BKBBIPSR.RVW 20000614 "Big Book of IPsec RFCs", Pete Loshin, 2000, 0-12-455839-9, U$34.95/C$48.95 %E Pete Loshin pete@loshin.com %C 340 Pine Street, 6th Floor, San Francisco, CA 94104-3205 %D 2000 %G 0-12-455839-9 %I Morgan Kaufmann Publishers %O U$34.95/C$48.95 415-392-2665 fax: 415-982-2665 mkp@mkp.com %T "Big Book of IPsec RFCs: Internet Security Architecture" RFC (Request For Comments) documents are the standard references of the Internet. (Not that all of them are standards as such: some are discussion papers or even opinion pieces. RFC 1796 has an interesting take on this fact.) IPsec is that group of articles dealing with security. The RFCs are important materials. They are also available online, for free. Why, then, would you pay for a collection of them? Fortunately for the ease of my review, Loshin asks this question, and gives a detailed answer, in the introduction. In the first place, you'll probably want to print out the documents at some time, and this is probably one of the cheapest ways to do it. (Certainly one of the most convenient.) Also, this is a collection of the IPsec standards, and therefore the compilation work has been done for you. Finally, Loshin has provided an extensive index, which greatly increases the value of the text. (Original formatting has been retained, and the individual manuscripts preserve their page numbering: the index can be used to point to items in the RFCs even for those referring to the online forms.) Twenty three RFCs are included in the book. Fortunately for Loshin's effort, one of the documents provides an overview of net security and another presents a structure for the RFCs themselves. Each contains its own definitions of terminology, although an aggregated glossary would have been helpful. The items are listed in numerical order, as is suitable for a reference work: RFC 2401, on security architecture, is possibly the best starting point for newcomers, but is roughly in the middle of the book, and RFC 2411, describing the relationships among the RFCs, comes near the end. Topics include the MD4 and MD5 digest algorithms, using MD5 for IP authentication, ESP (Encapsulating Security Payload) encryption, RC5 encryption, hashed message authentication code (HMAC), the CAST-128 algorithm, test cases for message digests, RC2 encryption, security architecture, the authentication header, Internet Security Association and Key Management Protocol (ISAKMP), security associations, Internet Key Exchange (IKE), NULL encryption, a document roadmap, OAKLEY key determination, and the Diffie-Hellman key agreement method. For those needing, or even wanting, to know about IPsec, this is the reference. copyright Robert M. Slade, 2000 BKBBIPSR.RVW 20000614