Public Key Infrastructure: Building Trusted Applications and Web Services
von: John R. Vacca
Auerbach Publications, 2004
ISBN: 9780203498156
Sprache: Englisch
408 Seiten, Download: 12437 KB
Format: PDF, auch als Online-Lesen
geeignet für:
| CONTENTS | 10 | ||
| FOREWORD | 28 | ||
| ACKNOWLEDGMENTS | 29 | ||
| INTRODUCTION | 30 | ||
| I OVERVIEW OF PKI TCCHNOLOGY | 43 | ||
| 1 PUBLIC KEY INFRASTRUCTURES (PKIS): WHAT ARE THEY? | 48 | ||
| WHAT IS PKI? | 48 | ||
| WHAT DOES PKI OFFER? | 49 | ||
| Non-Repudiation | 49 | ||
| Privacy | 49 | ||
| Integrity | 50 | ||
| Accountability | 50 | ||
| Trust | 50 | ||
| BASIC SECURITY CONCEPTS | 50 | ||
| Access Control Policy | 50 | ||
| Something the User Knows | 51 | ||
| Something the User Possesses | 51 | ||
| Something the User Is | 51 | ||
| Distributed Systems and Password Authentication | 52 | ||
| Multiple Passwords: One for Each System/Application | 52 | ||
| Same Password: Replicated in Each System | 52 | ||
| Single Sign-On Software | 52 | ||
| Directory Server | 53 | ||
| Symmetric and Asymmetric Encryption | 53 | ||
| Hashing | 55 | ||
| Digital Signature | 56 | ||
| Digital Signature Associated with Message Encryption | 57 | ||
| HOW PUBLIC AND PRIVATE KEY CRYPTOGRAPHY WORKS | 58 | ||
| PKI Entities | 61 | ||
| Certification Authority (CA) | 61 | ||
| Registration Authority (RA) | 61 | ||
| Subscriber | 61 | ||
| Relying Party | 61 | ||
| Repository | 62 | ||
| Certification | 62 | ||
| Subject Certification | 62 | ||
| Certificates | 62 | ||
| Cross Certification | 63 | ||
| Certification Path | 63 | ||
| CA Relationships of a PKI | 64 | ||
| General Hierarchy | 64 | ||
| Top-Down Hierarchy | 64 | ||
| Web of Trust | 65 | ||
| Validation | 65 | ||
| Revocation | 65 | ||
| Authentication | 66 | ||
| Keys and Key Pair Models | 66 | ||
| Key Management | 67 | ||
| Key Generation | 67 | ||
| Storage of Private Keys | 67 | ||
| Revocation of Public Keys | 67 | ||
| Publication of Certificates and CRLs | 68 | ||
| Key Update | 68 | ||
| Backup/Recovery | 68 | ||
| Escrow/Recovery | 69 | ||
| Certificate Life Cycle | 69 | ||
| RELATED TCCHNOLOGIES | 69 | ||
| CMS: Cryptographic Message Syntax (CMS) | 69 | ||
| Secure Sockets Layer (SSL) | 69 | ||
| Secure E-mail/S/MIME | 71 | ||
| Virtual Private Network (VPN) | 71 | ||
| Pretty Good Privacy (PGP) | 71 | ||
| SUMMARY | 72 | ||
| References | 72 | ||
| 2 GROWING A TREE OF TRUST | 73 | ||
| WHAT ARE PUBLIC KEY INFRASTRUCTURES? | 73 | ||
| WORK PERFORMED BY CERTIFICATE AUTHORITIES | 75 | ||
| Root Certificate Authority | 75 | ||
| What Is a Certificate Revocation List (CRL)? | 75 | ||
| PROTECT THOSE KEYS! | 76 | ||
| ATTACKING THE CERTIFICATE AUTHORITY | 77 | ||
