On 11/30/2011 06:44 PM, Adam Back wrote:
Are there really any CAs which issue sub-CA for "deep packet
inspection" aka doing MitM and issue certs on the fly for everything
going through them: gmail, hotmail, online banking etc.
http://www.prnewswire.com/news-releases/geotrust-launches-georoot-allows-organizations-with-their-own-certificate-authority-ca-to-chain-to-geotrusts-ubiquitous-public-root-54048807.html
GeoTrust Launches GeoRoot; Allows Organizations with Their Own
Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public
Root> GeoTrust Launches GeoRoot; Allows Organizations with Their Own
Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public
Root
Economical Solution Complements Capabilities of Internal CAs, such as
the Microsoft Certificate Authority, Allowing Public Recognition of
SSL and Client Certificates
SAN FRANCISCO, RSA CONFERENCE, Feb. 14 /PRNewswire/ -- GeoTrust,
Inc., a leader in identity verification solutions for e-business and
the world's second largest issuer of SSL (secure sockets layer)
certificates for web security, today announced the availability of
GeoRoot(TM), an enterprise solution that allows organizations to
chain their internally issued digital certificates to GeoTrust's
publicly recognized roots. GeoRoot allows organizations with their
own Public Key Infrastructure (PKI) to extend the use of SSL server
and client certificates by leveraging a highly ubiquitous GeoTrust
root, supported by over 99% of browsers. "Today, many large
organizations utilize Microsoft's free Certificate Authority to
create digital certificates for securing their servers, email and
employee remote access," stated Neal Creighton, CEO of GeoTrust.
"However, these 'self-signed' certificates are only recognized within
the issuing organization or other allied organizations that have
chosen to share trust. By chaining to our widely supported public
root, these organizations can easily enable trusted e-business
transactions outside of their organizations." "Server-based digital
certificates for SSL have become increasingly important to
organizations because they provide enhanced security," stated Vic
Wheatman, Managing Vice President, Gartner, Inc. "However, we
recognize that some organizations need to extend acceptance of their
own certificates beyond their enterprise. By chaining their
certificates to a widely recognized root, organizations can elevate
trust levels and SSL functionality while using their own internal PKI
system." GeoRoot is designed to complement the existing capabilities
of an in-house Certificate Authority, allowing organizations to
maintain full control over Registration Authority (RA) functions for
the issuance of SSL server certificates and client certificates
(x.509). By chaining to GeoTrust's public root, certificates gain
compatibility with virtually all browsers and digital certificate and
public key security applications, including commerce sites, intranet,
extranet, S/MIME and VPN hardware and clients. This ubiquitous
recognition allows certificates, whether for electronic documents,
secure email or other transactions, to be trusted globally.
Certificate lifecycle management is a key feature of GeoRoot,
allowing organizations to easily issue, renew and revoke
certificates. Other functions, such as authenticating individuals,
deploying and managing SSL server certificates and client
certificates, as well as managing the distribution of public keys to
appropriate parties, are all handled by the organization. GeoRoot
also allows an enterprise to maintain its own brand identity when
issuing certificates, an attractive feature for certain applications
such as email certificates. In addition to GeoRoot, GeoTrust offers
a full line of digital certificates for identity verification,
including client certificates for secure access, SSL certificates for
e-commerce and web services security, code signing certificates for
software developers and the recently announced certified signing
solution for Adobe(R) Acrobat(R). Its customers include the world's
largest hosting companies, Global 1000 companies, educational
institutions and government agencies worldwide.
Pricing and Availability GeoRoot is available today in several
configurations, with annual licenses to meet the needs of low volume
to high volume users. GeoRoot is only available for internal use,
and organizations must meet certain eligibility requirements,
including financial net worth, insurance minimums, policy,
implementation and compliance guidelines, and hardware security
specifications. Complete details are available from GeoTrust sales
at 866-511- 4141 or sa...@geotrust.com.
About GeoTrust, Inc. GeoTrust is a leader in identity verification
and trust services for e- business. Its products include web security
services for secure e-commerce transactions, identity verification
services for secure access, digital signing and consumer
verification, managed security services and TrustWatch, a free
toolbar and search site that helps consumers recognize whether a site
has been verified and is safe for the exchange of confidential
information (http://www.trustwatch.com). With more than 80,000
companies in over 150 countries using its technology for online
security, GeoTrust has rapidly become the second largest digital
certificate provider in the world. Visit http://www.geotrust.com or
call 781-292-4100 for more information GeoTrust is a registered
trademark and GeoRoot is a trademark of GeoTrust, Inc. All other
product names are trademarks or registered trademarks of their
respective owners.
Media Contacts: Joan Lockhart Bill Keeler or
Jennifer Roedel GeoTrust, Inc. Schwartz
Communications 781-292-4153 781-684-0770
jo...@geotrust.com geotr...@schwartz-pr.com
SOURCE GeoTrust, Inc.
The existence of this product has been largely removed from GeoTrust's
English-language site (Moxie pointed it out at BlackHat) It's still
being promoted in other languages, however.
http://www.google.com/search?q="georoot"+site%3Ageotrust.com
About 212 results
1. GeoRoot – Nehmen Sie Ihre Zertifizierung selbst in die Hand, SSL
... Durch GeoTrust® GeoRoot erhalten Unternehmen vollständige
Kontrolle über Registrierungsstellenfunktionen bei der Ausstellung
von SSL-Serverzertifikaten ...
www.geotrust.com/de/enterprise.../georo... - Cached - Similar 2.
GeoRoot – Conviértase en Autoridad de certificación, certificados
... Más información sobre GeoRoot, producto Enterprise SSL que
permite a su empresa convertirse en su propia autoridad de
certificación - un modo económico ...
www.geotrust.com/es/enterprise-ssl.../georoot... - Cached - Similar
3. GeoRoot – Devenez une autorité de certification, certificats SSL
... Pour en savoir plus sur GeoRoot, le produit Enterprise SSL qui
permet à votre entreprise de devenir sa propre autorité de
certification. Il s'agit là d'un moyen ...
www.geotrust.com/fr/enterprise-ssl.../georo... - Cached - Similar 4.
SSL Certificates, Document Security, Enterprise SSL from a Leading
... SSL for the Enterprise · Enterprise SSL Save time and money on
volume SSL purchases. GeoRoot Become Your Own Certificate Authority.
... www.geotrust.com/products/index.html?pageid=10220000000 -
Similar 5. Email GeoTrust Customer Support - GeoTrust ... Certified
Document Solutions, Code Signing, My Credential, Microsoft Windows
Marketplace Developers, High Volume Solutions (Enterprise), GeoRoot
... www.geotrust.com/about/contact/support-form/ - Cached - Similar
6. SSL Certificates from a Leading SSL Certificate Authority -
GeoTrust Signing Products · Certified Document Solutions · Code
Signing · My Credential/ EPM Credential · SSL for the Enterprise ·
Enterprise SSL · GeoRoot · Solutions ... smarticon.geotrust.com/ -
Cached - Similar 7. What Out for Phishing Scam on Tumblr | GeoTrust
Blog Jun 29, 2011... Quick SSL Premium Certificates, and VeriSign
Certified Document Solutions, My Credential Certificates, Enterprise
SSL, and GeoRoot.
blogs.geotrust.com/2011/06/what-out-for-phishing-scam-on-tumblr/ -
Cached - Similar 8. May the 4th be with you! | GeoTrust Blog May 4,
2011... Quick SSL Premium Certificates, and VeriSign Certified
Document Solutions, My Credential Certificates, Enterprise SSL, and
GeoRoot. blogs.geotrust.com/2011/05/may-the-4th-be-with-you/ - Cached
- Similar 9. January | 2011 | GeoTrust Blog Jan 28, 2011... Quick SSL
Premium Certificates, and VeriSign Certified Document Solutions, My
Credential Certificates, Enterprise SSL, and GeoRoot.
blogs.geotrust.com/2011/01/ - Cached - Similar 10. Fraud | GeoTrust
Blog Mar 12, 2011... Quick SSL Premium Certificates, and VeriSign
Certified Document Solutions, My Credential Certificates, Enterprise
SSL, and GeoRoot. blogs.geotrust.com/category/fraud/ - Cached -
Similar
Sponsored Links
1. GeoTrust SSL Certificates Affordable SSL immediately issued
trusted by 99% of browsers. Buy SSL Certificates - 30-Day Free SSL
Certificate Trial - Compare SSL Certificates www.geotrust.com
http://translate.google.com/translate?hl=en&ie=UTF8&prev=_t&sl=auto&tl=en&u=http://www.geotrust.com/fr/enterprise-ssl-certificates/georoot/
> Become your own Certificate Authority
GeoTrust® GeoRoot permet aux entreprises de garder une maîtrise
totale des fonctions de l'autorité d'enregistrement (AE) pour
l'émission de certificats SSL serveur et de certificats client
(x.509). GeoTrust ® GeoRoot allows companies to keep total control
functions of the Registration Authority (RA) to issue SSL
certificates server and client certificates (x.509). Avec des
certificats privés, les organisations renforcent leur réputation en
termes de transactions sécurisées et fiables. Certificates with
private organizations to strengthen their reputation for secure
transactions and reliable. Des forfaits annuels fixes bon marché et
des licences rentables facilitent l'optimisation des budgets
informatiques et abaissent le coût total de possession. Fixed annual
packages cheap and easy licensing cost optimization of IT budgets and
lower the total cost of ownership.
Contactez le service commercial ou appelez le +44 203 0240907.
Contact sales or call +44 203 0240907. Reconnaissance globale des
certificats auto-signés Global recognition of self-signed
certificates
Les certificats GeoTrust sont reconnus par 99 % des navigateurs Web
et par la plupart des appareils mobiles populaires. GeoTrust
certificates are recognized by 99% of Web browsers and most popular
mobile devices. Ils sont compatibles avec la majorité des certificats
numériques et applications de sécurité à clé publique. They are
compatible with most digital certificates and security applications
to public key. La reconnaissance universelle des certificats signés
GeoRoot permet aux entreprises de s'assurer que les certificats
numériques liés à la racine GeoTrust sont dignes de confiance dans le
monde entier. The universal recognition of certificates signed
GeoRoot allows companies to ensure that digital certificates
associated with the GeoTrust root are trusted worldwide. Gestion et
contrôle du cycle de vie des certificats Management and control of
the life cycle of certificates
Les entreprises utilisent GeoRoot pour leurs applications internes
personnalisées et pour un échange en toute sécurité des données entre
les différents partenaires. Companies use GeoRoot for their internal
applications and customized for a secure exchange of data between the
different partners. L'entreprise conserve une maîtrise totale sur
l'authentification des individus, le déploiement et la gestion des
certificats SSL serveur et client ainsi que la gestion de la
distribution des clés publiques aux parties concernées, en offrant
une souplesse maximale pour sécuriser les applications
professionnelles à l'échelle de l'entreprise. The company maintains
complete control over the authentication of individuals, deploying
and managing SSL server and client and the management of public key
distribution to interested parties, offering maximum flexibility for
secure business applications across the enterprise. Intégration
transparente Seamless integration
GeoRoot fonctionne en toute transparence avec Microsoft Active
Directory et Certificate Server pour l'authentification et l'émission
de certificats signés GeoTrust. GeoRoot works seamlessly with
Microsoft Active Directory and Certificate Server for authentication
and issuing certificates signed by GeoTrust. Dans la plupart des cas,
une fois un certificat généré par MS Certificate Server et signé dans
GeoRoot, les informations sur ce certificat sont acheminées
automatiquement dans Active Directory. In most cases, once a
certificate generated by MS Certificate Server and signed in GeoRoot,
information on the certificate are sent automatically to Active
Directory. Critères d'admissibilité GeoRoot Eligibility GeoRoot
Pour acheter GeoRoot, vous devez satisfaire au moins aux critères
suivants : GeoRoot to buy, you must meet at least the following
criteria:
* Valeur nette de 5 M de $ minimum Net worth of $ 5 million minimum *
5 M de $ minimum pour la garantie Erreurs et omissions Minimum of $ 5
million guarantee for Errors and Omissions * Statuts (ou équivalent)
et attestation de fonction fournis Statutes (or equivalent) and
attestation function provided * Déclaration de pratique de certificat
écrite et à jour Certificate Practice Statement as written and
updated * Appareil conforme à FIPS 140-2 de niveau 2 (GeoTrust a
établi un partenariat avec SafeNet, Inc.) pour la génération et le
stockage de vos clés de certificats racine Apparatus in accordance
with FIPS 140-2 Level 2 (GeoTrust has partnered with SafeNet, Inc.).
For generating and storing keys Root Certificates * Produit AC agréé
de Baltimore/Betrusted, Entrust, Microsoft, Netscape ou RSA Product
AC approved the Baltimore / Betrusted, Entrust, Microsoft, Netscape
or RSA
Instructions client GeoRoot Instructions customer GeoRoot
* GeoTrust doit analyser et approuver les profils de certificat pour
les certificats racine et d'entité finale de l'organisation avant de
pouvoir émettre les certificats. GeoTrust must review and approve the
certificate profiles for root certificates and end entity of the
organization before they can issue certificates. * Les organisations
doivent tenir à jour une liste Certificate Revocation List (CRL) pour
tous les certificats émis de l'entreprise. Organizations must
maintain a list Certificate Revocation List (CRL) for all
certificates issued by the company. * GeoTrust peut demander une
déclaration de conformité ou réaliser un audit. GeoTrust may request
a statement of compliance or an audit.
Instructions pour les certificats SSL serveur GeoRoot Instructions
for SSL server certificates GeoRoot
* Les certificats SSL peuvent être émis pour une ou plusieurs années
SSL certificates can be issued for one or more years * Tous les
domaines doivent être détenus par le client de l'entreprise All
fields must be held by the client company * Les certificats peuvent
être installés sur autant de serveurs que nécessaire Certificates can
be installed on as many servers as needed * Les certificats SSL
doivent inclure le groupe standard d'extensions X.509 SSL
certificates must include the standard set of X.509 extensions
Instructions pour les certificats client GeoRoot Instructions for
client certificates GeoRoot
* Les certificats client peuvent être émis pour une ou plusieurs
années Client certificates can be issued for one or more years * Les
organisations peuvent émettre des certificats uniquement aux employés
et aux domaines qu'elles contrôlent Organizations can issue
certificates only to employees and areas under their control * Les
entreprises ne peuvent pas revendre ni livrer à des utilisateurs non
affiliés Companies can not sell or deliver to users not affiliated *
Les certificats doivent inclure le groupe standard d'extensions X.509
Certificates must include the group standard X.509 extensions
Module de sécurité matériel SafeNet Luna SafeNet hardware security
module Luna
Les produits SafeNet Luna® permettent une véritable gestion des clés
matérielles afin de préserver l'intégrité des clés de cryptage.
SafeNet Luna ® products provide a true hardware key management to
preserve the integrity of encryption keys. Les clés sensibles sont
créées, stockées et utilisées exclusivement au sein des fonctions
sécurisées du module de sécurité matériel Luna pour éviter tout
compromis. Sensitive keys are created, stored and used exclusively
within the security features of the Luna hardware security module to
prevent compromise. Les produits SafeNet Luna ont été intégrés aux
solutions GeoTrust et répondent en tous points aux exigences GeoRoot
pour un appareil conforme à FIPS 140-2 de niveau 2. SafeNet Luna
products have been integrated with GeoTrust solutions and meet all of
the requirements for a GeoRoot apparatus according to FIPS 140-2
Level 2.
http://www.geotrust.com/fr/products/
Produits
* Certificats SSL
* Produits de signature
* SSL pour l'entreprise
Accueil > Produits
Produits
Plus de 100 000 clients dans plus de 150 pays font confiance à GeoTrust pour
sécuriser les transactions en ligne et faire des affaires sur Internet.
SSL CertificatesComparer tous
* True BusinessID with EV Dynamisez les transactions en ligne grâce à la
barre d'adresse verte.
Extended Validation SSL
* True BusinessID Protection fiable chez soi, au travail ou en déplacement.
* QuickSSL® Premium Sécurisez votre site pour les navigateurs de bureau et
les navigateurs de téléphone portable..
* True BusinessID Multi-Domain Sécurisez jusqu'à 25 domaines sur un seul
serveur.
* True BusinessID Wildcard Sécuriser un nombre illimité de sous-domaines
avec un seul certificat.
Signing Products
* VeriSign® Certified Document Solutions
* Code Signing
* My Credential Signer et crypter numériquement le courrier électronique.
SSL for the Enterprise
* Enterprise SSL Épargner du temps et de l'argent avec des achats SSL en
gros.
* GeoRoot Devenez votre propre autorité de certification.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
