REVIEW: "Big Book of IPsec RFCs", Pete Loshin
- BKBBIPSR.RVW 20000614
"Big Book of IPsec RFCs", Pete Loshin, 2000, 0-12-455839-9,
%E Pete Loshin pete@...
%C 340 Pine Street, 6th Floor, San Francisco, CA 94104-3205
%I Morgan Kaufmann Publishers
%O U$34.95/C$48.95 415-392-2665 fax: 415-982-2665 mkp@...
%T "Big Book of IPsec RFCs: Internet Security Architecture"
RFC (Request For Comments) documents are the standard references of
the Internet. (Not that all of them are standards as such: some are
discussion papers or even opinion pieces. RFC 1796 has an interesting
take on this fact.) IPsec is that group of articles dealing with
security. The RFCs are important materials. They are also available
online, for free. Why, then, would you pay for a collection of them?
Fortunately for the ease of my review, Loshin asks this question, and
gives a detailed answer, in the introduction. In the first place,
you'll probably want to print out the documents at some time, and this
is probably one of the cheapest ways to do it. (Certainly one of the
most convenient.) Also, this is a collection of the IPsec standards,
and therefore the compilation work has been done for you. Finally,
Loshin has provided an extensive index, which greatly increases the
value of the text. (Original formatting has been retained, and the
individual manuscripts preserve their page numbering: the index can be
used to point to items in the RFCs even for those referring to the
Twenty three RFCs are included in the book. Fortunately for Loshin's
effort, one of the documents provides an overview of net security and
another presents a structure for the RFCs themselves. Each contains
its own definitions of terminology, although an aggregated glossary
would have been helpful. The items are listed in numerical order, as
is suitable for a reference work: RFC 2401, on security architecture,
is possibly the best starting point for newcomers, but is roughly in
the middle of the book, and RFC 2411, describing the relationships
among the RFCs, comes near the end.
Topics include the MD4 and MD5 digest algorithms, using MD5 for IP
authentication, ESP (Encapsulating Security Payload) encryption, RC5
encryption, hashed message authentication code (HMAC), the CAST-128
algorithm, test cases for message digests, RC2 encryption, security
architecture, the authentication header, Internet Security Association
and Key Management Protocol (ISAKMP), security associations, Internet
Key Exchange (IKE), NULL encryption, a document roadmap, OAKLEY key
determination, and the Diffie-Hellman key agreement method.
For those needing, or even wanting, to know about IPsec, this is the
copyright Robert M. Slade, 2000 BKBBIPSR.RVW 20000614
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
The beautiful thing about learning is nobody can take it away
from you. - B. B. King
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade