Secure, Encrypted, Authenticated and Anonymous Email Implemented
An e-book on Security and Privacy
Review
by
Carl Bussjaeger
Secure, Encrypted, Authenticated and Anonymous Email Implemented, by Jason Featherstone, is an e-book primer on electronic security: Internet in general, and email in particular. As a primer, it is geared towards the rank novice.
At present, SEAAEI is a whopping 5.6 MB download, generally a bit much for a book, but it does include quite a few graphics and AVI movie clips to illustrate examples. And once downloaded and opened up, I spotted another reason for the large file size: The self-extracting zip file includes not only the Windows executable e-book, but also a cross-platform Adobe PDF version. The publisher informed me that the PDF is probably going to be phased out with an upcoming revision of the book. SEAAEI is organized into four basic chapters:
Chapters One and Two are rather general and - for my own taste - a little simplistic; but they do make the point of the need for attention to on-line security. If you don't get the point from the explanations of assorted risks, the author provided some mildly scary realworld examples. With Chapter Three, Pretty Good Privacy, SEAAEI begins to come into its own. This is a fairly detailed tutorial on finding, downloading, installing, and configuring the popular encryption product, PGP. Mr. Featherstone walks the reader through every step of the process, and includes plenty of hyperlinks - both internal to the book and external to 'Net resources - to even more detailed discussions and definitions. If this doesn't get you up and running, you have problems beyond security. <grin> However, I also noted some problems with this chapter. SEAAEI was written in late 2001, yet the PGP version used in the example was 6.5.3, definitely an older version, and obsolete. Yet Mr. Featherstone does not mention the fact that versions older than 6.5.8 are susceptible to Additional Decryption Key (ADK) spoofing. And when discussing the types of keys available to PGP, he states that the use of RSA versus D-H/DSS is simply a matter of user preference. I suppose so, but given reports of improvements in prime factoring that may render RSA keys (especially smaller ones) less secure, my own preference is for D-H/DSS. As already mentioned, a revision of SEAAEI is coming. Mr. Featherstone informed me that the new PGP 8.0 will be discussed. I hope he'll also address the need for keeping your crypto current. Additionally, I hope he'll mention other crypto products, and their advantages, as well as disadvantages. Chapter Four is one of the better introductions to anonymous remailers that I've seen lately. Less technically detailed than cipherpunks' offerings, it nevertheless explains in useable detail the operation and use of these services for erasing your on-line email trail. This may not be terribly useful in the above-board business environment, but I liked it. SEAAEI includes a decent glossary and listings of several software packages for protecting your mail, some freeware, some shareware and traditional commercial applications. I spotted a few things I wanted to check out myself. SEAAEI is a useful book, but its price (starting at US$39.95 - rather high for a book) may restrict its market. Nearly everything in the book is available through on-line searches and inquiries at no cost... if you have the time. The private, individual user may prefer to save his money and spend the time instead picking his friends' brains, reading newsgroups, and playing with search engines. A businessman, especially a busy corporate type is probably going to sensibly decide that time is money, and shell out for this already-correlated information. It could be very valuable for some businesses as an email security training aid for new hires, and current managers might use it when formulating their corporate email-use policies. Minor Criticisms: There are many total novices who aren't working for big businesses, yet can benefit from SEAAEI. I suggest that the Single User License price be lowered to something more like the price of a traditional book. It currently seems that the PDF edition may be going the may of the dodo, leaving only the Win-based executable edition. I'm not a great fan of PDF, but if it goes, Virtual Chambers should definitely provide some cross-platform option, if only a straight HTML version. SEAAEI also has rather a lot of minor spelling, grammar, and punctuation errors; just enough to be disturbing, but not to make the meaning really unclear. These should be cleaned up in the next edition. This executable HTML version used a small font that was rather more annoying, since I don't have a big, fancy, super-high quality monitor. I found myself squinting several times. Summary Overall, a fine introduction to the wonderful world of on-line paranoia, that just might save you from some embarrassing or costly problems. A bit pricey, but depending on the relative value you place on time and money, it could be a good bargain.
Secure, Encrypted, Authenticated and Anonymous Email Implemented
Did you like this article?
|