PKIForum.com - News. Information. Education.
   News.  Information.  Education.  
 Suggest a book

PKIForum.com Books is where you can find news and reviews of the latest books of interest to the PKI community.

Is there a book that you would like to see on PKIForum.com? Please send an e-mail message to books@pkiforum.com


 Subscribe

You can subscribe to our low-volume mailing list for e-mail notices of site news, contests and more.

To subscribe to our newsletter, please send an e-mail message to notify@pkiforum.com


 About PKIForum.com

PKIForum.com is an independent news, information and education organization focused on public key infrastructure (PKI).

We are developing more content to address the information and education needs of businesses and individuals interested in PKI.

To contact PKIForum.com, please send an email message to info@pkiforum.com

If you are interested in sponsorship opportunities at PKIForum.com, please send an email message to sponsor@pkiforum.com

Thank you for visiting PKIForum.com! We hope to see you again soon.


 PKI: Implementing and Managing E-Security
  BOOKS HOME    REVIEW    LINKS    BUY 

 REVIEW


Cover of PKI: Implementing and Managing E-Security by Andrew Nash, et al.
PKI:
Implementing and Managing E-Security
by Andrew Nash, William Duane, Celia Joseph and Derek Brink
$49.99 USA / $79.99 CAN
513 pages, softbound

PKI is the first in a series of security books by RSA Press, a new imprint by RSA Security and Osborne/McGraw-Hill.

Under the auspices of RSA's marketing department, four RSA staffers have teamed up to present RSA Security's view of PKI technology. Understandably, the book leans strongly toward RSA Security's products and solutions, which are used to illustrate examples wherever possible. With this bias in mind, the technical and conceptual information in the book is strong, as one would expect of a team from RSA.

Like other tutorial-style books that address this topic, PKI starts with a general introduction to security issues and the core services that PKI technology offers as solutions. The authors then provide an overview of the book, suggesting sets of chapters to read depending on the knowledge level of the reader.

This "study track" approach is a refreshing one, letting readers proceed directly to the desired information without investing large sums of time wading through this substantial book. Simply categorized, the tracks include a general track, an implementer/intermediate track, a technical/advanced track and a core reference track. There is some overlap, but this generally describes the suggested readings.

The book is structured in a logical and modular fashion that includes the obligatory primer to symmetric and public key cryptography, which leads to an explanation of PKI's core concepts, services and implementation options.

PKI goes on to discuss key management and certificate lifecycles, PKI architecture (based on the IETF PKIX/X.509 model) and application integration, and the protocols and standards that govern PKI solutions (or will govern those solutions once interoperability and standardization issues have been resolved).

Trust models and authentication schemes are then examined along with their relative strengths and weaknesses.

The book closes with chapters on PKI planning, deployment and operational considerations, an "unbiased" checklist for a return on investment (ROI) analysis, as well as appendices that delve into the composition of the X.509 certificate and introduce privilege management infrastructures.

Many of the chapters are well-referenced but others are not. This emphasizes the potential for uneven results when many people work on a publication or when marketing is a primary factor in the publication of a technical book.

A series of advertisements for RSA products serve as an impromptu epilog, a suitable companion for the foreword written by the RSA vice-president of marketing.

Oblique references and potshots at other PKI vendors are unnecessary and detract from PKI's tone in an otherwise strong effort from its authors.

Another detail that mars the book is a problem with misspelled words. While many of these errors are simple transposition errors, they give the reader a feeling that the book is a little sloppy in places and may have been rushed.

One such glaring error is the misspelling of RSA's PKI product, Keon, as "Koen". Not only does the error appear in the text of the book, but it is misspelled on back cover! Misspelling the name of one's own product does not inspire confidence from readers.

A stronger editorial hand could have easily resolved these inconsistencies, minor errors and other flaws, turning a good book into a great one.

It is clear that RSA sees PKI systems and services as the future of the security industry and RSA wants to be sure that the rest of the world sees PKI through its lens. Setting aside the book's strong marketing message and its other flaws, PKI is worth a look to learn about the fundamentals of PKI, its related technologies, and how RSA Security views the PKI landscape.

 

 LINKS


Excerpts from PKI: Implementing and Managing E-Security

Other



 Copyright © PKIForum.comTM 1999-2001. All Rights Reserved.  The PKIForum.com logo and "PKIforum.com" are trademarks of PKIForum.com and its proprietors.

 Buy this book

Support PKIForum.com by buying this book through the link below.

A small percentage of the proceeds go to PKIForum.com for referrals.

RSA Press: PKI @Fatbrain
(opens new window)