| External Attacks on the CA | 77 | ||
| Internal Attacks on the CA | 77 | ||
| WHAT CAN BE DONE WITH STOLEN PRIVATE KEYS? | 77 | ||
| CERTIFICATE PRACTICE STATEMENTS (CPSs) | 78 | ||
| DETERMINE YOUR PKI READINESS | 78 | ||
| Build or Buy? | 78 | ||
| 3 IN PKI WE TRUST? | 80 | ||
| LOOKING OUTWARD | 80 | ||
| A BIG DECISION | 81 | ||
| SERVICE FEATURES | 82 | ||
| TAKE YOUR PICK | 83 | ||
| VeriSign OnSite 4.6 | 84 | ||
| Entrust Technologies Entrust@YourService | 86 | ||
| Baltimore Technologies Managed PKI Service | 88 | ||
| PKI SERVICES | 92 | ||
| 4 PKI STANDARDS | 93 | ||
| GENERAL PKIX STANDARDIZATION REQUIREMENTS | 94 | ||
| Standardization Areas of PKIX | 94 | ||
| Profiles of X.509 v3 Public Key Certificates and X.509 v2 Certificate Kevocation Lists (CRLs) | 94 | ||
| Management Protocols | 94 | ||
| Operational Protocols | 94 | ||
| Certificate Policies and Certificate Practice Statements | 95 | ||
| Timestamping and Data Certification/Validation Services | 95 | ||
| Functionality of Public Key Infrastructure | 96 | ||
| Privilege Management Infrastructure (PMI) | 97 | ||
| WORKING GROUP DESCRIPTION | 98 | ||
| PKIX Ongoing Work Items | 99 | ||
| PKIX New Work Items | 99 | ||
| SUMMARY | 99 | ||
| 5 TYPES OF VENDOR AND THIRD-PARTY CA SYSTEMS | 106 | ||
| PKI BASICS | 107 | ||
| PKI VENDOR MARKETPLACE | 107 | ||
| Baltimore Technologies | 108 | ||
| Entrust | 109 | ||
| GeoTrust | 110 | ||
| RSA Security | 111 | ||
| VeriSign | 112 | ||
| OTHER PKI VENDORS | 113 | ||
| nCipher | 113 | ||
| Certicom | 113 | ||
| Computer Associates | 114 | ||
| Digital Signature Trust (Identrus) | 114 | ||
| Novell | 114 | ||
| Windows 2000/XP | 114 | ||
| SUMMARY | 114 | ||
| 6 UNDERSTANDING DIGITAL CERTIFICATES AND SECURE SOCKETS LAYER (SSL) | 116 | ||
| DIGITAL CERTIFICATES | 116 | ||
| WEB SERVER CERTIFICATES | 117 | ||
| CA CERTIFICATES | 117 | ||
| SECURE SOCKETS LAYER (SSL) | 118 | ||
| How Certificates Are Used in an SSL Transaction | 118 | ||
| WHAT’S NEXT? | 119 | ||
| 7 CA SYSTEM ATTACKS | 120 | ||
| EXTERNAL ATTACKS ON THE CA | 120 | ||
| INTERNAL ATTACKS ON THE CA | 120 | ||
| PROTECTING THE CA ROOT KEY FROM ATTACK | 121 | ||
| Security Properties of a FIPS 140–1 Level 3 Cryptographic Module | 123 | ||
| Physical Tamper Protection | 124 | ||
| Attack Resistance—Cryptographic Solutions in FIPS Validated Hardware | 125 | ||
| The Copy Attack | 125 | ||
| Modification Attacks | 125 | ||
| Theft of the PC or Computer Containing the Cryptographic Software | 126 | ||
| Trusted Path | 126 | ||
| SUMMARY | 129 | ||
| REFERENCES | 130 | ||
| 8 KEY ESCROW VERSUS KEY RECOVERY | 131 | ||
| INTRODUCTION | 131 | ||
| AN ENCRYPTION PRIMER | 132 | ||
