Tim
ArgusConnect have implemented BouncyCastle into version 4.3 of Argus
which is due for release in a few months. Our decision to do this was
largely driven by the fact that we were experiencing some bugs with the
HeSA API that were not getting addressed, and we decided that taking
more control of these issues was a wise move.
Syan's work was valuable as a proof of approach and he readily admitted
that it was not 'industrial strength' and we have valued his work as
input to our work.
We had stuck with HeSA because for quite a while they showed a readiness
to address most of our issues and we had agreement on important issues
like moving to curtomer-generated keys, online registration with CA and
easy deployment of encryption keys for locations. We have been keen not
to exacerbate the 'multiple rail gauge' issue by moving away from HeSA
PKI and we have persisted and tried to overcome the inhibitors.
In the light of current events, our technical team is now investigating
the implications of using alternative PKI mechanisms which include GPG etc.
We wont make a decision until we have as many facts on the table as
possible, (especially regarding the impact on our current infrastucture,
client-base and procedures) however the issue could become quite urgent,
so we wont be dragging the chain.
regards
Ross Davey
-------------------------------
Ross Davey
CEO
ArgusConnect Pty Ltd
Ph: 03 5335 2220
Mob: 0417 548608
Web: www.argusconnect.com.au
-------------------------------
Tim Churches wrote:
Tim Churches wrote:
Syan Tan spent a single-handed weekend about a year or so ago ripping
out the HeSA PKI libraries from the open source version of ArgusConnect
and replacing them with BouncyCastle, which is a set of excellent,
mature, free and open source X.509 PKI libraries 9see
http://www.bouncycastle.org/ ). The result was a version of ArgusConnect
which would work with any X.509 compliant PKI provider (including ones
set up with free tools like OpenCA - see
http://www.openca.org/projects/openca/ ).
Andrew Shrosbree was, as I recall, rather snooty about Syan's work,
arguing that it must be a horribly quick hack. That may or may not be
the case, but either way, if Syan can do it in a weekend then surely a
couple of the ArgusConnect software engineers can do the same, to
Andrew's exacting standards, in a few weeks?
At this stage, I would opine that the medium-to-long-term future of
ArgusConnect depends on such a conversion to allow the use of generic
X.509 PKIs rather than the flawed-from-the-outset and now doomed HeSA PKI.
I am told that a forthcoming announcement by Ross Davey will reveal the
above to be somewhat of an inadvertant Dorothy Dixer.
Tim C
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
