begin quoting [EMAIL PROTECTED] as of Fri, Dec 01, 2006 at 01:11:37PM -0800: > On Fri, Dec 01, 2006 at 12:03:43PM -0800, Stewart Stremler wrote: > > Too bad the infrastructure on the OS / client end of things is so shaky. > > It seems like it takes a lot of work to set up and manage a CA, so that > > the cost of setting up such a thing -- especially a reliable one -- is > > really quite high. > > Oh? In what way? Are you saying even with good open source software on CA and > client end that a good private niche PKI system is still shaky and expensive? > Why?
Do you use a keystore that is used by all of your programs, or do you load your keys/certificates into each program? If the former, how do you control access to which keys for which applications? If the latter, the mechanism isn't standardized, or even obvious, across all the different applications. Soft certificates are often mishandled, and "hard" certificates (e.g., smart cards) require considerably more infrastructure for large organizations. Hm. Apparently becoming a CA isn't that hard: it seems that something called SSLeay has all the programs and scripts you need. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
