On Saturday 08 December 2007 11:31:50 am Nelson Bolyard wrote: > I need a way to bring some people up to speed on the details of PKI and > RFC 3280, ideally without me spending a lot of time teaching. > > I'm hoping there's a good book that offers a tutorial about PKI, and > explains certs, CRLs, OCSP, and the (IETF) standard extensions for certs > and CRLs. It needs to cover the use of policy extensions. > > Ideally it would NOT spend a lot of text on other subjects (e.g. how > crypto algorithms work, or how SSL or S/MIME or IPSec or other security > protocols work, but that's not a major consideration. > > Can you suggest a good book for that purpose? If found Chapter 3 of the OpenSSL book from OReilly to be quite OK. http://www.oreilly.com/catalog/openssl/ Chapter 10 of the Secure Programming Cookbook (same authors, mostly) is probably about as good. http://www.oreilly.com/catalog/secureprgckbk/ Both of those are quite openssl-centric, and it is just one chapter in each book.
That book recommends "Planning for PK: Best Practices Guide for Deploying Public Key Infrastructure" by Russ Housley and Tim Polk. I've never even seen a copy. If (and only if) you want them to be cynical about PKI, they should read: http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf (also http://www.cs.auckland.ac.nz/%7Epgut001/pubs/notdead.pdf or http://csdl.computer.org/comp/mags/co/2002/08/r8toc.htm) If that isn't enough: http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html and http://www.cs.auckland.ac.nz/%7Epgut001/pubs/x509guide.txt Brad _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto