Skip to navigation

Secure Electronic Commerce review

 
Gallery

Verdict

A missed opportunity for all but the inexperienced developer looking for a quick fix to get up to speed without digging too deep into the technicalities. Just don't expect to be able to set up a working PKI after reading it.

Review Date: 1 May 2001

Price when reviewed:

Overall Rating
3 stars out of 6

Subtitled 'Building the Infrastructure for Digital Signatures and Encryption', you could be forgiven for thinking that you're in for a heavy-duty trip down the extremely complex road that is PKI (public key infrastructure). Forgiven but incorrect, because this is less of a hard-core technical reference and hands-on reference guide, and more of an introduction to the whole arena of secure e-commerce development.

Taken in the light of the latter viewpoint, it's actually not a bad read. This is especially true for the less experienced developer in need of a crash course in digital signatures for secure transaction, PKI and certification policies, IPSec, Virtual Private Networking, secure messaging and S/MIME, for example. Yet even they surely wouldn't need the padding that kicks the book off. If you don't already know enough to put the Internet, its applications and communities into the right perspective regarding e-commerce and transaction security, then perhaps you need to re-evaluate exactly why you're doing the job you are.

The more experienced developer will quickly become disillusioned with the lack of decent real-world, hands-on code examples. Like most geeks, I always head straight for the back of a reference book to see how the appendices stand up, or in this case fall down. The first appendix covers forms of agreement for e-commerce, which is great if you're interested in US law as it applies to online transactional processes, but not so hot otherwise. The same applies to the next appendix, devoted to the US Federal E-Sign Act. Things improve with some meaty coverage of ASN.1 notation and X.509 version 3 certificate format usage, and later pages looking at legacy application security standards such as PEM, X.400 and Secure HTTP, and another on public key cryptosystems.

The book is touted as a meeting of technical and legal minds, but to be honest most of the legal content is approached resolutely from the US perspective, with an obligatory nod towards Europe. If you're interested in the US Federal E-Sign Act or the Electronic Funds Transfer Act, then you'll be happy - possibly. It isn't even saved by the technical content, which just doesn't get technical enough. If you're looking for a book that really gets down and dirty with PKI structural technicalities, this isn't it.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

From around the web

Comments

Be the first to comment this article

You need to Login or Register to comment.

(optional)

Latest Books Reviews
Working With X6 review

Working With X6

Rating: 4 out of 6
Programming ASP .NET review

Programming ASP .NET

Rating: 5 out of 6
Visual Basic .NET Programmer's Reference review

Visual Basic .NET Programmer's Reference

Rating: 5 out of 6
Building Secure Software review

Building Secure Software

Rating: 4 out of 6
Cisco Routers for IP Networking review

Cisco Routers for IP Networking

Rating: 5 out of 6

advertisement

Most Commented Reviews
More From PC Pro
Latest News Stories Subscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds
Latest Features
Latest Real World Computing

advertisement

Sponsored Links

Software Store

Only from the PC PRO Software Store
 
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

Create an account

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.