×

Loading...
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

Sorry for the late reply ...

本文发表在 rolia.net 枫下论坛Depending on what you want to do ...

PGP does not use certificate as far as I know. It uses self signed public key or mutually signed public keys for verification. It's main purpose is to encrypt email. On the other hand, S/MIME is based on PKI, so you'll need a personal certificate if you want to use it with general public. But if you are going to use it within your organization, or use it with a business partner, a self signed CA should be enough.

SSL provides transport layer security. It runs between application layer and TCP/IP layer [1]. Again, if you want to run a server targetting the general public, you'll need to get a certificate from Verisign or Thawte, etc. But if you are going to provide services to your business partners, you might want to consider rolling your own PKI. Further more, if you are going to use it in your own organization, there's little point in applying a certificate from a publically trusted CA.

It all boils down to the level of trust.

BTW, which security book did you find very good in Chapters?

[1] See Introduction to SSL:更多精彩文章及讨论,请光临枫下论坛 rolia.net
Report

Replies, comments and Discussions:

  • 工作学习 / IT技术讨论 / 我查了以下贴发现了这篇不知这位大虾是否已经整理好小弟正在被赶鸭子上架作SSL方面的programming
    • 在那里,很有前途的行业.
    • 这么老的贴子都被你翻出来了!实在抱歉,我的website还没影儿呐:-( 看来在rolia上可是不能再轻易许诺什么啦 :-)
      本文发表在 rolia.net 枫下论坛关于SSL programming,Eric Rescola 的SSL and TLS: Designing and Building Secure Systems [1] 有一些关于SSL programming 的介绍我觉得不错,虽然是基于 OpenSSL 的,但我想对其他的 SSL Toolkit 也应该适用。我有这本书的 hard copy,但对于 SSL 编程的部分只是粗略地看了一下,好像是 SSL 的 API 是对 Socket API 进行了一些修改,这样使得普通的网络应用程序能够比较容易地改写为基于 SSL 的网络应用程序。(我的书放在公司了,所以现在没法给你查对。)

      SSL programming 涉及到网络编程及加密编程,所以对这两方面也应该比较熟悉才对。关于网络编程,我认为最好的书是 W. Richard Stevens 的 UNIX Network Programming, Volume 1: Networking APIs - Sockets and XTI [2]。关于加密的书,我觉得 Alfred J. Menezes 等人写的 Handbook of Applied Cryptography [3] 不错。

      许多 Open Source 的 software projects 都是基于 OpenSSL 的,比如说:
      stunnel (http://www.stunnel.org)
      sslwrap (similar to stunnel, http://www.quiltaholic.com/rickk/sslwrap/)
      mod_ssl (http://www.modssl.org)
      OpenSSH (http://www.openssh.com)
      and various networking software's ssl/tls part: sendmail, postfix, openldap, curl, etc.
      阅读这些软件的源程序应该对掌握 SSL 编程有所帮助。

      关于sercurity programming,我觉得这个命题有点儿太大,应该把它分为若干类才好归纳。有个 website 叫做 Security Bible [4] 我觉得不错,涵盖内容非常广泛,有兴趣可以去看看。

      ----
      [1] About Eric Rescola's book SSL and TLS, See:
      (a) http://cseng.aw.com/book/0,3828,0201615983,00.html
      (b) http://www.amazon.com/exec/obidos/ASIN/0201615983/

      [2] About W. Richard Stevens' book UNIX Network Programming, Volume 1, See:
      http://www.amazon.com/exec/obidos/ASIN/013490012X/

      [3] For Alfred J. Menezes et al's book Handbook of Applied Cryptography, you can get a free online copy at:
      http://www.cacr.math.uwaterloo.ca/hac/

      [4] SecurityFlaw's Information Security Bible:
      http://www.securityflaw.com/bible/更多精彩文章及讨论,请光临枫下论坛 rolia.net
      • 谢谢辉映今天精神抖擞搞掂了PGP. 从MIT下载的软件不错通过使用已经对PGP有一定程度理解明天做一些简单程序测试.
        PGP应属于应用层, client端应有程序解密才行否则就要买地三方certificate) 所以我正在琢磨是否需要作plugin在流浪器方) 大虾是否出手指点两招.

        关于SSL我理解必须要有象verisign or Thawte 等公司的certificate才行而且SSL也应该是比PGP更底层的东西 所以我现在将公司的产品sercurity分为着两个层次, 分别charge客户.
        • 有志同道合者? 近日在chapter发现关于security一好书. 买下. 那位大虾有此类好书交流交流. e-commerce 必定东山再起, security必是关键现公司业务虽然是细水长流但形式看好.望高手现身, 指点
          • E-Commerce? Gosh..... Designing web sites has more future than e-commerce.
            • 说说看.
        • Sorry for the late reply ...
          本文发表在 rolia.net 枫下论坛Depending on what you want to do ...

          PGP does not use certificate as far as I know. It uses self signed public key or mutually signed public keys for verification. It's main purpose is to encrypt email. On the other hand, S/MIME is based on PKI, so you'll need a personal certificate if you want to use it with general public. But if you are going to use it within your organization, or use it with a business partner, a self signed CA should be enough.

          SSL provides transport layer security. It runs between application layer and TCP/IP layer [1]. Again, if you want to run a server targetting the general public, you'll need to get a certificate from Verisign or Thawte, etc. But if you are going to provide services to your business partners, you might want to consider rolling your own PKI. Further more, if you are going to use it in your own organization, there's little point in applying a certificate from a publically trusted CA.

          It all boils down to the level of trust.

          BTW, which security book did you find very good in Chapters?

          [1] See Introduction to SSL:更多精彩文章及讨论,请光临枫下论坛 rolia.net
          • That's ok. Donot worry about that. The book's name is "Web Security, Privacy and Commerce". Hope to get ur reply about the book.
            • That's a pretty good one written by computer security veterans Simson Garfinkel and Gene Spafford. I have their "Practical UNIX & Internet Security" and this one (should be the 2nd edition) is on my to-buy list.