Justin, We are working on a project to make a free PKI that issues certificates for free in two main forms:
* without identity guarantees. It's what we call "entry-level" certificates. Because of this, it can be issued instantly, without the need for manual approval. It's meant for learning and testing purposes. * with identity guarantees based on a trust-scoring system that mimicks the PGP web-of-trust system, where the users assign trust ratings to each other, but over X.509. We implemented it in Perl with OpenSSL. Some of the code was based on OpenCA's, but now we're "becoming independent". When we remove the OpenCA dependencies, we'll be releasing it under the GPL. The project is still in its very early beginnings, but there's a pilot CA in: http://ca.freeicp.org The current version (0.21-alpha) is in Portuguese only, but the internatio- nalized version, with english messages, is already in our CVS; We plan to put it in this address in this until friday. I've also set up a project page in SourceForge, but I'm still preparing things up there. We plan to ship our first release soon. Anyone interested, though, feel free to contact me. I'm also writing a paper about this system, to be published in SSI'2002 (the Brazilian Information Security Simposium). As soon as I get permission from them to release the paper, I'll do it. For Portuguese-speaking folks, most of the ideas are described in our website: www.freeicp.org. Volunteers to help us translate them to English are accepted. --Marco "Kiko" Carnut, CISSP --Tempest Security Technologies > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Wienckowski, Justin > Sent: Tuesday, July 16, 2002 3:04 PM > To: [EMAIL PROTECTED] > Subject: Anyone using OpenSSL for a CA or PKI Deployment? > > > My company is using some Windows software to run a Certificate > Authority to generate certs for corporate employees and > resources. However, this software has proven to be extremely > buggy and support is horrible, so we're looking at alternatives. > > I'd love to re-implement our CA and directory in Unix using > OpenSSL. Anyone know of companies or organizations who may have > already done this? I'm finding very little publicized on the > web, and dropping some names would help immensely. > > Thanks! > > --------------------------------- > Justin Wienckowski > TRW Intranet Team, IS&P > 703.345.6663 > [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
