REVIEW: "Digital Signatures", Mohan Atreya et al
- BKDIGSIG.RVW 20020520
"Digital Signatures", Mohan Atreya et al, 2002, 0-07-219482-0, U$59.99
%A Mohan Atreya
%A Benjamin Hammond
%A Stephen Paine
%A Paul Starrett
%A Stephen Wu
%C 300 Water Street, Whitby, Ontario L1N 9B6
%I McGraw-Hill Ryerson/Osborne
%O U$59.99 905-430-5000 +1-905-430-5134 fax: 905-430-5020
%P 368 p.
%T "Digital Signatures"
Although cryptography is generally considered to be useful for hiding
information or holding it confidential, cryptographic methods can also
be used to determine whether data has been altered. Slightly more
specialized means can also be used to provide evidence that a certain
individual composed or verified a certain message, in the same way
that a handwritten signature is presumed to assert a person's intent
or agreement with respect to a contract. Properly used and supported,
these digital signatures can be stronger and more flexible than
physical signatures as a means of binding an identity to a document.
Chapter one is an introduction, both to some basic concepts, and to
the book as a whole. (The material is disjointed in places: there is
a section entitled "Legislation" on page six and another on page
eight, although the content is different.) The overview of
cryptography, in chapter two, has some very weak and some very good
points: the explanation of the four modes of DES (Data Encryption
Standard) is much clearer than in most texts. The description is,
however, very generic, and does not address hash or signature topics
at all, nor does it address algorithmic and key length strength and
weakness. Certificates are a vital part of the common digital
signature structure, but chapter three's discussion concentrates on
X.509 fields and request procedures, without getting into the
underlying concepts. Data integrity is another key (sorry) concept in
the creation of digital signatures, but while the material on
checksums and hashing starts out well, chapter four ends in something
of a confusing mess. Chapter five flits between real and theoretical
systems in such a way that no valid assessment of uses and
shortcomings is possible. A number of miscellaneous topics are listed
in chapter six. Chapter seven looks at various business issues and
models, generally with respect to public key infrastructure, but is
oddly unhelpful in real world terms. Some standards are listed and
tersely described in chapter eight. Definition sections lifted from
various pieces of legislation are reproduced in chapter nine. Chapter
tens lists a number of legal concepts that may have a bearing on
digital signatures: these are more practically related to systems and
policies in chapter eleven.
The technical and practical aspects of this book fall far short of
being useful either to the security professional, or to the manager
who may need to address the topic or make decisions about systems.
The legal sections, however, might justify, for the professional, the
purchase of this otherwise confused work.
copyright Robert M. Slade, 2002 BKDIGSIG.RVW 20020520
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
La mathematica e l'alfabeto nel quale Dio ha scritto l'universo.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade