Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Internet Cryptography", Richard E. Smith

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINTCRP.RVW 20021215 Internet Cryptography , Richard E. Smith, 1997, 0-201-92480-3, U$29.95/C$44.95 %A Richard E. Smith internet-crypto@aw.com %C P.O.
    Message 1 of 1 , Jan 21, 2003
    • 0 Attachment
      BKINTCRP.RVW 20021215

      "Internet Cryptography", Richard E. Smith, 1997, 0-201-92480-3,
      U$29.95/C$44.95
      %A Richard E. Smith internet-crypto@...
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 1997
      %G 0-201-92480-3
      %I Addison-Wesley Publishing Co.
      %O U$29.95/C$44.95 416-447-5101 fax: 416-443-0948 bkexpress@...
      %O http://www.amazon.com/exec/obidos/ASIN/0201924803/robsladesinterne
      %P 356 p.
      %T "Internet Cryptography"

      According to the preface, this book is aimed at non-specialists who
      need to know just enough about cryptography to make informed technical
      decisions. As an example, Smith suggests systems administrators and
      managers who, while not formally charged with security, still have to
      use cryptographic techniques to secure their networks or
      transmissions.

      Chapter one is an introduction, contrasting what we want; secure
      communications; with the environment we have to work in; a wide open
      Internet. The text also looks at the balance that must be maintained
      between convenience and requirements. Encryption basics, in chapter
      two, presents the concepts of symmetric cryptography, use, and choice.
      There is a clear explanation of the ideas without overwhelming
      technical details. (It is interesting to note how quickly the
      cryptographic technology changes: SKIPJACK and ITAR were still
      important when the book was written, and are now basically
      irrelevant.) Some random thoughts on network implementation of
      encryption are given in chapter three. Managing secret keys, in
      chapter four, provides good conceptual coverage of generation and
      management, although the discussion of the problems of key escrow is
      weak. Because of the requirements for technical details when
      discussing protocols, chapter five, on IPSec, is different from other
      material in the book. It also includes a brief mention of other
      protocols. Chapter six discusses the use of IPSec in virtual private
      networks, while seven examines IPSec in terms of remote access.
      Chapter eight looks at IPSec in relation to firewalls, but it is
      difficult to see how this would be used in an actual application.

      Chapter nine reviews public key encryption and SSL (Secure Sockets
      Layer). The basic concepts of asymmetric cryptography are presented
      well, but may be unconvincing due to the lack of mathematical support
      and details. While there is an introduction to the related idea of
      digital signatures, SSL is really only barely mentioned. World Wide
      Web transaction security, in chapter ten, provides practical examples
      of the technologies discussed. The same is true of email, in chapter
      eleven, but digital signatures get a bit more explanation. Chapter
      twelve builds on the signature concept to introduce PKI (Public Key
      Infrastructure) notions.

      The fundamentals are written clearly and well, and are quite suitable
      for managers and users. Despite the lack of detail, the text may even
      be suitable for some security professionals who need a rough
      background without needing to work with the technology itself. The
      work is easy to read, although the idiosyncratic structure may be
      confusing, and the value of some chapters questionable.

      copyright Robert M. Slade, 2002 BKINTCRP.RVW 20021215

      --
      ======================
      rslade@... rslade@... slade@... p1@...
      Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
      Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
      February 10, 2003 February 14, 2003 St. Louis, MO
      March 31, 2003 April 4, 2003 Indianapolis, IN
    Your message has been successfully submitted and would be delivered to recipients shortly.