Ask Slashdot: Is there an Open PKI initiative? 34
Psarchasm
asks:
"Recently I've begun looking into PKIs
(Public Key Infrastructures). And with all
the pros I've found (desktop security, IPSec/VPN,
digital signatures, running our own
Certificate Authority - I seem to have run
into a rather unfortunate con. I
can't find an Open Source PKI initiative.
Is there any work being done on an Open
Source CA server? How about a PGP Key
Server? Would it be possible to
implement something semi-secure in
a closed environment with a combination of
PHP3/SQL/LDAP for a PGP Key Server?"
Odds n Ends (Score:1)
Hack something on top of JNDI [sun.com] ?
There's also Globus [globus.org] but they don't provide copyright info.
Also a no-export thang at MIT [mit.edu].
OpenSSL/SSLeay is all you need (Score:1)
The difficulty in being a CA is not the software, but rather the business systems that must be developed and adhered to in order to insure correct authentication, legal accountability and strong security.
I suspect that a company looking to set up a CA would spend orders of magnitude more on Lawyers than on software.
you hsve to pay now (Score:1)
I have looked for a service to issue me a key, and typical costs are $10 to $30 for a year. Any open source initiative would require a constant administration which would cost something, as they're very few volunteers who can spend 100 percent time that an effort like this would require.
Is cost a problem? (Score:1)
No, cost is not the problem perse. What bothers me is having to pay to sign and say "its me". I am not versed enough to say how easy it is to generate a digital key/signature -
I could be overly sensitive though - how much do notary publics charge?
PHP + LDAP Article (Score:1)
-Rasmus
SPKI (Score:1)
http://www.ietf.org/html.charters/spki-charter.
--
Not really "Open Source" but ... (Score:1)
btw. what exactly do you mean by "Open Source" in this context?
support for GPG? (Score:1)
Off topic, but contact me... (Score:1)
Patents will stymie you (Score:1)
However, I believe RSA's patent(s) was (were) issued in 1983. Thus, it may be that the 17-year lifetime of that grant will expire very soon! Does anyone know whether that's true?
Is cost a problem? (Score:1)
I'm a Notary Public, and as far as I know this isn't a typical service that notaries offer. The legal infrastructure just isn't there in most states. I guess I could notorize a document containing your public key and signature, but its legal validity is questionable.
However, if you need me to marry you to someone, give me a call!
IBM pki toolkit (Score:1)
I believe that IBM has released an opensource x.509v3 toolkit
(libraries and tools + some oscp stuff if I remember right) for unconditional use.
There was the usual export crapola so I have not been able to look at it myself.
I agree that this needs to be done!
It might be a good idea to do it in close cooperation (if not within) the
openssl [openssl.org] project who have to deal with certificates anyway
and probably already have much of the code needed. Perhaps someone
from openssl reads slashdot and can say something about their
plans in the pki area.