I recently had the pleasure of reading PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks from Cisco Press.
This book sure packs a lot of info into a slim 252 page book. I was pleased to see that there was no lack of technical content.
The book seems to be targeted at experienced cryptographers as well as those reading about the subject for the first time. This is evidenced by the first chapter: Crypto Refresh. This chapter reviews key concepts that lay the foundation for the chapters to come.
I really was impressed with the detailed diagrams included in the explanations and examples. Many times, high level concepts are not illustrated well, leading to confusion. Not so in this book.
This book also includes a nice chapter on troubleshooting. PKI can be a challenge at times to figure out just what is not working. The troubleshooting chapter breaks down the process into three logical areas: Keying Material Generation, Enrollment Process and Certificate Use and Validation. By breaking down the troubleshooting process in this manner, the reader is shown a methodology for identifying and isolating problems in a logical and sequential manner. Yes, there are plenty of examples in this section showing output from devices to support the narratives. The chapter ends with several pages of troubleshooting flow charts that will be a valuable tool for all that are faced with trying to fix PKI problems.
The book also includes chapters on PKI design in general along with specific solutions including Site to Site VPN’s, Remote Access VPN’s, 802.1x, Unified Communications and Cisco Virtual Office.
I have carved out a slot on my security bookshelf for this great little gem. I think that anyone that is currently designing and supporting any PKI infrastructure or someone that is just breaking into PKI can benefit from this book.
You can see excerpts from PKI Uncovered here.