Planning for PKI Best Practices Guide for Deploying Public Key Infrastructure,9780471397021

Planning for PKI Best Practices Guide for Deploying Public Key Infrastructure

by ;
Edition: 1st
ISBN13: 9780471397021
ISBN10: 0471397024
Format: Paperback
Pub. Date: 2001-03-27
Publisher(s): Wiley
List Price: $91.29

Buy New

Usually Ships in 8 - 10 Business Days.
$86.94
Add to Cart

Rent Textbook

Select for Price
Add to Cart
There was a problem. Please try again later.

Used Textbook

We're Sorry
Sold Out

eTextbook

We're Sorry
Not Available

Buy from our Marketplace starting at $14.66

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

An in-depth technical guide on the security technology driving Internet e-commerce expansion. "Planning for PKI" examines the number-one Internet security technology that will be widely adopted in the next two years. Written by two of the architects of the Internet PKI standards, this book provides authoritative technical guidance for network engineers, architects, and managers who need to implement the right PKI architecture for their organization. The authors discuss results and lessons learned from early PKI pilots, helping readers evaluate PKI deployment impact on current network architecture while avoiding the pitfalls of early technical mistakes. Four technical case studies detail the do's and don'ts of PKI implementation, illustrating both successes and failures of different deployments. Readers will also learn how to leverage future PKI-related technologies for additional benefits.

Author Biography

RUSS HOUSLEY is Chief Scientist for SPYRUS, a leading provider of security products. He has contributed to the development of many standards, including PKIX Part 1, S/MIME, and MSP, the security cornerstone of the U.S. Defense Message System. He is a member of the President&#146;s Export Council Subcommittee on Encryption, and chair of the IETF S/MIME Working Group.<BR>

Table of Contents

Foreword xv
Acknowledgments xvii
Introduction
1(4)
How This Book Is Organized
2(2)
PKI Background
3(1)
PKI Details
3(1)
Policy Issues
3(1)
The Standard Applications
4(1)
PKI Case Studies
4(1)
Adding Value to PKI in the Future
4(1)
Appendices
4(1)
Who Should Read This Book
4(1)
Cryptography Primer
5(12)
Symmetric Cryptography
6(3)
Symmetric Integrity Functions
9(1)
Asymmetric Key Management
10(2)
Digital Signatures
12(5)
PKI Basics
17(12)
Simple Certificates
18(3)
The Business Card
18(1)
The Credit Card
19(2)
The Ideal Certificate
21(1)
Public Key Certificates
21(2)
Certificate Revocation List
23(2)
Certificate Policies
25(1)
Certification Paths
26(1)
Summary
27(2)
Authentication Mechanisms
29(14)
Passwords
30(1)
One-Time Authentication Values
31(3)
Challenge/Response Authentication
32(1)
Time-Based Implicit Challenge
33(1)
Using One-Way Hash Functions
33(1)
Kerberos
34(5)
Obtaining a Ticket-Granting Ticket
35(2)
Authenticating to a Server
37(1)
Kerberos Public Key Initialization
38(1)
Certificate-Based Authentication
39(4)
PKI Components and Users
43(10)
Infrastructure Components
44(6)
Certification Authority
44(1)
Issuing Certificates
44(2)
Maintaining Status Information and Issuing CRLs
46(1)
Publishing Certificates and CRLs
46(1)
Maintaining Archives
47(1)
Delegating Responsibility
47(1)
Registration Authority
48(1)
Repository
49(1)
Archive
49(1)
Infrastructure Users
50(1)
Certificate Holders
50(1)
Relying Party
50(1)
Build It or Buy It?
51(2)
PKI Architectures
53(16)
Simple PKI Architectures
54(3)
Single CA
54(1)
Basic Trust Lists
55(2)
Enterprise PKI Architectures
57(3)
Hierarchical PKI
57(1)
Mesh PKI
58(2)
Hybrid PKI Architectures
60(7)
Extended Trust List Architecture
61(1)
Cross-Certified Enterprise PKIs
62(2)
Bridge CA Architecture
64(3)
Choosing the Best Architecture
67(2)
X.509 Public Key Certificates
69(38)
X.509 Certificate Evolution
70(1)
ASN.1 Building Blocks
70(4)
Object Identifiers
70(1)
Algorithm Identifiers
71(1)
Directory String
71(1)
Distinguished Names
72(1)
General Names
73(1)
Time
74(1)
X.509 Certificates
74(24)
The Tamper-Evident Envelope
75(1)
Basic Certificate Content
76(3)
Certificate Extensions
79(1)
Subject Type Extensions
80(1)
Basic Constraints
80(1)
Name Extensions
81(1)
Issuer Alternative Name
82(1)
Subject Alternative Name
82(1)
Name Constraints
82(3)
Key Attributes
85(1)
Key Usage
85(1)
Extended Key Usage
86(1)
Private Key Validity
87(1)
Subject Key Identifier
87(1)
Authority Key Identifier
88(1)
Policy Information
89(1)
Certificate Policies
89(2)
Policy Mapping
91(2)
Policy Constraints
93(1)
Inhibit Any-Policy
94(1)
Additional Information
94(1)
CRL Distribution Points
95(1)
Freshest CRL
96(1)
Authority Information Access
96(1)
Subject Information Access
97(1)
Subject Directory Attributes
98(1)
Generating and Using Certificates
98(9)
End Entity Certificates
99(1)
User Certificates
99(1)
System Certificates
100(1)
CA Certificates
101(1)
CA Certificates within an Enterprise PKI
101(1)
CA Certificates between Enterprise PKIs
102(1)
CA Certificates in a Bridge CA Environment
103(1)
Self-Issued Certificates
103(1)
Trust Point Establishment
103(1)
Rollover Certificates
104(1)
Old Signed With New
104(1)
New Signed With Old
104(1)
Policy Rollover Certificates
105(1)
Old Signed With New
105(1)
New Signed With Old
105(2)
Certificate Revocation Lists
107(18)
Basic CRL Contents
107(11)
The Signed Certificate List
109(2)
CRL Extensions
111(1)
Authority Key Identifier
111(1)
Issuer Alternative Name
112(1)
CRL Number
112(1)
Delta CRL Indicator
113(1)
Issuing Distribution Point
114(1)
Freshest CRL
115(1)
CRL Entry Extensions
115(1)
Reason Code
116(1)
Hold Instruction Code
116(1)
Invalidity Date
117(1)
Certificate Issuer
118(1)
Generating and Using CRLs
118(7)
CRL Coverage
118(1)
Full CRLs
119(1)
CRL Distribution Points
120(1)
CRL Location
120(1)
CRL Size
121(1)
Delta CRLs
122(1)
Indirect CRLs
123(2)
Repository Protocols
125(12)
Repository Attributes
126(1)
Common Repository Protocols
127(6)
Directories
127(1)
The X.500 Directory
128(2)
Lightweight Directory Access Protocol (v2)
130(1)
X.500 Directory with LDAP
130(1)
LDAP v3 with Extensions
131(1)
FTP
131(1)
HTTP
132(1)
Electronic Mail
132(1)
Domain Name System Support
133(1)
Border Repositories
133(1)
Practical PKI Repositories
134(3)
Building and Validating Certification Paths
137(18)
Certification Path Construction
138(6)
Simple PKI Architectures
138(1)
Hierarchical PKI Architectures
138(1)
Mesh PKI Architectures
139(1)
Extended Trust List Architectures
140(1)
Cross-Certified PKI Architectures
141(1)
Bridge CA Architectures
142(2)
Certification Path Validation
