Synopses & Reviews
Digital certificates bind a cryptographic key with one or more attributes of a user. Issued by certification authorities, the certificates protect the Internet by assuring the authenticity of network messages. This technology and its underlying digital signatures are now helping fuel the deployment of electronic commerce on the Internet. Internet users, developers, administrators, and corporate buyers need to have a solid understanding of certificate-based security systems in order to harness their potential.
Digital Certificates: Applied Internet Security is a detailed and practical guide to understanding and working with this important technology. It presents an overview of digital certificates and their role in Internet security, a detailed description of the technologyis inner workings, and a look at the business infrastructure that is essential to its effective utilization. Practical throughout, this book features numerous examples from actual Internet applications to illustrate concepts and demonstrate how the technology works under real-world conditions.
In this comprehensive book you will find:
- Essential background information on Internet security and cryptography fundamentals
- Detailed information about digital certificates, the X.509 standard, and Public Key Infrastructures
- A discussion of the certificate-related security features of Netscape and Microsoft Web browsers, Netscape Messenger, Microsoft Outlook Express, and S/MIME, ASN.1, PKCS, SET, and SSL standards
- Information on trusted third parties, accountability and reliability, and certification practice statements
- Coverage of certificate authority service providers, local registration authorities, and security management solutions, based on VeriSign personal and server certificates, VeriSign OnSite enterprise solutions, and Microsoft Certificate Server 1.0
About the Author
is a senior software engineer at VeriSign, Inc., a world leader in digital certificate technology. His research interests include Internet security and object technology. Jalal is the author of Web Developer's Guide to Java Beans
. Jalil Feghhi
is a senior software engineer with @Home Network, Inc. His research areas include component-based software technology and network communications. Jalil is a contributing author to Web Developer's Guide to Java Beans
. Peter Williams
, an authority in communications security, has worked in research and development of digital certificate technologies since 1991. He is a certificate-based security systems architect at VeriSign, Inc. .
Table of Contents
I. SECURITY, CRYPTOGRAPHY, AND DIGITAL CERTIFICATES. 1. Security and the Internet.
3. Digital Certificates, Certification Authorities, and Public-Key Infrastructures.
II. APPLIED INTERNET SECURITY. 4. Browser Security and Trust-Based Software Management.
5. Secure Messaging and S/MIME.
6. Web Server Security, Certificates, and Access Control.
7. Integrity and Open Standards.
III. SECURITY MANAGEMENT PRACTICE. 8. Security Management Solutions.
9. Certification Services.
10. Local Registration Authorities (LRAs).
IV. THE TRUST DILEMMA. 11. Certificate Policy & Certification Practice.
12. Secure Electronic Commerce.
13. Computer Security Management.
V. WEB SECURITY AND CERTIFICATES. 14. Secure Web Communications n Server Authentication.
15. Secure Web Communications n Client Authentication.
16. Microsoft Certificate Server n The Architecture.
VI. MICROSOFT CERTIFICATE SERVER. 17. Programming Microsoft Certificate Server n The Policy Module and Extension Handlers.
18. Programming Microsoft Certificate Server n The Exit Module.
19. Programming Microsoft Certificate Server n Certificate Clients and Intermediaries.
20. Programming Microsoft Certificate Server n Admin Programs.
Appendix A. Abstract Syntax Notation (ASN.1).
Appendix B. Structuring X.509 Certificate for Use with Microsoft Products.