[Dshield] Open Source CA / PKI

[Stephane Grobety]

Hello Jon,

JK> Okay folks, this is supposed to be a SECURITY mailing list and PKI is
JK> supposed to be an integral part of any security infrastructure. By the
JK> deafening silence in response to my post, I have to presume that no one
JK> out there has any real PKI experience. I find that REALLY hard to believe!

Why would you assume that ? Doesn't it makes more sense that people
that are doing serious PKI either uses OpenSSL or a proprietary
implementation (like MS Certificate Services ? Yet, your initial
question pretty much said that you where not interested in hearing
about these options.

For reference, I've used and deployed 5 different PKI systems: two are
bases on MS Certificate services (an internal one and one handeled by
an external partner), one is based on the OpenSSl tools and some
scripts (mostly for my own use) and the last two are based on a
proprietary implementation (my own code coupled with the
SecureBlackBox library). Take your pick.

Good luck,
Stephane


Friday, August 22, 2008, 4:40:56 AM, you wrote:

JK> -----BEGIN PGP SIGNED MESSAGE-----
JK> Hash: SHA1

JK> Jon Kibler wrote:
>> Greetings,
>> 
>> I am looking at deploying an open source CA/PKI for a client. 
JK> <SNIP>

JK> I hate to reply to my own posting, but...


JK> So, if you are not deploying PKI, how are you doing cert management for
JK> IPSec, VPNs, etc.? If not PKI, then what?

JK> I find it hard to believe that within all the DShield subscribers, only
JK> one of you have deployed PKI!

JK> A little discussion here, PLEASE!!

JK> Jon Kibler



-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com