Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "SSL and TLS", Eric Rescorla

Expand Messages
  • Rob Slade grandpa of Ryan Trevor Pride &
    BKSSLTLS.RVW 20010607 SSL and TLS , Eric Rescorla, 2001, 0-201-61598-3, U$39.95/C$59.95 %A Eric Rescorla ekr@rtfm.com %C P.O. Box 520, 26 Prince Andrew
    Message 1 of 1 , Aug 20, 2001
      BKSSLTLS.RVW 20010607

      "SSL and TLS", Eric Rescorla, 2001, 0-201-61598-3, U$39.95/C$59.95
      %A Eric Rescorla ekr@...
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2001
      %G 0-201-61598-3
      %I Addison-Wesley Publishing Co.
      %O U$39.95/C$59.95 416-447-5101 fax: 416-443-0948
      %P 499 p.
      %T "SSL and TLS: Designing and Building Secure Systems"

      The preface states, quite clearly, that this is a work for designers,
      programmers, and implementors. In other words, it's a very technical
      book. Even the preface, though, is written with a clarity that is
      unusual, and refreshing, in technical literature.

      Chapter one provides some background to communications security and
      encryption. The material is demanding, and is definitely not a
      primer. A number of items are glossed over, but the persistent reader
      should be able to glean some very solid explanations of important
      concepts. The "family tree" of SSL (Secure Sockets Layer) is given in
      chapter two, with a description of the development steps along the
      way. Chapter three outlines the basic, or most common, mode of SSL,
      and then provides details about specific aspects of the algorithms and
      data structures used at different points. Various options and
      extensions, for a number of functions, are described in chapter four.
      The security of the SSL system itself, as opposed to the security it
      provides for transactions, is thoroughly examined in chapter five.
      Chapter six is an examination of performance issues, and the ways in
      which execution can, and can't, be improved.

      SSL is, of course, only a protocol and not a full application. Design
      considerations for effective use within a system are detailed in
      chapter seven, and sample C and Java code for effecting the operations
      is given in eight. SSL was designed for, and is most widely used
      with, HTTP (HyperText Transfer Protocol), and chapter nine details the
      requirements and difficulties of using the system to secure Web
      communications. Chapter ten uses SMTP (Simple Mail Transfer Protocol)
      as an example of the use of SSL to protect other communications
      operations. Finally, Rescorla compares SSL to the major competing
      systems of IPsec, S-HTTP (Secure HTTP), and S/MIME. (It is nice to
      see that the author identifies his own potential bias in the debate.)

      This book is aimed at a technical audience, and members of that group
      will undoubtedly welcome it. However, the lucid presentation, and
      range of security concepts covered make this a useful reference for
      many others. Those involved in online commerce and the necessity to
      secure transactions over insecure links will find solid discussions
      addressing those issues. Security analysts and practitioners may be
      challenged to look into the internals of systems generally examined
      only at a superficial level. And anyone interested in the security of
      the Internet will find a clear and fascinating review of its

      copyright Robert M. Slade, 2001 BKSSLTLS.RVW 20010607

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      The optimist sees the glass as half full.
      The pessimist sees the glass as half empty.
      The engineer sees that the glass was twice as large as necessary.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.