Public Key Infrastructure: Building Trusted Applications and Web Services
von: John R. Vacca
Auerbach Publications, 2004
ISBN: 9780203498156
Sprache: Englisch
408 Seiten, Download: 12437 KB
Format: PDF, auch als Online-Lesen
CONTENTS | 10 | ||
FOREWORD | 28 | ||
ACKNOWLEDGMENTS | 29 | ||
INTRODUCTION | 30 | ||
I OVERVIEW OF PKI TCCHNOLOGY | 43 | ||
1 PUBLIC KEY INFRASTRUCTURES (PKIS): WHAT ARE THEY? | 48 | ||
WHAT IS PKI? | 48 | ||
WHAT DOES PKI OFFER? | 49 | ||
Non-Repudiation | 49 | ||
Privacy | 49 | ||
Integrity | 50 | ||
Accountability | 50 | ||
Trust | 50 | ||
BASIC SECURITY CONCEPTS | 50 | ||
Access Control Policy | 50 | ||
Something the User Knows | 51 | ||
Something the User Possesses | 51 | ||
Something the User Is | 51 | ||
Distributed Systems and Password Authentication | 52 | ||
Multiple Passwords: One for Each System/Application | 52 | ||
Same Password: Replicated in Each System | 52 | ||
Single Sign-On Software | 52 | ||
Directory Server | 53 | ||
Symmetric and Asymmetric Encryption | 53 | ||
Hashing | 55 | ||
Digital Signature | 56 | ||
Digital Signature Associated with Message Encryption | 57 | ||
HOW PUBLIC AND PRIVATE KEY CRYPTOGRAPHY WORKS | 58 | ||
PKI Entities | 61 | ||
Certification Authority (CA) | 61 | ||
Registration Authority (RA) | 61 | ||
Subscriber | 61 | ||
Relying Party | 61 | ||
Repository | 62 | ||
Certification | 62 | ||
Subject Certification | 62 | ||
Certificates | 62 | ||
Cross Certification | 63 | ||
Certification Path | 63 | ||
CA Relationships of a PKI | 64 | ||
General Hierarchy | 64 | ||
Top-Down Hierarchy | 64 | ||
Web of Trust | 65 | ||
Validation | 65 | ||
Revocation | 65 | ||
Authentication | 66 | ||
Keys and Key Pair Models | 66 | ||
Key Management | 67 | ||
Key Generation | 67 | ||
Storage of Private Keys | 67 | ||
Revocation of Public Keys | 67 | ||
Publication of Certificates and CRLs | 68 | ||
Key Update | 68 | ||
Backup/Recovery | 68 | ||
Escrow/Recovery | 69 | ||
Certificate Life Cycle | 69 | ||
RELATED TCCHNOLOGIES | 69 | ||
CMS: Cryptographic Message Syntax (CMS) | 69 | ||
Secure Sockets Layer (SSL) | 69 | ||
Secure E-mail/S/MIME | 71 | ||
Virtual Private Network (VPN) | 71 | ||
Pretty Good Privacy (PGP) | 71 | ||
SUMMARY | 72 | ||
References | 72 | ||
2 GROWING A TREE OF TRUST | 73 | ||
WHAT ARE PUBLIC KEY INFRASTRUCTURES? | 73 | ||
WORK PERFORMED BY CERTIFICATE AUTHORITIES | 75 | ||
Root Certificate Authority | 75 | ||
What Is a Certificate Revocation List (CRL)? | 75 | ||
PROTECT THOSE KEYS! | 76 | ||
ATTACKING THE CERTIFICATE AUTHORITY | 77 | ||
External Attacks on the CA | 77 | ||
Internal Attacks on the CA | 77 | ||
WHAT CAN BE DONE WITH STOLEN PRIVATE KEYS? | 77 | ||
CERTIFICATE PRACTICE STATEMENTS (CPSs) | 78 | ||
DETERMINE YOUR PKI READINESS | 78 | ||
Build or Buy? | 78 | ||
3 IN PKI WE TRUST? | 80 | ||
LOOKING OUTWARD | 80 | ||
A BIG DECISION | 81 | ||
SERVICE FEATURES | 82 | ||
TAKE YOUR PICK | 83 | ||
VeriSign OnSite 4.6 | 84 | ||
Entrust Technologies Entrust@YourService | 86 | ||