| SECRET KEY CRYPTOGRAPHY | 133 | ||
| PUBLIC KEY CRYPTOGRAPHY | 134 | ||
| WHY IS ENCRYPTION A THREAT? | 134 | ||
| ARE EXPORT CONTROLS THE ANSWER? | 135 | ||
| “STRONG CRYPTOGRAPHY MAKES THE WORLD A SAFER PLACE” | 135 | ||
| HOW CAN THE THREAT BE COUNTERED? | 137 | ||
| “TRUSTED THIRD PARTY” | 137 | ||
| KEY ESCROW | 137 | ||
| KEY RECOVERY | 138 | ||
| THE CASE AGAINST TRUSTED THIRD PARTY | 138 | ||
| TRUSTED FIRST PARTY | 140 | ||
| ADVANTAGES OF TRUSTED FIRST PARTY | 141 | ||
| THE ROLE OF CERTIFICATE AUTHORITIES | 142 | ||
| CONCLUSION | 142 | ||
| 9 AN APPROACH TO FORMALLY COMPARE AND QUERY CERTIFICATION PRACTICE STATEMENTS | 144 | ||
| INTRODUCTION | 144 | ||
| REQUIREMENTS FOR THE REPRESENTATION OF A CP/CPS | 145 | ||
| SOLUTION-APPROACH | 146 | ||
| Semantic Representation Using Description Logics | 146 | ||
| Description Logics Overview | 147 | ||
| DL Reasoning Services | 147 | ||
| Syntactic Representation | 149 | ||
| CASE STUDY | 149 | ||
| NeoClassic | 149 | ||
| Methodology | 150 | ||
| Examples | 150 | ||
| Asymmetric Key Sizes | 150 | ||
| Activation Actions | 152 | ||
| Key-Pair Generation | 152 | ||
| SUMMARY | 154 | ||
| REFERENCES | 154 | ||
| 10 MANAGED PUBLIC KEY INFRASTRUCTURE: SECURING YOUR BUSINESS APPLICATIONS | 156 | ||
| PROTECTING INFORMATION ASSETS | 156 | ||
| INTRODUCING ENTERPRISE PKI | 157 | ||
| Critical Factors in Running an Enterprise PKI | 158 | ||
| Two Models for PKI Deployment | 158 | ||
| In-House Deployment of Stand-Alone PKI Software | 159 | ||
| Outsourced Deployment to an Integrated PKI Platform | 159 | ||
| The VeriSign Value Proposition | 160 | ||
| ELEMENTS OF ENTERPRISE PKI | 160 | ||
| Managed PKI Functionality | 161 | ||
| Ease of Integration | 163 | ||
| Availability and Scalability | 164 | ||
| Availability | 164 | ||
| Scalability | 164 | ||
| Security and Risk Management | 164 | ||
| Physical Security | 165 | ||
| Customer Practices Support | 165 | ||
| Expertise | 166 | ||
| Scope of Operation | 166 | ||
| Broad Community Enablement | 166 | ||
| Cross Certification | 167 | ||
| FEATURES SUMMARY | 167 | ||
| CONCLUSION | 167 | ||
| NOTES | 169 | ||
| 11 PKI READINESS | 170 | ||
| PKI READINESS SOLUTION | 170 | ||
| Designing Issues | 171 | ||
| From the Buy Side | 174 | ||
| Builder’s Choice | 175 | ||
| SUMMARY | 176 | ||
| II ANALYZING AND DESIGNING PUBLICKEY INFRASTRUCTURES | 178 | ||
| 12 PKI DESIGN ISSUES | 180 | ||
| CRYPTOGRAPHY AND PUBLIC KEY TECHNOLOGY | 180 | ||
| PKI DESIGN ISSUES | 182 | ||
| Standards and Crypto | 182 | ||
| PKI Structure | 183 | ||
| PKI Functional Blocks | 184 | ||
| Interdomain | 185 | ||
| Certificate Retrieval | 186 | ||
| Certificate Chains and Trust | 186 | ||
| Cross Certification | 187 | ||
| Revocation | 187 | ||
| Online | 188 | ||
| Revocation Lists and Deltas | 188 | ||
| Revocation Notices | 189 | ||
| Policy | 189 | ||
| PCAs | 189 | ||
| Domain Policy | 190 | ||
| Policy Negotiation | 190 | ||
| SUMMARY | 190 | ||
| REFERENCES | 190 | ||
| 13 PKI RETURN ON INVESTMENT | 192 | ||
| TOTAL COST OF OWNERSHIP: THE “I” IN ROI | 192 | ||
| FINANCIAL RETURNS: THE “R” IN ROI | 193 | ||
| PKI AND RETURN ON INVESTMENT: SUMMARY | 195 | ||
| AUTHOR NOTE | 195 | ||
| 14 PKI STANDARDS DESIGN ISSUES | 197 | ||
| ITU-T STANDARDS | 197 | ||
| PKCS | 197 | ||
| IETF STANDARDS | 202 | ||
| COMPLIANT PKI STANDARDS DESIGN ISSUES | 203 | ||
| PKI Assumptions | 203 | ||
| Building Compliant Certificate Policies and Certification Practice Statement | 204 | ||
| BS7799 Security Compliance | 205 | ||
| What about the Technology? | 205 | ||
| Tying It All Together | 206 | ||
| SUMMARY | 206 | ||
| 15 ARCHITECTURE FOR PUBLIC KEY INFRASTRUCTURE (APKI) | 207 | ||
| 1: REQUIREMENTS ON A PUBLIC KEY INFRASTRUCTURE | 207 | ||
| 1.1 Baseline Requirements for a Global PKI | 207 | ||
| 1.1.1 Required Services | 207 | ||
| 1.1.2 Required Functionality and Characteristics | 207 | ||
| Key Life-Cycle Management | 207 | ||
| Distributed Certificate Management Structure | 209 | ||
| Security of the PKI | 210 | ||
| Time Service | 210 | ||
| Interoperability | 210 | ||
| 1.1.3 Known Issues | 211 | ||
| 1.1.4 Recommendations | 211 | ||
| 1.2 The Importance of Architecture | 211 | ||
| 1.2.1 What Is Architecture? | 211 | ||
| 1.2.2 Interfaces | 211 | ||
| 1.2.3 Protocols | 213 | ||
| 1.2.4 Profiles | 214 | ||
| 1.2.5 Negotiation | 214 | ||
| 2: OVERVIEW OF THE PKI ARCHITECTURE | 215 | ||
| 3: PUBLIC KEY INFRASTRUCTURE COMPONENTS | 216 | ||
| 3.1 Crypto Primitive Components | 216 | ||
| 3.1.1 Function | 216 | ||
| 3.1.2 Protocols | 217 | ||
| 3.1.3 Interfaces | 217 | ||
| 3.1.4 Profiles | 218 | ||
| 3.1.5 Negotiation | 218 | ||
| 3.2 Cryptographic Service Components | 218 | ||
| 3.2.1 Function | 218 | ||
| 3.2.2 Protocols | 219 | ||
| 3.2.3 Interfaces | 219 | ||
| 3.2.4 Profiles | 220 | ||
| 3.2.5 Negotiation | 220 | ||
| 3.3 Long-Term Key Services Components | 221 | ||
| 3.3.1 Function | 221 | ||
| 3.3.2 Protocols | 223 | ||
| Virtual Smartcard Service | 223 | ||
| Certificate Management | 224 | ||
| Public Key Delivery and Verification | 225 | ||
| 3.3.3 Interfaces | 225 | ||
| Virtual Smartcard Service | 225 | ||
| Public Key Delivery and Verification | 225 | ||
| Certificate Management | 226 | ||
| 3.3.4 Profiles | 227 | ||
| 3.3.5 Negotiation | 227 | ||
| 3.4 Protocol Security Services Components | 227 | ||
| 3.4.1 Function | 228 | ||
| 3.4.2 Protocols | 228 | ||
| 3.4.3 Interfaces | 229 | ||
| 3.4.4 Profiles | 230 | ||
| 3.4.5 Negotiation | 230 | ||
| 3.5 Secure Protocol Components | 230 | ||
| 3.5.1 Function | 231 | ||
| 3.5.2 Protocols | 231 | ||
| 3.5.3 Interfaces | 231 | ||
| 3.5.4 Profiles | 231 | ||
| 3.5.5 Negotiation | 232 | ||
| 3.6 System Security Enabling Components | 232 | ||
| 3.6.1 Function | 232 | ||
| 3.7 Security Policy Services Components | 233 | ||
| 3.7.1 Function | 233 | ||
| 3.7.2 Protocols | 233 | ||
| 3.7.3 Interfaces | 233 | ||
| 3.7.4 Profiles | 234 | ||
| 3.8 Supporting Services Components | 234 | ||
| 3.8.1 Function | 234 | ||
| 4: HARDWARE SECURITY DEVICES IN THE ARCHITECTURE | 234 | ||
| III IMPLEMENTING PKI | 236 | ||
| 16 IMPLEMENTING SECURE WEB SERVICES REQUIREMENTS USING PKI | 237 | ||
| MEASURE PKI’S VALUE | 238 | ||
| KNOW WHAT XKMS PROVIDES | 239 | ||
| THE XKMS VISION: FROM SECURITY TO TRUST | 240 | ||
| PKI WEB SERVICES | 241 | ||
| 17 VERISIGN’S FOUNDATION IN MANAGED SECURITY SERVICES | 243 | ||
| FACTORS DRIVING SECURITY SERVICES | 243 | ||
| CUSTOMER DUE DILIGENCE CHECKLIST | 247 | ||
| VERISIGN’S SECURITY OFFERINGS | 249 | ||
| Security Consulting Services | 249 | ||
| VeriSign Managed Security Services | 249 | ||
| VERISIGN’S MANAGED SECURITY SERVICES: KEY DIFFERENTIATORS | 250 | ||
| Strengths | 250 | ||
| End-to-End Capabilities | 250 | ||
| Event Correlation | 251 | ||
| Proactive Management | 251 | ||
| Web-Based Customer Portal | 252 | ||
| Service Level Agreements (SLAs) | 252 | ||
| Challenges Moving Forward | 252 | ||
| CONCLUSION | 254 | ||
| 18 IMPLEMENTATION AND DEPLOYMENT | 255 | ||
| ESTABLISHING THE BUSINESS CASE: SECURITY AND BUSINESS REQUIREMENTS | 255 | ||
| DETERMINING TECHNICAL REQUIREMENTS | 257 | ||
| DEVELOPING EFFECTIVE POLICIES, PRACTICES, AND PROCEDURES | 258 | ||
| Internal Operating Procedures | 261 | ||
| CREATING A SUCCESSFUL DEPLOYMENT STRATEGY | 261 | ||
| RESOURCE PLANNING | 262 | ||
| AUDITING CONSIDERATIONS | 263 | ||
| SUMMARY | 264 | ||
| REFERENCES | 264 | ||
| 19 IMPLEMENTATION COSTS | 265 | ||
| WHAT IS INVOLVED | 265 | ||
| BUILDING A CA | 266 | ||
| MORE PRODUCT OFFERINGS | 267 | ||
| SUMMARY | 270 | ||
| 20 PKI PERFORMANCE | 271 | ||
| WHAT TO LOOK FOR IN A CA | 271 | ||
| WHAT IS NON-REPUDIATION? | 272 | ||
| MORE CA REQUIREMENTS | 273 | ||
| WHAT WILL A CA EXPECT OF YOU? | 274 | ||
| PKI INFRASTRUCTURE | 275 | ||
| More Than Just Encryption | 275 | ||
| Keys, Certificates, and Signatures | 276 | ||
| Pieces of the Puzzle | 277 | ||
| Keys to the Kingdom | 279 | ||
| Physical Security | 280 | ||
| SUMMARY | 281 | ||
| IV MANAGING PKI | 282 | ||
| 21 REQUESTING A CERTIFICATE | 283 | ||
