Thanks for all your suggestions. Kyle Hamilton wrote, on 2007-12-07 16:52:
> I haven't read it yet, but a quick Google search turns up > http://ospkibook.sourceforge.net/, the Open-Source PKI Book? I looked it over. It appears to have been written before year 2001. Perhaps parts of it have been updated since then, but others have not. Brad Hards wrote, On 2007-12-07 18:09: > [I've] found Chapter 3 of the OpenSSL book from OReilly to be quite OK. There are a lot of "cookbook" books that might be entitled "how to set up a home brew CA using OpenSSL". I didn't want a book that was focused on any particular implementation. > That book recommends "Planning for PK: Best Practices Guide for Deploying > Public Key Infrastructure" by Russ Housley and Tim Polk. I've never even seen > a copy. Amazon has the entire text of this book online. (Strangely, a search by title didn't find it, but an author search did.) I browsed it quite a bit and decided it was the best choice from among those I found, and ordered a copy. It shed some interesting light on the perspective of the RFC authors on the wisdom of some of the extensions's features. :-) It had more depth on cert extensions than any others I browsed, but not as much as I had hoped. I'm not optimistic that a QA developer can develop positive and negative test cases for explicit policy constraints after reading it. (:-) But if it cuts the teaching time even by half, that will have been a big help. Oh, I wasn't looking for any cynicism from "down under". :-) Thanks again. /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
