 |
One of the few good references on Kerberos. Very readable, very friendly. Covers
all aspects (using, installing, algorithms, etc.), as well as Kerberos API vs. Kerberos using
GSS-API. Public Key Kerberos is also discussed.
|
|
|
 |
Perhaps a good book for those still committed to open source PGP version 2.6.2, but
otherwise it's obviously dated. Includes a good history of PGP (the interactions
between Zimmerman, Merritt, Bidzos, and of course, the US government). Don't expect
this book to act as a manual for current versions of PGP. Well written, but don't
pay more for it than you would for a hamburger. (By the way, hamburgers ARE
expensive, costing more than cars pound per pound).
|
|
|
 |
"Source Code and Internals" is a way of saying "we've printed out all the source code so it can sit on
your shelf". Actually, the original intent of this book was to defeat export laws by putting PGP
v2.6.2 in printed form, and then including instructions on how to scan it into a computer. Of
course, it only takes one person to do this, which is why this 907 paged book probably went out
of print so quickly. However, it is fun seeing an index in the back for variable and function names.
|
|
|
 |
 |
Practical Intranet Security: Overview of the State of the Art and Available Technologies
Ashley, Paul / Vanderwauver, Mark. 1999. 244 pages.
Categories: Applications and Protocols |
A wonderful book that's not worth its price (street value $130.00). This is the only book
I know of that covers SESAME (a European public key Kerberos that supports access rights
delegation). I highly recommend the book for someone looking to integrate their applications
with Kerberos or Sesame using GSS-API. Also covers DCE security, many authentication
schemes, taxonomies of various attacks, and lesser known but novel security architectures. The
book ends with chart comparisons of the security solutions discussed.
|
|
|
 |
|
SSH, The Secure Shell: The Definitive Guide
Barrett, Daniel J. / Silverman, Richard E. 2001. 540 pages.
Categories: Applications and Protocols |
A great book that covers everything related to SSH, including port forwarding, ".shosts" files,
alternative authentication options, ssh1 vs. ssh2, openssh, scp2 (4 times slower than scp1!),
ssh agents, detailed installation and configuration instructions, forced commands, etc. If you
rely on SSH, you need this book.
|
|
|
 |
An excellent book that covers XML digital signatures, XML encryption, and XML Key Management (XKMS),
all in exacting detail. This book was first to press on these topics, so expect other books to be more timely
as areas like XKMS evolve. Includes a shameless plug for RSA's BSAFE Cert-J, but thankfully it feels more
like information and less like a commercial.
It seems that digital signatures and XML is sometimes an awkward marriage. Digital signatures are notoriously
inflexible, because they exist, in part, to flag changes. In contrast, XML has many ways of expressing the
same thing, and likes to work independent of varying platforms, encoding schemes, etc. This book addresses
these issues by introducing the trusted transformations used to canonicalize the XML to make its
expressiveness more deterministic prior to signing.
|
