have you read this book? Let us know what you think! Rate it below or enter our Forums.


Roberta Bragg, MCSE, MCT, CISSP, runs her company, Have Computer Will Travel Inc., out of a notebook carrying case. She's an independent consultant specializing in security, operating systems and databases. She is a contributing editor for Microsoft Certified Professional magazine. You can reach her at .
More articles by Roberta Bragg:


Current CertCities.com user Comments for “PKI Primer

There are no comments yet. Post one now.

There no comments at this time. Add one now.

Book Rating Key
five stars - true gurus only excellent
four stars - very difficult very good
three stars - difficult, but manageable good
two stars - somewhat challeging fair
one star - cakewalk poor
Your comment about: “PKI Primer ”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   
top


Sponsored Links
Try IT Certification Training Videos Free
Microsoft, CompTIA and Cisco multimedia-based Computer Training
Already Microsoft, Sun, CompTIA, or Cisco certified
Turn it into a bachelor's degree...fast!
Empower yourself and your company
Maximize efficiency in your IT environment with Citrix Education
Save 25% on MeasureUp Practice Tests
MCSE, MCITP, MCPT, MCTS and more. Get Certified. Pass Guaranteed.
Authorized Cisco training for
CCNA, CCNP, CCSP, CCVP, and CCIE
Save 25% on Self Test Software Certification Prep
Practice Tests, Study Guides, Online Learning all on sale now
20% Off Transcender
Practice Exams, Study Guides, eLearning Courses
Learn How to Improve Network Security Without Busting Your Budget
Watch this free Webcast today!
IT certification news delivered weekly
Subscribe Today!



Home | Microsoft® | Cisco® | Oracle® | A+/Network+" | Linux/Unix | MOS | Security | List of Certs
Advertise | Contact Us | Contributors | Features | Forums | News | Pop Quiz | Tips | Press Releases | RSS Feeds RSS Feeds from CertCities.com
Search | Site Map | Redmond Media Group | TechMentor Conferences | Tech Library Webcasts
This Web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc., Microsoft Corp., Oracle Corp., The Computing Technology Industry Association, Linus Torvolds, or any other certification or technology vendor. Cisco® and Cisco Systems® are registered trademarks of Cisco Systems, Inc. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corp. Oracle® is a registered trademark of Oracle Corp. A+®, i-Net+T, Network+T, and Server+T are trademarks and registered trademarks of The Computing Technology Industry Association. (CompTIA). LinuxT is a registered trademark of Linus Torvalds. All other trademarks belong to their respective owners.
Reprints allowed with written permission from the publisher. For more information, e-mail
Application Development Trends | Campus Technology | CertCities.com | The Data Warehousing Institute
E-Gov | EduHound | ENTmag.com | Enterprise Systems | Federal Computer Week | Government Health IT
IT Compliance Institute | MCPmag.com | Recharger | Redmond magazine
Redmond Channel Partner | TCPmag.com | T.H.E. Journal | TechMentor Conferences
Copyright 2000-2006 1105 Media, Inc. See our Privacy Policy.
101communications is now 1105 Media, Inc.