BKUNDISI.RVW 980221 "Understanding Digital Signatures", Gail L. Grant, 1998, 0-07-012554-6, U$34.95 %A Gail L. Grant %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 1998 %G 0-07-012554-6 %I McGraw-Hill Ryerson/Osborne %O U$34.95 905-430-5000 fax: 905-430-5020 louisea@McGrawHill.ca %P 298 p. %T "Understanding Digital Signatures" Part one is general background. Chapter one is a brief and rough background of the Internet. Some of the statements are questionable, as are a number of the figures, but it is probably reasonable for the target business audience. The title "Security and the Internet," for chapter two, is only half right. Some general topics that security needs to address are raised, but the Internet isn't mentioned. (The figures convey even less information than in the first chapter, and the situation is not helped by the fact that the figure numbers are not used in the text, so the reader has no idea what passage they are supposed to support.) Again, "Securing the Internet," in chapter three, is a reasonable basic primer on cryptography for the non- technical, but doesn't talk about the Internet yet. The most important point made is the difference between encryption and authentication. Chapter four, on the public key infrastructure, is the weakest, in that it only deals with hierarchical certificate authority systems. It is interesting that the term "network of trust," seemingly used for a group of certificate authorities, is so similar to the term "web of trust" which PGP (Pretty Good Privacy) uses for such a radically different concept. Part two is entitled "Case Studies," and it does have them, but not in the usual style. "Uses of Public Key Systems," in chapter five, still seems to belong to the background section. Chapters six, seven, and eight, on identification and authentication, securing communication, and application integration, say *that* certificates are being used, but give almost no information on how. Chapter nine lists the operational steps in a SET (Secure Electronic Transaction protocol) transaction. Part three looks at technical, legal, and business issues, and at the development of requirements specifications for digital signatures. Chapter ten is only technical by the broadest possible definition of the term, and does not provide enough detail or background for readers to begin to make the decisions that might be necessary. The legal issues chapter eleven raises are at least clear enough to have legal counsel begin to consider, and are not as US-centric as is normally the case. Chapter twelve's review of business issues is a decent discussion starter. The requirements planning tools in chapter thirteen are probably too generic to be of use without further background. Part four is a listing of vendors. Each vendor entry provides contact information, company background, and a description of products or services. Many also list distinctives of the companies, future intentions, and a list of major customers. Chapters cover vendors of certificate authority products and application toolkits. A final chapter looks at the future. copyright Robert M. Slade, 1998 BKUNDISI.RVW 980221