REVIEW: Internet Cryptography


by Richard E. Smith, Publisher: Addison-Wesley Professional, Copyright 1997


According to the preface, this book is aimed at non-specialists who need to know just enough about cryptography to make informed technical decisions. As an example, Smith suggests systems administrators and managers who, while not formally charged with security, still have to use cryptographic techniques to secure their networks or transmissions. Chapter one is an introduction, contrasting what we want; secure communications; with the environment we have to work in; a wide open Internet. The text also looks at the balance that must be maintained between convenience and requirements. Encryption basics, in chapter two, presents the concepts of symmetric cryptography, use, and choice. There is a clear explanation of the ideas without overwhelming technical details. (It is interesting to note how quickly the cryptographic technology changes: SKIPJACK and ITAR were still important when the book was written, and are now basically irrelevant.) Some random thoughts on network implementation of encryption are given in chapter three. Managing secret keys, in chapter four, provides good conceptual coverage of generation and management, although the discussion of the problems of key escrow is weak. Because of the requirements for technical details when discussing protocols, chapter five, on IPSec, is different from other material in the book. It also includes a brief mention of other protocols. Chapter six discusses the use of IPSec in virtual private networks, while seven examines IPSec in terms of remote access. Chapter eight looks at IPSec in relation to firewalls, but it is difficult to see how this would be used in an actual application. Chapter nine reviews public key encryption and SSL (Secure Sockets Layer). The basic concepts of asymmetric cryptography are presented well, but may be unconvincing due to the lack of mathematical support and details. While there is an introduction to the related idea of digital signatures, SSL is really only barely mentioned. World Wide Web transaction security, in chapter ten, provides practical..

Read more: