"Cryptography and Public Key Infrastructure on the Internet", Klaus
Schmeh, 2003, 0-470-84745-X, U$50.00/UK#34.95
%A Klaus Schmeh
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$50.00/UK#34.95 416-236-4433 fax: 416-236-4448
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 472 p.
%T "Cryptography and Public Key Infrastructure on the Internet"
Part one is supposed to address the question of why you would want to
use cryptography on the Internet. Chapter one is really a general
introduction or preface to the book. Chapter two tells us that
cryptography is important for security. The ability to sniff various
types of communications channels is mentioned in chapter three.
Part two introduces the basic principles of cryptography. Chapter
four outlines basic cryptographic operations, but only in the sense of
listing the basic terms: the explanations are very limited. Some
details of the internal operations of DES (Data Encryption Standard),
IDEA (International Data Encryption Algorithm), and AES (Advanced
Encryption Standard) are presented in chapter five, but not in a way
that provides a full understanding of the systems. Chapter six looks
at some of the math involved in asymmetric algorithms and describes
the Diffie-Hellman and RSA algorithms, but not how they work in
practice. Chapter seven says that digital signatures work, but not
how. Hash functions are reviewed in chapter eight. Pseudo-random
number generators and stream ciphers are the topic of chapter nine.
Part three ostensibly moves to advanced cryptography. But the topics
are ill-chosen and oddly grouped: chapter ten lists standards and
standards bodies, eleven looks at DES modes and RSA data transforms,
twelve outlines both communications protocols and attacks on
cryptography. Authentication is covered in a reasonable manner in
chapter thirteen, while a great deal of the math (and very little
explanation) of elliptic curve cryptography (ECC) is given in
fourteen, and fifteen deals with cryptographic hardware, software, and
Part four turns to public key infrastructures (PKI). Chapters sixteen
and seventeen outline the elements of a PKI. Certificates and
certificate servers are covered in eighteen and nineteen,
respectively. Chapter twenty reviews practical aspects.
Part five addresses cryptographic protocols for the Internet. Chapter
twenty-one looks at the OSI (Open Systems Interconnection) layered
model, with twenty-two examining protocols for layer 2, twenty-three
for 3 (limited to IPSec), twenty-four for 4, and twenty-five, -six, -
seven, and -eight for layer 7. (Only fair, since the TCP/IP
application layer subsumes the OSI session, presentation, and
Part six covers more about cryptography, and is probably the best
section of the book. Chapter twenty-nine deals with political aspects
of cryptography, such as export restrictions. People, companies, and
organizations are listed in chapter thirty. References and resources
are in chapter thirty-one, for those who want to study the topic
further. Chapter thirty-two finishes off with flops, myths, and snake
The writing is ragged, the structure often odd, and the technical
level very inconsistent. Material seems to have been added with no
particular purpose in mind. The chapter on random numbers starts out
with a mention of three movies, two of which have tenuous connections
to cryptography, none of which deals with the concept of randomness.
Technical details are thrown into the text without either fully
explaining the technology under discussion, or being necessary for
further topics. The result is a grab bag of indiscriminate facts that
do not furnish the reader with a full understanding of the topics.
copyright Robert M. Slade, 2005 BKCPKIOI.RVW 20051201
rslade@... slade@... rslade@...
It is the test of a good religion whether you can joke about it.
- G. K. Chesterton
Where does the idea come from that if what we are doing is fun,
it can't be God's will? The God who made giraffes has a sense of
humor. Make no mistake about that. - Catherine Marshall