Re: Certificate Authority Services

Subject: Re: Certificate Authority Services
From: Sandy Harris <pashley -at- storm -dot- ca>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Fri, 26 Jul 2002 13:09:37 -0400


Pegasus Writer wrote:
>
> ... Can anyone point me to a Web site - perhaps more than one -
> that provides some sort of list of Certificate Authority+ Services? ...
>
> For what it's worth, I need this information for a manual for a new product
> that requires the customer to purchase and install an X.509 Version 3
> Digital Certificate. They can use any CA Service Company they choose, but I
> would like to tell there where/how to look for one.

Do you need to cover how to decide if the ones you find are trustworthy?
I would think so, and also that it might be hard.

Early this year, someone managed to get a microsoft.com cert from their
vendor by clever lying in a phone call. It was several months before
this was detected. I'd bet large amounts that that vendor has since
tightened up their phone procedures. However, I would not be confident
that there are no other holes for an EvilDoer to exploit.

As for Bob's Bait, Tackle and X.509 Shop, why should I imagine they are
trustworthy?

Also, if they can use any company they choose, how can you validate
the cert? Do you just automatically trust whoever they choose?

Or will you have a list of trusted companies? If so, how do you handle
updates to that list (especially, how do you revoke if something awful
happens at one company?), and what happens if a customer wants to use
a company that is not on your list?

> Appreciate any suggestions.

I don't know how much it will help. but you might look at the docs for
the X.509 patches for the Linux FreeS/WAN IPsec implementation:

http://www.strongsec.com/freeswan/

I don't know if they cover installing purchased certs. Certainly they
cover generating your own.

They use certificate management code from OpenSSL. There might also be
info you could use at openssl.org.

vpnc.org is a VPN vendors consortium. Since many of those products
use certs, they might have a list.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Your monthly sponsorship message here reaches more than
5000 technical writers, providing 2,500,000+ monthly impressions.
Contact Eric (ejray -at- raycomm -dot- com) for details and availability.

Buy RoboHelp Deluxe starting at only $798: you'll get RoboDemo, the hot new
software demonstration tool that's taking the Help authoring world by storm,
together with RoboHelp Office. Learn more at http://www.ehelp.com/techwr-l
---
You are currently subscribed to techwr-l as: archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.



References:
Certificate Authority Services: From: Pegasus Writer

Previous by Author: Jobs in Japan (was Re: Osaka-ben)
Next by Author: Re: User Guide - best practices
Previous by Thread: Certificate Authority Services
Next by Thread: RE: Certificate Authority Services


What this post helpful? Share it with friends and colleagues:


Sponsored Ads