| REQUESTING A DIGITAL CERTIFICATE | 284 | ||
| REQUESTING DIGITAL CERTIFICATE AUTHENTICATION THROUGH PKI | 284 | ||
| PKI and Web-Based Services | 285 | ||
| Web Services-Based Client Access | 286 | ||
| Telnet-Based Client Access | 287 | ||
| Configuration Store | 289 | ||
| SUMMARY | 289 | ||
| 22 OBTAINING A CERTIFICATE | 291 | ||
| HOW A CERTIFICATE IS USED | 291 | ||
| YOU ONLY NEED ONE | 291 | ||
| PERSONAL CERTIFICATES: A CLOSER LOOK | 291 | ||
| Format of Certificates | 292 | ||
| How to Acquire a Certificate | 293 | ||
| OBTAINING PERSONAL CERTIFICATES | 293 | ||
| CERTIFICATES VIA INTERNET EXPLORER | 293 | ||
| About Installing Certificates | 294 | ||
| Obtain a Root Certificate | 302 | ||
| Obtain a Personal Certificate | 302 | ||
| If You Must Remove Certificates | 304 | ||
| CERTIFICATES VIA NETSCAPE | 305 | ||
| Obtain a Root Certificate | 306 | ||
| Obtain a Personal Certificate | 307 | ||
| Test Your Certificate | 308 | ||
| If the Process Fails | 308 | ||
| File Method | 309 | ||
| GUI Method | 309 | ||
| SUMMARY | 311 | ||
| REFERENCES | 311 | ||
| 23 TEN RISKS OF PKI: WHAT YOU ARE NOT BEING TOLD ABOUT PUBLIC KEY INFRASTRUCTURE | 313 | ||
| RISK 1: WHO DO WE TRUST, AND FOR WHAT? | 314 | ||
| RISK 2: WHO IS USING MY KEY? | 314 | ||
| RISK 3: HOW SECURE IS THE VERIFYING COMPUTER? | 315 | ||
| RISK 4: WHICH JOHN ROBINSON IS HE? | 315 | ||
| RISK 5: IS THE CA AN AUTHORITY? | 316 | ||
| RISK 6: IS THE USER PART OF THE SECURITY DESIGN? | 317 | ||
| RISK 7: WAS IT ONE CA OR A CA PLUS A REGISTRATION AUTHORITY? | 317 | ||
| RISK 8: HOW DID THE CA IDENTIFY THE CERTIFICATE HOLDER? | 317 | ||
| RISK 9: HOW SECURE ARE THE CERTIFICATE PRACTICES? | 318 | ||
| RISK 10: WHY ARE WE USING THE CA PROCESS, ANYWAY? | 319 | ||
| 24 USING A CERTIFICATE | 321 | ||
| DIGITALLY SIGNING E-MAIL MESSAGES | 321 | ||
| Automatically Signing All Outgoing Messages | 322 | ||
| PROCEDURES FOR USING A PERSONAL DIGITAL CERTIFICATE | 322 | ||
| Removing and Installing Trusted Personal Digital Certificates | 323 | ||
| Trusted Publisher Designation | 324 | ||
| Advanced Security Options Configuration for Authentication and Personal Digital Certificate Features | 325 | ||
| SUMMARY | 325 | ||
| 25 CERTIFICATE REVOCATION WITH VERISIGN MANAGED PKI: FLEXIBLE, OPEN REVOCATION SOLUTIONS FOR TODAY’S ENTERPRISE PKI NEEDS | 326 | ||
| TODAY’S NEEDS | 327 | ||
| REVOCATION FUNCTIONS IN VERISIGN MANAGED PKI | 328 | ||
| Revoking a Certificate | 328 | ||
| CRLs | 328 | ||
| Managed PKI Validation Module for Web Servers | 328 | ||
| Online Status (OCSP) | 329 | ||
| Client-Side Revocation Checking | 329 | ||
| AVAILABLE REVOCATION MECHANISMS | 329 | ||