Baltimore Technologies Managed PKI Service | 88 | ||
PKI SERVICES | 92 | ||
4 PKI STANDARDS | 93 | ||
GENERAL PKIX STANDARDIZATION REQUIREMENTS | 94 | ||
Standardization Areas of PKIX | 94 | ||
Profiles of X.509 v3 Public Key Certificates and X.509 v2 Certificate Kevocation Lists (CRLs) | 94 | ||
Management Protocols | 94 | ||
Operational Protocols | 94 | ||
Certificate Policies and Certificate Practice Statements | 95 | ||
Timestamping and Data Certification/Validation Services | 95 | ||
Functionality of Public Key Infrastructure | 96 | ||
Privilege Management Infrastructure (PMI) | 97 | ||
WORKING GROUP DESCRIPTION | 98 | ||
PKIX Ongoing Work Items | 99 | ||
PKIX New Work Items | 99 | ||
SUMMARY | 99 | ||
5 TYPES OF VENDOR AND THIRD-PARTY CA SYSTEMS | 106 | ||
PKI BASICS | 107 | ||
PKI VENDOR MARKETPLACE | 107 | ||
Baltimore Technologies | 108 | ||
Entrust | 109 | ||
GeoTrust | 110 | ||
RSA Security | 111 | ||
VeriSign | 112 | ||
OTHER PKI VENDORS | 113 | ||
nCipher | 113 | ||
Certicom | 113 | ||
Computer Associates | 114 | ||
Digital Signature Trust (Identrus) | 114 | ||
Novell | 114 | ||
Windows 2000/XP | 114 | ||
SUMMARY | 114 | ||
6 UNDERSTANDING DIGITAL CERTIFICATES AND SECURE SOCKETS LAYER (SSL) | 116 | ||
DIGITAL CERTIFICATES | 116 | ||
WEB SERVER CERTIFICATES | 117 | ||
CA CERTIFICATES | 117 | ||
SECURE SOCKETS LAYER (SSL) | 118 | ||
How Certificates Are Used in an SSL Transaction | 118 | ||
WHAT’S NEXT? | 119 | ||
7 CA SYSTEM ATTACKS | 120 | ||
EXTERNAL ATTACKS ON THE CA | 120 | ||
INTERNAL ATTACKS ON THE CA | 120 | ||
PROTECTING THE CA ROOT KEY FROM ATTACK | 121 | ||
Security Properties of a FIPS 140–1 Level 3 Cryptographic Module | 123 | ||
Physical Tamper Protection | 124 | ||
Attack Resistance—Cryptographic Solutions in FIPS Validated Hardware | 125 | ||
The Copy Attack | 125 | ||
Modification Attacks | 125 | ||
Theft of the PC or Computer Containing the Cryptographic Software | 126 | ||
Trusted Path | 126 | ||
SUMMARY | 129 | ||
REFERENCES | 130 | ||
8 KEY ESCROW VERSUS KEY RECOVERY | 131 | ||
INTRODUCTION | 131 | ||
AN ENCRYPTION PRIMER | 132 | ||
SECRET KEY CRYPTOGRAPHY | 133 | ||
PUBLIC KEY CRYPTOGRAPHY | 134 | ||
WHY IS ENCRYPTION A THREAT? | 134 | ||
ARE EXPORT CONTROLS THE ANSWER? | 135 | ||
“STRONG CRYPTOGRAPHY MAKES THE WORLD A SAFER PLACE” | 135 | ||
HOW CAN THE THREAT BE COUNTERED? | 137 | ||
“TRUSTED THIRD PARTY” | 137 | ||
KEY ESCROW | 137 | ||
KEY RECOVERY | 138 | ||
THE CASE AGAINST TRUSTED THIRD PARTY | 138 | ||
TRUSTED FIRST PARTY | 140 | ||
ADVANTAGES OF TRUSTED FIRST PARTY | 141 | ||
THE ROLE OF CERTIFICATE AUTHORITIES | 142 | ||
CONCLUSION | 142 | ||
9 AN APPROACH TO FORMALLY COMPARE AND QUERY CERTIFICATION PRACTICE STATEMENTS | 144 | ||
INTRODUCTION | 144 | ||
REQUIREMENTS FOR THE REPRESENTATION OF A CP/CPS | 145 | ||
SOLUTION-APPROACH | 146 | ||
Semantic Representation Using Description Logics | 146 | ||
Description Logics Overview | 147 | ||
DL Reasoning Services | 147 | ||
Syntactic Representation | 149 | ||
CASE STUDY | 149 | ||
NeoClassic | 149 | ||
Methodology | 150 | ||
Examples | 150 | ||
Asymmetric Key Sizes | 150 | ||
Activation Actions | 152 | ||
Key-Pair Generation | 152 | ||
SUMMARY | 154 | ||
REFERENCES | 154 | ||
10 MANAGED PUBLIC KEY INFRASTRUCTURE: SECURING YOUR BUSINESS APPLICATIONS | 156 | ||
PROTECTING INFORMATION ASSETS | 156 | ||
INTRODUCING ENTERPRISE PKI | 157 | ||
Critical Factors in Running an Enterprise PKI | 158 | ||
Two Models for PKI Deployment | 158 | ||
In-House Deployment of Stand-Alone PKI Software | 159 | ||
Outsourced Deployment to an Integrated PKI Platform | 159 | ||
The VeriSign Value Proposition | 160 | ||
ELEMENTS OF ENTERPRISE PKI | 160 | ||
Managed PKI Functionality | 161 | ||
Ease of Integration | 163 | ||
Availability and Scalability | 164 | ||
Availability | 164 | ||
Scalability | 164 | ||
Security and Risk Management | 164 | ||
Physical Security | 165 | ||
Customer Practices Support | 165 | ||
Expertise | 166 | ||
Scope of Operation | 166 | ||
Broad Community Enablement | 166 | ||
Cross Certification | 167 | ||
FEATURES SUMMARY | 167 | ||
CONCLUSION | 167 | ||
NOTES | 169 | ||
11 PKI READINESS | 170 | ||
PKI READINESS SOLUTION | 170 | ||
Designing Issues | 171 | ||
From the Buy Side | 174 | ||
Builder’s Choice | 175 | ||
SUMMARY | 176 | ||
II ANALYZING AND DESIGNING PUBLICKEY INFRASTRUCTURES | 178 | ||
12 PKI DESIGN ISSUES | 180 | ||
CRYPTOGRAPHY AND PUBLIC KEY TECHNOLOGY | 180 | ||
PKI DESIGN ISSUES | 182 | ||
Standards and Crypto | 182 | ||
PKI Structure | 183 | ||
PKI Functional Blocks | 184 | ||
Interdomain | 185 | ||
Certificate Retrieval | 186 | ||
Certificate Chains and Trust | 186 | ||
Cross Certification | 187 | ||
Revocation | 187 | ||
Online | 188 | ||
Revocation Lists and Deltas | 188 | ||
Revocation Notices | 189 | ||
Policy | 189 | ||
PCAs | 189 | ||
Domain Policy | 190 | ||
Policy Negotiation | 190 | ||
SUMMARY | 190 | ||
REFERENCES | 190 | ||
13 PKI RETURN ON INVESTMENT | 192 | ||
TOTAL COST OF OWNERSHIP: THE “I” IN ROI | 192 | ||
FINANCIAL RETURNS: THE “R” IN ROI | 193 | ||
PKI AND RETURN ON INVESTMENT: SUMMARY | 195 | ||
AUTHOR NOTE | 195 | ||
14 PKI STANDARDS DESIGN ISSUES | 197 | ||
ITU-T STANDARDS | 197 | ||
PKCS | 197 | ||
IETF STANDARDS | 202 | ||
COMPLIANT PKI STANDARDS DESIGN ISSUES | 203 | ||
PKI Assumptions | 203 | ||
Building Compliant Certificate Policies and Certification Practice Statement | 204 | ||
BS7799 Security Compliance | 205 | ||
What about the Technology? | 205 | ||
Tying It All Together | 206 | ||
SUMMARY | 206 | ||
15 ARCHITECTURE FOR PUBLIC KEY INFRASTRUCTURE (APKI) | 207 | ||
1: REQUIREMENTS ON A PUBLIC KEY INFRASTRUCTURE | 207 | ||
1.1 Baseline Requirements for a Global PKI | 207 | ||
1.1.1 Required Services | 207 | ||
1.1.2 Required Functionality and Characteristics | 207 | ||
Key Life-Cycle Management | 207 | ||
Distributed Certificate Management Structure | 209 | ||
Security of the PKI | 210 | ||
