Rescorla begins with a rapid introduction to security and cryptography and a brief history of SSL protocols (TLS or Transport Layer Security is the IETF-endorsed version). Two chapters then describe SSL itself, the first covering server authentication using RSA (the original motivation for SSL and still by far its most common use) and the second other algorithms (Kerberos, FORTEZZA) and modes such as client authentication and session resumption.
The remaining chapters cover specialised topics. A chapter on security looks at protecting keys, random number generation, certificate chain verification, and some of the known attacks on SSL, such as timing cryptanalysis and the "million message attack". A chapter on performance explains the basic problem (cryptography is expensive), then goes into the details of variations with algorithm and mode (and language, with C recommended over Java) and the use of hardware acceleration. There is also a chapter on designing with SSL and one on coding (and appendix A has forty-odd pages of sample code).
Two chapters consider special issues with running HTTP over SSL (HTTPS) and SMTP over TLS. Issues with HTTP include reference integrity (ensuring the client is talking to the server it thinks it's talking to), virtual hosts, proxies, and downgrade attacks. With SMTP relaying introduces major complications. A final chapter looks at some alternative approaches, most importantly IPsec, Secure HTTP, and S/MIME. This material provides some interesting examples of interaction between complex protocols.
Note: thanks to Timothy Lord for suggestions for this review.
March 2001
- External links:
-
- buy from Amazon.com or Amazon.co.uk
- details at Addison-Wesley
- Related reviews:
-
- books about networking
- books published by Addison-Wesley