| Certificate Revocation Lists (CRLs) | 330 | ||
| Partitioned CRLs | 330 | ||
| Online Certificate Status Protocol (OCSP) | 330 | ||
| Trusted Directories | 331 | ||
| SUMMARY | 331 | ||
| Open PKI—Best-of-Breed Applications | 331 | ||
| More Options | 331 | ||
| Lowest Total Cost | 331 | ||
| Real-World Non-Repudiation | 332 | ||
| COMPARATIVE FEATURE SUPPORT: VERISIGN-ENTRUST | 332 | ||
| NOTES | 333 | ||
| 26 SUMMARY, CONCLUSIONS, AND RECOMMENDATIONS | 334 | ||
| SUMMARY | 334 | ||
| CONCLUSIONS | 336 | ||
| Secret Key Cryptography | 336 | ||
| The Secret Key Distribution and Management Problem | 338 | ||
| Foundations of Public Key Cryptography | 341 | ||
| The Problem of Factoring Large Numbers | 341 | ||
| Public Key Cryptography and Digital Signatures | 341 | ||
| Trusting a Public Key | 342 | ||
| The Internet Public Key Infrastructure | 344 | ||
| The Infrastructure Topology | 345 | ||
| Certificate Revocation | 347 | ||
| CRL Distribution Points | 347 | ||
| Cross-Domain Certification | 349 | ||
| Certificate Validation | 351 | ||
| Validate the Trust Chain | 351 | ||
| Determine the Certificate Revocation Status | 352 | ||
| Determine the Certificate Usage | 352 | ||
| Managing the Private Key | 352 | ||
| Attribute Certificates: The Next Evolution of PKIX | 354 | ||
| RECOMMENDATIONS | 355 | ||
| Designing Issues | 355 | ||
| From the Buy Side | 356 | ||
| Builder’s Choice | 357 | ||
| Certified, But Safe? | 358 | ||
| NOTES | 359 | ||
| V APPENDICES | 360 | ||
| Appendix A CONTRIBUTORS OF PKI SOFTWARE SOLUTIONS | 361 | ||
| ENTRUST | 361 | ||
| BALTIMORE TCCHNOLOGIES | 362 | ||
| VERISIGN | 362 | ||
| OTHER VENDORS | 362 | ||
| RSA Security | 363 | ||
| Xcert | 363 | ||
| Certicom | 363 | ||
| Microsoft | 363 | ||
| Netscape, Digital Signature Trust, and Interclear | 363 | ||
| Appendix B PKI PRODUCTS: IMPLEMENTATIONS, TOOLKITS, AND VENDORS | 364 | ||
| Appendix C COMPREHENSIVE LIST OF CERTIFICATE AUTHORITIES (CAS) | 367 | ||
| Appendix D INFORMATION SECURITY MANAGEMENT ISSUE STANDARDS | 371 | ||
| ACTIVITIES | 371 | ||
| EVALUATION CRITERIA FOR INFORMATION SECURITY SYSTEMS | 372 | ||
| SAFEGUARDS | 372 | ||
| THREATS | 373 | ||
| TRUSTED THIRD PARTIES | 373 | ||
| Appendix E INFORMATION SECURITY TECHNICAL ELEMENTS STANDARDS | 374 | ||
| CERTIFICATES | 374 | ||
| DIGITAL SIGNATURES | 377 | ||
| ENCRYPTION | 378 | ||
| KEYS | 379 | ||
| HASH FUNCTION | 380 | ||
| Appendix F BASIC CERTIFICATES FOR WEB ADMINISTRATION | 381 | ||
| SSL WEB SERVER CERTIFICATE ADMINISTRATION | 381 | ||
| WHY YOU NEED AN SSL WEB SERVER CERTIFICATE | 381 | ||
| WHAT’S IN IT FOR YOU | 382 | ||
| Appendix G GLOSSARY | 383 | ||
| INDEX | 391 | ||
| More eBooks at www.ciando.com | 0 |