Rating: 
Summary: Excellent PKI reference
Review: Pundits, the press, and other elements of the cognoscenti invariably attempt to make every year "the year of" something. For whatever else 2000 might be the year of, many technology periodicals have proclaimed it the year of public key infrastructure, or PKI. Didn't know that? Many people don't even understand the term, which is neither descriptive nor intuitive.In the physical world, trust is built through a complex web of social, legal, national, international, and business transactions that can take years or decades to develop. Items such as driver's licenses or passports create trust, because they are underwritten by the issuing authority. Unfortunately, the same level of trust is much harder to implement in the electronic world. One way to do so is via PKI. As an example, one can use a passport for identification in the physical world. The cyberspace equivalent could be a digital certificate for authentication. Similarly, ink-based signatures are used on binding contracts. In the digital world, digital signatures are used to ensure a concept called nonrepudiation, by which the party involved in a process cannot later deny that he or she took part in it. Understanding Public-Key Infrastructure is a guide to the effective deployment of PKI. The authors do a great job of covering the critical areas of PKI, including certification, operational considerations, standardization efforts, and deployment issues. The authors deserve credit for producing a guide that avoids getting bogged down in minutiae and other technical details. Their approach is to cover a topic at a broad level, delve into some detail, then refer the reader to an appropriate source for particulars. They are also obsessively vendor-neutral. This is an important book for those who expect to do e-commerce. Because whether anyone realizes it or not, this is the year of the PKI. This review of mine originally appears at http://www.securitymanagement.com/library/000859.html
Rating: 
Summary: Great Overview of PKI from Entrust's Top Cryptographer
Review: This book gives a great overview of PKI for the corporate descision maker who is trying to deside if PKI is a required solution. More theory than technical, this book is a good primer for the technology. Although the authors work for Entust and they claim there is no prejudice in the book, they still recommend 'best practices' that just so happen to be only available via Entrust. Despite the bend toward Entrust solutions, this is still a great buy.
Rating:
Summary: Wonderful overview
Review: This is an excellent summary and overview of a difficult topic. It simplifies and explains without removing important detail or obscuring unsolved problems. It's an excellent book for technical people new to PKI, or for manager/business types who need a deeper understanding of the technology. I bought extra copies to hand out at work to people who needed to know this stuff.
| 
