Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Ask Slashdot: Is there an Open PKI initiative? 34

Posted by Cliff from the stuff-to-discuss dept.
Psarchasm asks: "Recently I've begun looking into PKIs (Public Key Infrastructures). And with all the pros I've found (desktop security, IPSec/VPN, digital signatures, running our own Certificate Authority - I seem to have run into a rather unfortunate con. I can't find an Open Source PKI initiative. Is there any work being done on an Open Source CA server? How about a PGP Key Server? Would it be possible to implement something semi-secure in a closed environment with a combination of PHP3/SQL/LDAP for a PGP Key Server?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Is there an Open PKI initiative? More

Ask Slashdot: Is there an Open PKI initiative?

Comments Filter:
  • I looked around too but with little luck.

    Hack something on top of JNDI [sun.com] ?

    There's also Globus [globus.org] but they don't provide copyright info.

    Also a no-export thang at MIT [mit.edu].

  • To act as a CA, all you need is OpenSSL (or its progenitor SSLeay). Both include scripts which, after a little tweaking, will allow you to sign certificate requests.

    The difficulty in being a CA is not the software, but rather the business systems that must be developed and adhered to in order to insure correct authentication, legal accountability and strong security.

    I suspect that a company looking to set up a CA would spend orders of magnitude more on Lawyers than on software.
  • Posted by Mr. Assembly:

    I have looked for a service to issue me a key, and typical costs are $10 to $30 for a year. Any open source initiative would require a constant administration which would cost something, as they're very few volunteers who can spend 100 percent time that an effort like this would require.
  • Posted by Mr. Assembly:

    No, cost is not the problem perse. What bothers me is having to pay to sign and say "its me". I am not versed enough to say how easy it is to generate a digital key/signature -
    I could be overly sensitive though - how much do notary publics charge?
  • I wrote an article for the May issue of WebTechniques on PHP + LDAP. It walks you through how to build a web interface for an LDAP directory. Look for it.

    -Rasmus
  • Be sure to check out this draft IETF standard, the Simple Public Key Infrastructure:

    http://www.ietf.org/html.charters/spki-charter.h tml
    --
  • The German c't magazine runs it's crypto campaign for over a year now and regularily offers key signing services (with personal ID checks) at expos and other public events.

    btw. what exactly do you mean by "Open Source" in this context?
  • Will a PGP keyserver also serve keys for GPG? Or is that a stupid question? I don't know enough about PKCS to discern.
  • I'm a lowly law student with a bit of a commercial aspiration. It concerns a networking service aimed at businesses with a special need for confidential communications. I'm going to roll a custom distro based on debian that can be installed on pc/servers to make a cheap but secure server/network. By Dec 1999, I hope to be ready to offer these services. Then, I would begin implementation mid-2000. I think this idea has huge ramifications and can translate into other business opportunities later. I'm a student, so I plan on starting from a shoe-string. Since this is a service, it will not need too much start-up capital. I hate to seek commercial promotion here, but my isolation dictates communication where I can. Email me.
  • Unfortunately, the difficulty in public key technology isn't obtaining the algorithms or reasonable source code for it. RSA and Diffie-Hellman software patents cover a pretty wide range of possible approaches to public key encryption, so any open source project would run the risk of infringement. (The reason PGP is still in existence in the U.S. is that RSA granted them license to use the RSA algorithm for noncommercial PGP use. So PGP isn't a suitable candidate for open source either.)

    However, I believe RSA's patent(s) was (were) issued in 1983. Thus, it may be that the 17-year lifetime of that grant will expire very soon! Does anyone know whether that's true?

  • I'm a Notary Public, and as far as I know this isn't a typical service that notaries offer. The legal infrastructure just isn't there in most states. I guess I could notorize a document containing your public key and signature, but its legal validity is questionable.

    However, if you need me to marry you to someone, give me a call! :-) [notaries can marry in ME, SC, and FL!]


  • I believe that IBM has released an opensource x.509v3 toolkit
    (libraries and tools + some oscp stuff if I remember right) for unconditional use.
    There was the usual export crapola so I have not been able to look at it myself.
    I agree that this needs to be done!

    It might be a good idea to do it in close cooperation (if not within) the
    openssl [openssl.org] project who have to deal with certificates anyway
    and probably already have much of the code needed. Perhaps someone
    from openssl reads slashdot and can say something about their
    plans in the pki area.

Slashdot Top Deals

"Experience has proved that some people indeed know everything." -- Russell Baker

Close