Time Service | 210 | ||
Interoperability | 210 | ||
1.1.3 Known Issues | 211 | ||
1.1.4 Recommendations | 211 | ||
1.2 The Importance of Architecture | 211 | ||
1.2.1 What Is Architecture? | 211 | ||
1.2.2 Interfaces | 211 | ||
1.2.3 Protocols | 213 | ||
1.2.4 Profiles | 214 | ||
1.2.5 Negotiation | 214 | ||
2: OVERVIEW OF THE PKI ARCHITECTURE | 215 | ||
3: PUBLIC KEY INFRASTRUCTURE COMPONENTS | 216 | ||
3.1 Crypto Primitive Components | 216 | ||
3.1.1 Function | 216 | ||
3.1.2 Protocols | 217 | ||
3.1.3 Interfaces | 217 | ||
3.1.4 Profiles | 218 | ||
3.1.5 Negotiation | 218 | ||
3.2 Cryptographic Service Components | 218 | ||
3.2.1 Function | 218 | ||
3.2.2 Protocols | 219 | ||
3.2.3 Interfaces | 219 | ||
3.2.4 Profiles | 220 | ||
3.2.5 Negotiation | 220 | ||
3.3 Long-Term Key Services Components | 221 | ||
3.3.1 Function | 221 | ||
3.3.2 Protocols | 223 | ||
Virtual Smartcard Service | 223 | ||
Certificate Management | 224 | ||
Public Key Delivery and Verification | 225 | ||
3.3.3 Interfaces | 225 | ||
Virtual Smartcard Service | 225 | ||
Public Key Delivery and Verification | 225 | ||
Certificate Management | 226 | ||
3.3.4 Profiles | 227 | ||
3.3.5 Negotiation | 227 | ||
3.4 Protocol Security Services Components | 227 | ||
3.4.1 Function | 228 | ||
3.4.2 Protocols | 228 | ||
3.4.3 Interfaces | 229 | ||
3.4.4 Profiles | 230 | ||
3.4.5 Negotiation | 230 | ||
3.5 Secure Protocol Components | 230 | ||
3.5.1 Function | 231 | ||
3.5.2 Protocols | 231 | ||
3.5.3 Interfaces | 231 | ||
3.5.4 Profiles | 231 | ||
3.5.5 Negotiation | 232 | ||
3.6 System Security Enabling Components | 232 | ||
3.6.1 Function | 232 | ||
3.7 Security Policy Services Components | 233 | ||
3.7.1 Function | 233 | ||
3.7.2 Protocols | 233 | ||
3.7.3 Interfaces | 233 | ||
3.7.4 Profiles | 234 | ||
3.8 Supporting Services Components | 234 | ||
3.8.1 Function | 234 | ||
4: HARDWARE SECURITY DEVICES IN THE ARCHITECTURE | 234 | ||
III IMPLEMENTING PKI | 236 | ||
16 IMPLEMENTING SECURE WEB SERVICES REQUIREMENTS USING PKI | 237 | ||
MEASURE PKI’S VALUE | 238 | ||
KNOW WHAT XKMS PROVIDES | 239 | ||
THE XKMS VISION: FROM SECURITY TO TRUST | 240 | ||
PKI WEB SERVICES | 241 | ||
17 VERISIGN’S FOUNDATION IN MANAGED SECURITY SERVICES | 243 | ||
FACTORS DRIVING SECURITY SERVICES | 243 | ||
CUSTOMER DUE DILIGENCE CHECKLIST | 247 | ||
VERISIGN’S SECURITY OFFERINGS | 249 | ||
Security Consulting Services | 249 | ||
VeriSign Managed Security Services | 249 | ||
VERISIGN’S MANAGED SECURITY SERVICES: KEY DIFFERENTIATORS | 250 | ||
Strengths | 250 | ||
End-to-End Capabilities | 250 | ||
Event Correlation | 251 | ||
Proactive Management | 251 | ||
Web-Based Customer Portal | 252 | ||
Service Level Agreements (SLAs) | 252 | ||
Challenges Moving Forward | 252 | ||
CONCLUSION | 254 | ||
18 IMPLEMENTATION AND DEPLOYMENT | 255 | ||
ESTABLISHING THE BUSINESS CASE: SECURITY AND BUSINESS REQUIREMENTS | 255 | ||
DETERMINING TECHNICAL REQUIREMENTS | 257 | ||
DEVELOPING EFFECTIVE POLICIES, PRACTICES, AND PROCEDURES | 258 | ||