144(7)
Initialization
145(2)
Basic Certificate Checking
147(1)
Preparation for the Next Certificate
148(2)
Wrap-up
150(1)
CRL Validation
151(3)
CRL Processing
152(1)
Wrap-up
153(1)
Merging Path Construction and Validation
154(1)
Summary
154(1)
PKI Management Protocols
155(26)
PKI Management Transactions
156(1)
Participants
156(1)
Transaction Models
157(5)
Management Protocol Comparison Criteria
162(1)
Common PKI Management Protocols
163(16)
PKCS #10
164(1)
PKCS #10 with SSL
165(1)
PKCS #10 and SSL Summary
166(1)
PKCS #7 and PKCS #10
167(2)
PKCS #7 and #10 Summary
169(1)
Certificate Management Protocol (CMP)
170(4)
CMP Summary
174(1)
Certificate Management using CMS (CMC)
175(1)
CMC Summary
176(1)
Simple Certificate Enrollment Protocol (SCEP)
177(1)
SCEP Summary
178(1)
Selecting PKI Management Protocols
179(2)
Policies, Procedures, and PKI
181(18)
Introduction to Policy and Procedures
182(1)
Policy and PKI
183(13)
Certificate Policies and Certification Practice Statements
184(1)
The CP, CPS, and Policy Extensions
185(3)
CP and CPS Format and Contents
188(1)
Highlights of the RFC 2527 Format
189(1)
Introduction
189(1)
General Provisions
189(2)
Identification and Authentication
191(1)
Operational Requirements
191(1)
Physical, Procedural, and Personnel Security Controls
192(1)
Technical Security Controls
193(1)
Certificate and CRL Profiles
194(1)
Specification Administration
195(1)
Compliance Audits and Accreditation
195(1)
Advice for Policy Authors
196(3)
PKI-Enabled Applications
199(20)
S/MIMEv3
200(6)
Message Signature and Encryption
201(1)
Enhanced Security Services
202(2)
PKI Support
204(2)
Transport Layer Security (TLS)
206(5)
Handshake Protocol
207(2)
Record Protocol
209(1)
PKI Support
210(1)
IPsec
211(7)
Security Associations
212(2)
Authentication Header (AH)
214(1)
Encapsulating Security Payload
215(2)
Internet Key Exchange (IKE)
217(1)
PKI Support
218(1)
Summary
218(1)
Defense Message System 1.0
219(14)
DMS 1.0 Architecture
219(9)
Cryptographic Environment
220(1)
PKI Architecture
220(2)
Certificate and CRL Profiles
222(3)
Repositories
225(1)
Certificate Management
225(2)
Management Protocols
227(1)
Failure Recovery
227(1)
Applications
228(1)
Successes and Shortcomings
228(3)
Lessons Learned
231(2)
California Independent Service Operator
233(22)
CAISO Architecture
234(16)
Cryptographic Environment
235(1)
PKI Architecture
236(5)
Certificate and CRL Profiles
241(5)
Repositories
246(1)
Certificate Management
246(2)
Management Protocols
248(1)
Failure Recovery
249(1)
Applications
249(1)
Successes and Shortcomings
250(2)
Lessons Learned
252(3)
The Federal Bridge CA Project
255(16)
Federal PKI Architecture
256(12)
Cryptographic Environment
256(2)
PKI Architecture
258(2)
Certificate Policies
260(2)
Certificate and CRL Profiles
262(2)
Repositories
264(1)
Certificate Management
265(1)
Management Protocols
265(2)
Applications
267(1)
Successes and Shortcomings
268(1)
Lessons Learned
269(2)
Future Developments
271(30)
Cryptography
271(3)
PKI Architectures
274(1)
Certificates
274(6)
Attribute Certificates
274(3)
Qualified Certificates
277(2)
Alternative Certificate Formats
279(1)
Certificate Status
280(4)
On-line Certificate Status Protocol
280(2)
Sliding Window Delta CRLs
282(2)
Repositories
284(1)
Certification Path Construction and Validation
285(4)
Certification Path Validation Testing
285(1)
Delegated Certification Path Construction Services
286(2)
Certification Path Validation Services
288(1)
Management Protocols
289(3)
Interoperability of Heterogeneous Products
290(1)
In-Person Authentication
290(1)
Private Key Recovery
291(1)
Centrally Generated Keys
291(1)
Legal and Policy
292(3)
E-Sign
293(1)
Health Insurance Portability and Accountability Act (HIPAA)
293(1)
Government Paperwork Elimination Act (GPEA)
294(1)
European Directive 1999/93/EC
294(1)
Applications
295(4)
Signed Document Formats
295(1)
ETSI Electronic Signature Format
295(1)
XML Signatures
296(1)
Wireless Application Protocol (WAP)
296(2)
PKI-Enabled Trusted Third-Party Services
298(1)
Timestamping Servers
299(1)
Conclusion
299(2)
Appendix A ASN.1 Primer 301(6)
Syntax Definition
302(2)
Simple Types
303(1)
Structured Types
303(1)
Implicit and Explicit Tagging
304(1)
Other Types
304(1)
Basic Encoding Rules
304(1)
Distinguished Encoding Rules
305(2)
Appendix B Object Identifiers 307(4)
Obtaining Private OIDs
308(1)
American National Standards Institute
308(1)
Other National Standards Bodies
308(1)
Internet Assigned Numbers Authority
309(1)
Computer Security Objects Registry
309(1)
Researching OIDs
309(2)
Bibliography 311(8)
Index 319

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.