REVIEW: "SSL and TLS", Eric Rescorla
- BKSSLTLS.RVW 20010607
"SSL and TLS", Eric Rescorla, 2001, 0-201-61598-3, U$39.95/C$59.95
%A Eric Rescorla ekr@...
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$39.95/C$59.95 416-447-5101 fax: 416-443-0948
%P 499 p.
%T "SSL and TLS: Designing and Building Secure Systems"
The preface states, quite clearly, that this is a work for designers,
programmers, and implementors. In other words, it's a very technical
book. Even the preface, though, is written with a clarity that is
unusual, and refreshing, in technical literature.
Chapter one provides some background to communications security and
encryption. The material is demanding, and is definitely not a
primer. A number of items are glossed over, but the persistent reader
should be able to glean some very solid explanations of important
concepts. The "family tree" of SSL (Secure Sockets Layer) is given in
chapter two, with a description of the development steps along the
way. Chapter three outlines the basic, or most common, mode of SSL,
and then provides details about specific aspects of the algorithms and
data structures used at different points. Various options and
extensions, for a number of functions, are described in chapter four.
The security of the SSL system itself, as opposed to the security it
provides for transactions, is thoroughly examined in chapter five.
Chapter six is an examination of performance issues, and the ways in
which execution can, and can't, be improved.
SSL is, of course, only a protocol and not a full application. Design
considerations for effective use within a system are detailed in
chapter seven, and sample C and Java code for effecting the operations
is given in eight. SSL was designed for, and is most widely used
with, HTTP (HyperText Transfer Protocol), and chapter nine details the
requirements and difficulties of using the system to secure Web
communications. Chapter ten uses SMTP (Simple Mail Transfer Protocol)
as an example of the use of SSL to protect other communications
operations. Finally, Rescorla compares SSL to the major competing
systems of IPsec, S-HTTP (Secure HTTP), and S/MIME. (It is nice to
see that the author identifies his own potential bias in the debate.)
This book is aimed at a technical audience, and members of that group
will undoubtedly welcome it. However, the lucid presentation, and
range of security concepts covered make this a useful reference for
many others. Those involved in online commerce and the necessity to
secure transactions over insecure links will find solid discussions
addressing those issues. Security analysts and practitioners may be
challenged to look into the internals of systems generally examined
only at a superficial level. And anyone interested in the security of
the Internet will find a clear and fascinating review of its
copyright Robert M. Slade, 2001 BKSSLTLS.RVW 20010607
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
The optimist sees the glass as half full.
The pessimist sees the glass as half empty.
The engineer sees that the glass was twice as large as necessary.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade