Security without Obscurity: A Guide to PKI Operations (Hardcover)

Jeff Stapleton, W. Clay Epstein

買這商品的人也買了...

相關主題

商品描述

Most books on public key infrastructure (PKI) seem to focus on asymmetric cryptography, X.509 certificates, certificate authority (CA) hierarchies, or certificate policy (CP), and certificate practice statements. While algorithms, certificates, and theoretical policy are all excellent discussions, the real-world issues for operating a commercial or private CA can be overwhelming.

Security without Obscurity: A Guide to PKI Operations provides a no-nonsense approach and realistic guide to operating a PKI system. In addition to discussions on PKI best practices, the book supplies warnings against bad PKI practices. Scattered throughout the book are anonymous case studies identifying both good and bad practices.

The highlighted bad practices, based on real-world scenarios from the authors’ experiences, illustrate how bad things are often done with good intentions but cause bigger problems than the original one being solved.

This book offers readers the opportunity to benefit from the authors’ more than 50 years of combined experience in developing PKI-related policies, standards, practices, procedures, and audits, as well as designing and operating various commercial and private PKI systems.

商品描述(中文翻譯)

大多數關於公鑰基礎設施(PKI)的書籍似乎都專注於非對稱加密、X.509證書、證書授權機構(CA)層級、證書政策(CP)和證書實踐聲明。儘管算法、證書和理論政策都是很好的討論,但在運營商業或私人CA的現實問題可能會讓人不知所措。

《安全無隱晦:PKI操作指南》提供了一種直截了當的方法和實際指南,用於操作PKI系統。除了討論PKI最佳實踐外,本書還提供了對不良PKI實踐的警告。書中散佈著匿名案例研究,既有好的實踐,也有不好的實踐。

這些不好的實踐基於作者們的實際經驗,展示了如何以好意做壞事,並引發比原本要解決的問題更大的問題。

本書讓讀者有機會從作者們在開發PKI相關政策、標準、實踐、程序和審計方面的50多年經驗中受益,以及設計和運營各種商業和私人PKI系統的經驗。