Understanding PKI: Concepts, Standards, and Deployment Considerations 2/e
Authors: Carlisle Adams and Steve Lloyd
Available for download is chapter 6 entitled “Certificates and Certification”.
While attending the RSA Conference that was held in Paris last year, I attended the first Enterprise Security Basics Tutorial, that was called “PKI Primer” and obviously dealt with Public Key Infrastructure. RSA Security’s Dominic Storey, EMEA Senior Business Manager, Authentication & Digital Identity, asked the attendees if anyone of them ever used PKI. About 10% of the people listening the session, raised their hands in the air, while others were just looking around, trying to see who are the “PKI users” around them. Mr. Storey then noted that most of the “non-users” are mistaken, and proved his thought with several additional questions to them. Questions included – did you ever used PGP like utilities and have you ever bought anything online. As people affirmatively nodded their heads, the speaker noted that the mentioned services are based on PKI. The content of this book should help similar people to understand the concepts and usage of Public Key Infrastructure.
About the authors
Carlisle Adams is recognized internationally for his many contributions to the design, specification, and standardization of public-key infrastructures. He is senior cryptographer and principal of security at Entrust, Inc. He has been an active participant in the IETF Public-Key Infrastructure X.509 (PKIX) and Common Authentication Technology (CAT) working groups.
An interview with Carlisle Adams is available here.
Steve Lloyd has more than 20 years experience in data communications and distributed systems security. His areas of expertise include distributed message handling systems and directory services, TCP/IP, security protocols, security architectures, and large-scale Public-Key Infrastructure policy and technology. He is currently manager of IT security consulting at AEPOS Technologies Corporation.
Inside the book
“Understanding PKI” Second Edition is a quality hard cover book with an eye-catching design. The book itself has nearly 300 pages of text, divided into three thematic categories: Concepts, Standards and Deployment Considerations. As the book authors share an extreme amount of knowledge, the book has about 13 pages of references that were correlated in the book. After mentioning these 13 pages, I see that this doesn’t seem so much so I counted all the references and guess what – there are 168 of them.
In a special text box located in the preface of the book, it is noted that every attempt was made to make this book as vendor neutral as possible. If you are interested in specific vendor solutions or technologies, you won’t find them in here, as this book does the opposite – it provides readers the information meant to establish a baseline for understanding PKI.
The following are some of the questions answered within the book:
- What is the Public Key Infrastructure ?
- What are the major standards related to PKI?
- What is the value of Public Key Infrastructure?
- What is a certificate, certificate revocation and Certification Authority?
- What are the issues associated with large-scale PKI deployment within an enterprise?
- What deployment issues and decisions should your company consider?
Besides the two newly added chapters, due to the evolution of PKI, several changes and additions have been made throughout the book. The standards from the second part were also updated to incorporate the latest achievements and new initiatives in that area.
As the authors note, the second part of the book deals with the standards and nonstandard activities relevant to PKI technology. Intentionally this part is made into just over about 30 pages, as the authors “recognize that such activities are volatile and fluid at best, defying prediction and challenging the wisdom of static preservation in a book”. The first chapter of this part provides information on X.509, X.500, PKIX, LDAP, ANSI X9F, S/MIME, ISO TC68, IPsec, TLS, SPKI, OpenPGP, EDIFACT, IEEE, WAP and several other activities. As an expected addition, the next two chapters present the current status of PKI and PKI standardization efforts.
The meaning of the third part of “Understanding PKI”, is to introduce the readers with the concepts and issues associated with the deployment of large-scale PKIs. The authors discuss the benefits and costs of PKI, deployment steps, various business models and the possible mitigating risks.
What I think of the book
Overall, the purpose of this book is to provide a fairly extensive view on technical and operational considerations behind PKI technology. If you are planning to deploy PKI inside your company, “Understanding PKI” will provide an extensive amount of information you need to understand, to see how the things work. If you are already working on the productive Public Key Infrastructure, the book will fill the holes in your knowledge. Last but not least, if you are interested in informing and keeping in touch with “that PKI everyone is talking about”, authors made a perfect read for you. If you fall into one of these categories, you’ll find this book worth buying.