Internal Operating Procedures | 261 | ||
CREATING A SUCCESSFUL DEPLOYMENT STRATEGY | 261 | ||
RESOURCE PLANNING | 262 | ||
AUDITING CONSIDERATIONS | 263 | ||
SUMMARY | 264 | ||
REFERENCES | 264 | ||
19 IMPLEMENTATION COSTS | 265 | ||
WHAT IS INVOLVED | 265 | ||
BUILDING A CA | 266 | ||
MORE PRODUCT OFFERINGS | 267 | ||
SUMMARY | 270 | ||
20 PKI PERFORMANCE | 271 | ||
WHAT TO LOOK FOR IN A CA | 271 | ||
WHAT IS NON-REPUDIATION? | 272 | ||
MORE CA REQUIREMENTS | 273 | ||
WHAT WILL A CA EXPECT OF YOU? | 274 | ||
PKI INFRASTRUCTURE | 275 | ||
More Than Just Encryption | 275 | ||
Keys, Certificates, and Signatures | 276 | ||
Pieces of the Puzzle | 277 | ||
Keys to the Kingdom | 279 | ||
Physical Security | 280 | ||
SUMMARY | 281 | ||
IV MANAGING PKI | 282 | ||
21 REQUESTING A CERTIFICATE | 283 | ||
REQUESTING A DIGITAL CERTIFICATE | 284 | ||
REQUESTING DIGITAL CERTIFICATE AUTHENTICATION THROUGH PKI | 284 | ||
PKI and Web-Based Services | 285 | ||
Web Services-Based Client Access | 286 | ||
Telnet-Based Client Access | 287 | ||
Configuration Store | 289 | ||
SUMMARY | 289 | ||
22 OBTAINING A CERTIFICATE | 291 | ||
HOW A CERTIFICATE IS USED | 291 | ||
YOU ONLY NEED ONE | 291 | ||
PERSONAL CERTIFICATES: A CLOSER LOOK | 291 | ||
Format of Certificates | 292 | ||
How to Acquire a Certificate | 293 | ||
OBTAINING PERSONAL CERTIFICATES | 293 | ||
CERTIFICATES VIA INTERNET EXPLORER | 293 | ||
About Installing Certificates | 294 | ||
Obtain a Root Certificate | 302 | ||
Obtain a Personal Certificate | 302 | ||
If You Must Remove Certificates | 304 | ||
CERTIFICATES VIA NETSCAPE | 305 | ||
Obtain a Root Certificate | 306 | ||
Obtain a Personal Certificate | 307 | ||
Test Your Certificate | 308 | ||
If the Process Fails | 308 | ||
File Method | 309 | ||
GUI Method | 309 | ||
SUMMARY | 311 | ||
REFERENCES | 311 | ||
23 TEN RISKS OF PKI: WHAT YOU ARE NOT BEING TOLD ABOUT PUBLIC KEY INFRASTRUCTURE | 313 | ||
RISK 1: WHO DO WE TRUST, AND FOR WHAT? | 314 | ||
RISK 2: WHO IS USING MY KEY? | 314 | ||
RISK 3: HOW SECURE IS THE VERIFYING COMPUTER? | 315 | ||
RISK 4: WHICH JOHN ROBINSON IS HE? | 315 | ||
RISK 5: IS THE CA AN AUTHORITY? | 316 | ||
RISK 6: IS THE USER PART OF THE SECURITY DESIGN? | 317 | ||
RISK 7: WAS IT ONE CA OR A CA PLUS A REGISTRATION AUTHORITY? | 317 | ||
RISK 8: HOW DID THE CA IDENTIFY THE CERTIFICATE HOLDER? | 317 | ||
RISK 9: HOW SECURE ARE THE CERTIFICATE PRACTICES? | 318 | ||
RISK 10: WHY ARE WE USING THE CA PROCESS, ANYWAY? | 319 | ||
24 USING A CERTIFICATE | 321 | ||
DIGITALLY SIGNING E-MAIL MESSAGES | 321 | ||
Automatically Signing All Outgoing Messages | 322 | ||
PROCEDURES FOR USING A PERSONAL DIGITAL CERTIFICATE | 322 | ||
Removing and Installing Trusted Personal Digital Certificates | 323 | ||
Trusted Publisher Designation | 324 | ||
Advanced Security Options Configuration for Authentication and Personal Digital Certificate Features | 325 | ||
SUMMARY | 325 | ||
