Security without Obscurity: A Guide to PKI Operations

Most books on public key infrastructure (PKI) seem to focus on asymmetric cryptography, X.509 certificates, certificate authority (CA) hierarchies, or certificate policy (CP), and certificate practice statements. While algorithms, certificates, and theoretical policy are all excellent discussions, the real-world issues for operating a commercial or private CA can be overwhelming. Security without Obscurity: A Guide to PKI Operations provides a no-nonsense approach and realistic guide to operating a PKI system. In addition to discussions on PKI best practices, the book supplies warnings against bad PKI practices. Scattered throughout the book are anonymous case studies identifying both good and bad practices.

Book contents:

  1. Introduction

  2. Cryptography Basics

  3. PKI Building Blocks

  4. PKI Management and Security

  5. PKI Roles and Responsibilities

  6. Security Considerations

  7. Operational Considerations

  8. Incident Management

  9. PKI Governance, Risk and Compliance

  10. Advanced PKI