This book is an exposition of the state of the art in cryptography, and describes how the standards bodies have adopted cryptography standards. It is one of the first books that tries to explain cryptography, while simultaneously illustrating how the cryptography standards are adopted into various international standards bodies. The emphasis on standards will be particularly helpful to product managers when making decisions about what standards need to be considered when building secure products. The book mentions a companion Web site, which lists corrections since the first edition was published, and other resources of interest to the reader.
After spending a few chapters on standards bodies, and some basic prerequisite materials, the authors jump into details in chapter 4. Chapters 4 and 5 describe the encryption algorithms, and how they are adopted by standards bodies. Chapter 6 goes into detail on cryptographic hash functions. These are explained clearly, and guidelines for choosing one are presented. One of the more popular hash functions described in the book, SHA-1, has been reported as cracked as of February 2005 (after the book was published), and it will be interesting to see if the authors describe the implications of this with respect to standards body adoption on the companion Web site, and in subsequent editions of the book. The book goes into depth in illustrating the concepts behind message authentication codes, digital signatures, nonrepudiation mechanisms, and authentication protocols. One of the strong points of the book is that it provides a lengthy list of reference materials, including pointers to standards documents describing the protocols described in the book. Three chapters are devoted to key management protocols, which many cryptographic methods rely on. As in other chapters, references to the standards are included throughout. There is a chapter on the future of cryptographic standards as well, toward the end of the book.
Overall, this is a good book on cryptography standards, describing them in a simple way. One will find many algorithms here, and descriptions of their use, but not a discussion of how they are implemented and put together in systems. One could read this book, get a feel for the cryptographic algorithms, and then read books on Internet protocol security (IPSec) or other mechanisms that use these algorithms, and provide a secure way of communicating between different systems.