25 CERTIFICATE REVOCATION WITH VERISIGN MANAGED PKI: FLEXIBLE, OPEN REVOCATION SOLUTIONS FOR TODAY’S ENTERPRISE PKI NEEDS | 326 | ||
TODAY’S NEEDS | 327 | ||
REVOCATION FUNCTIONS IN VERISIGN MANAGED PKI | 328 | ||
Revoking a Certificate | 328 | ||
CRLs | 328 | ||
Managed PKI Validation Module for Web Servers | 328 | ||
Online Status (OCSP) | 329 | ||
Client-Side Revocation Checking | 329 | ||
AVAILABLE REVOCATION MECHANISMS | 329 | ||
Certificate Revocation Lists (CRLs) | 330 | ||
Partitioned CRLs | 330 | ||
Online Certificate Status Protocol (OCSP) | 330 | ||
Trusted Directories | 331 | ||
SUMMARY | 331 | ||
Open PKI—Best-of-Breed Applications | 331 | ||
More Options | 331 | ||
Lowest Total Cost | 331 | ||
Real-World Non-Repudiation | 332 | ||
COMPARATIVE FEATURE SUPPORT: VERISIGN-ENTRUST | 332 | ||
NOTES | 333 | ||
26 SUMMARY, CONCLUSIONS, AND RECOMMENDATIONS | 334 | ||
SUMMARY | 334 | ||
CONCLUSIONS | 336 | ||
Secret Key Cryptography | 336 | ||
The Secret Key Distribution and Management Problem | 338 | ||
Foundations of Public Key Cryptography | 341 | ||
The Problem of Factoring Large Numbers | 341 | ||
Public Key Cryptography and Digital Signatures | 341 | ||
Trusting a Public Key | 342 | ||
The Internet Public Key Infrastructure | 344 | ||
The Infrastructure Topology | 345 | ||
Certificate Revocation | 347 | ||
CRL Distribution Points | 347 | ||
Cross-Domain Certification | 349 | ||
Certificate Validation | 351 | ||
Validate the Trust Chain | 351 | ||
Determine the Certificate Revocation Status | 352 | ||
Determine the Certificate Usage | 352 | ||
Managing the Private Key | 352 | ||
Attribute Certificates: The Next Evolution of PKIX | 354 | ||
RECOMMENDATIONS | 355 | ||
Designing Issues | 355 | ||
From the Buy Side | 356 | ||
Builder’s Choice | 357 | ||
Certified, But Safe? | 358 | ||
NOTES | 359 | ||
V APPENDICES | 360 | ||
Appendix A CONTRIBUTORS OF PKI SOFTWARE SOLUTIONS | 361 | ||
ENTRUST | 361 | ||
BALTIMORE TCCHNOLOGIES | 362 | ||
VERISIGN | 362 | ||
OTHER VENDORS | 362 | ||
RSA Security | 363 | ||
Xcert | 363 | ||
Certicom | 363 | ||
Microsoft | 363 | ||
Netscape, Digital Signature Trust, and Interclear | 363 | ||
Appendix B PKI PRODUCTS: IMPLEMENTATIONS, TOOLKITS, AND VENDORS | 364 | ||
Appendix C COMPREHENSIVE LIST OF CERTIFICATE AUTHORITIES (CAS) | 367 | ||
Appendix D INFORMATION SECURITY MANAGEMENT ISSUE STANDARDS | 371 | ||
ACTIVITIES | 371 | ||
EVALUATION CRITERIA FOR INFORMATION SECURITY SYSTEMS | 372 | ||
SAFEGUARDS | 372 | ||
THREATS | 373 | ||
TRUSTED THIRD PARTIES | 373 | ||
Appendix E INFORMATION SECURITY TECHNICAL ELEMENTS STANDARDS | 374 | ||
CERTIFICATES | 374 | ||
DIGITAL SIGNATURES | 377 | ||
ENCRYPTION | 378 | ||
KEYS | 379 | ||
HASH FUNCTION | 380 | ||
Appendix F BASIC CERTIFICATES FOR WEB ADMINISTRATION | 381 | ||
SSL WEB SERVER CERTIFICATE ADMINISTRATION | 381 | ||
WHY YOU NEED AN SSL WEB SERVER CERTIFICATE | 381 | ||
WHAT’S IN IT FOR YOU | 382 | ||
Appendix G GLOSSARY | 383 | ||
INDEX | 391 | ||
More eBooks at www.ciando.com | 0 |