Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "SSL and TLS: Theory and Practice", Rolf Oppliger

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKSSLTTP.RVW 20091129 SSL and TLS: Theory and Practice , Rolf Oppliger, 2009, 978-1-59693-447-4 %A Rolf Oppliger rolf.oppliger@esecurity.ch %C 685
    Message 1 of 1 , Jul 7, 2010
    • 0 Attachment
      BKSSLTTP.RVW 20091129

      "SSL and TLS: Theory and Practice", Rolf Oppliger, 2009,
      %A Rolf Oppliger rolf.oppliger@...
      %C 685 Canton St., Norwood, MA 02062
      %D 2009
      %G 978-1-59693-447-4 1-59693-447-6
      %I Artech House/Horizon
      %O 617-769-9750 800-225-9977 artech@...
      %O http://books.esecurity.ch/ssltls.html
      %O http://www.amazon.com/exec/obidos/ASIN/1596934476/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1596934476/robsladesin03-20
      %O Audience i+ Tech 3 Writing 2 (see revfaq.htm for explanation)
      %P 257 p.
      %T "SSL and TLS: Theory and Practice"

      The preface states that the book is intended to update the existing
      literature on SSL (Secure Sockets Layer) and TLS (Transport Layer
      Security), and to provide a design level understanding of the
      protocols. (Oppliger does not address issues of implementation or
      specific products.) The work assumes a basic understanding of TCP/IP,
      the Internet standards process, and cryptography, altough some
      fundamental cryptographic principles are given.

      Chapter one is a basic introduction to security and some related
      concepts. The author uses the definition of security architecture
      from RFC 2828 to provide a useful starting point and analogy. The
      five security services listed in ISO 7498-2 and X.800 (authentication,
      access control, confidentiality, integrity, and nonrepudiation) are
      clearly defined, and the resultant specific and pervasive security
      mechanisms are mentioned. In chapter two, Oppliger gives a brief
      overview of a number of cryptologic terms and concepts, but some (such
      as steganography) may not be relevant to examination of the SSL and
      TLS protocols. (There is also a slight conflict: in chapter one, a
      secure system is defined as one that is proof against a specific and
      defined threat, whereas, in chapter two, this is seen as conditional
      security.) The author's commentary is, as in all his works, clear and
      insightful, but the cryptographic theory provided does go well beyond
      what is required for this topic.

      Chapter three, although entitled "Transport Layer Security," is
      basically a history of both SSL and TLS. SSL is examined in terms of
      the protocols, structures, and messages, in chapter four. There is
      also a quick analysis of the structural strength of the specification.
      Since TLS is derived from SSL, the material in chapter five
      concentrates on the differences between SSL 3.0 and TLS 1.0, and then
      looks at algorithmic options for TLS 1.1 and 1.2. DTLS (Datagram
      Transport Layer Security), for UDP (User Datagram Protocol), is
      described briefly in chapter six, and seems to simply add sequence
      numbers to UDP, with some additional provision for security cookie
      exchanges. Chapter seven notes the use of SSL for VPN (virtual
      private network) tunneling. Chapter eight reviews some aspects of
      public key certificates, but provides little background for full
      implementation of PKI (Public Key Infrastructure). As a finishing
      touch, chapter nine notes the sidejacking attacks, concerns about man-
      in-the-middle (MITM) attacks (quite germane, at the moment), and notes
      that we should move from certificate based PKI to a trust and
      privilege management infrastructure (PMI).

      In relatively few pages, Oppliger has provided background,
      introduction, and technical details of the SSL and TLS variants you
      are likely to encounter. The material is clear, well structured, and
      easily accessible. He has definitely enhanced the literature. not
      only of TLS, but also of security in general.

      copyright Robert M. Slade, 2009 BKSSLTTP.RVW 20091129

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      In a real dark night of the soul it is always three o'clock in
      the morning, day after day. - F. Scott Fitzgerald
      victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
      http://www.infosecbc.org/links http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.