[ISN] Book Review: "Web Security", Rohit Khare

From: mea culpa (jerichot_private)
Date: Thu Jul 23 1998 - 23:38:58 PDT

  • Next message: mea culpa: "[ISN] Book Review: "Web Security and Commerce", Simson Garfinkel/Gene Spaff"

    From: "Rob Slade" <rsladet_private>
    
    BKW3JI23.RVW   980411
    
    "Web Security", Rohit Khare, 1997, 1-56592-329-4 ISSN 1085-2301,
    U$29.95/C$42.95
    %E   Rohit Khare editort_private
    %C   103 Morris Street, Suite A, Sebastopol, CA   95472
    %D   1997
    %G   1-56592-329-4 ISSN 1085-2301
    %I   O'Reilly & Associates, Inc.
    %O   U$29.95/C$42.95 800-998-9938 fax: 707-829-0104 nutst_private
    %P   272 p.
    %S   World Wide Web Journal
    %T   "Web Security: A Matter of Trust"
    
    Many issues of the World Wide Web Journal coincide with major
    specification announcements: Web standards that have been in process,
    and anticipated, for some time determine the topic.  That does not
    seem to be the case with this issue, although the first report covers
    the use of PICS (Platform for Internet Content Selection) 1.1 labels
    for DSig 1.0 signature labels, the second gives more detail on DSig,
    and the third reports on the Joint Electronic Payment Initiative
    (JEPI).
    
    Still, the "technical" papers in this issue seem to have a decidedly
    philosophical bent.  This emphasis is not necessarily a bad thing,
    since it serves to redirect attention from the minutiae of Web server
    "hole patching" and towards a more fundamental question, that of
    trust.  An interesting reversal of perspective occurs when you turn
    from the concept of a closed and opaque system to one where
    everything, including identity, is transparent.
    
    Topics included in the papers include a cryptography primer, the
    REFEREE system for trust management, SSL (Secure Sockets Layer) and
    the free SSLeay implementation, security for the DNS (Domain Name
    System), name server security in BIND, security in CGI (Common Gateway
    Interface) and API (Application Programmer Interface) programming,
    secure electronic business with E2S (End-to-End Security), concerns
    and benefits with medical record availability, digital signature
    legislation and regulation, and the risks and government promotion of
    key escrow and recovery.
    
    copyright Robert M. Slade, 1998   BKW3JI23.RVW   980411
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:38 PDT