BKCPKIOI.RVW 20051201 "Cryptography and Public Key Infrastructure on the Internet", Klaus Schmeh, 2003, 0-470-84745-X, U$50.00/UK#34.95 %A Klaus Schmeh %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2003 %G 0-470-84745-X %I John Wiley & Sons, Inc. %O U$50.00/UK#34.95 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/047084745X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/047084745X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/047084745X/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 472 p. %T "Cryptography and Public Key Infrastructure on the Internet" Part one is supposed to address the question of why you would want to use cryptography on the Internet. Chapter one is really a general introduction or preface to the book. Chapter two tells us that cryptography is important for security. The ability to sniff various types of communications channels is mentioned in chapter three. Part two introduces the basic principles of cryptography. Chapter four outlines basic cryptographic operations, but only in the sense of listing the basic terms: the explanations are very limited. Some details of the internal operations of DES (Data Encryption Standard), IDEA (International Data Encryption Algorithm), and AES (Advanced Encryption Standard) are presented in chapter five, but not in a way that provides a full understanding of the systems. Chapter six looks at some of the math involved in asymmetric algorithms and describes the Diffie-Hellman and RSA algorithms, but not how they work in practice. Chapter seven says that digital signatures work, but not how. Hash functions are reviewed in chapter eight. Pseudo-random number generators and stream ciphers are the topic of chapter nine. Part three ostensibly moves to advanced cryptography. But the topics are ill-chosen and oddly grouped: chapter ten lists standards and standards bodies, eleven looks at DES modes and RSA data transforms, twelve outlines both communications protocols and attacks on cryptography. Authentication is covered in a reasonable manner in chapter thirteen, while a great deal of the math (and very little explanation) of elliptic curve cryptography (ECC) is given in fourteen, and fifteen deals with cryptographic hardware, software, and interfaces. Part four turns to public key infrastructures (PKI). Chapters sixteen and seventeen outline the elements of a PKI. Certificates and certificate servers are covered in eighteen and nineteen, respectively. Chapter twenty reviews practical aspects. Part five addresses cryptographic protocols for the Internet. Chapter twenty-one looks at the OSI (Open Systems Interconnection) layered model, with twenty-two examining protocols for layer 2, twenty-three for 3 (limited to IPSec), twenty-four for 4, and twenty-five, -six, - seven, and -eight for layer 7. (Only fair, since the TCP/IP application layer subsumes the OSI session, presentation, and application.) Part six covers more about cryptography, and is probably the best section of the book. Chapter twenty-nine deals with political aspects of cryptography, such as export restrictions. People, companies, and organizations are listed in chapter thirty. References and resources are in chapter thirty-one, for those who want to study the topic further. Chapter thirty-two finishes off with flops, myths, and snake oil. The writing is ragged, the structure often odd, and the technical level very inconsistent. Material seems to have been added with no particular purpose in mind. The chapter on random numbers starts out with a mention of three movies, two of which have tenuous connections to cryptography, none of which deals with the concept of randomness. Technical details are thrown into the text without either fully explaining the technology under discussion, or being necessary for further topics. The result is a grab bag of indiscriminate facts that do not furnish the reader with a full understanding of the topics. copyright Robert M. Slade, 2005 BKCPKIOI.RVW 20051201