Firewall Wizards mailing list archives
Re: CA/RA packages for SSL and IPSEC
From: "Paul D. Robertson" <proberts () clark net>
Date: Sat, 21 Aug 1999 21:15:36 -0400 (EDT)
On Fri, 20 Aug 1999, Wozz wrote:
Greetings, I'm curious as to people's experience with the various Certificate Authority packages available. One thing I've noticed is that most of these packages require you to buy a license which includes a certain number of certs, and then you have to pay-per-cert after that number. This strikes me as kind of silly. Does anyone know of any good commercial packages that don't structure their licensing in this way, or a public domain package (not openssl by itself please, need some sort of web interface) which can issue SSL cert's and IPSEC certs and supports CEP for Cisco IPSEC.
In reading the RSA crypto for certificates literature, it seemed to me that the patent issues were clearly waived for using SSL and certificates, but it wasn't clear if they were for creating certificates. I never followed-up enough to ask (should I deploy x.509 certificates this or early next year, I'll have to do that, because I'd rather use open source toolkits.) Building an HTTP interface to any of the command-line packages is fairly simple. The RSA patent issue becomes moot in about 13 months, at which point, US Government not withstanding, there should be a great number more products available. Given the current patent issue, you're possibly seeing an artifact of licensing the RSA code. The terms on the RSA development toolkits aren't the most attractive I've ever seen. Buy the development toolkit, write an application, and still pay per-server licensing. D-H and H-M have already expired, so RSA is as far as I can tell, the last of the significant public key patents to expire (I don't know if El Gamal falls under any, it isn't very widely used as far as I can tell.) If I can hold the tide for another 16-18 months, that's my current plan. I expect that we'll have a much better negotiating position on certificate licensing after next September. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- CA/RA packages for SSL and IPSEC Wozz (Aug 21)
- Re: CA/RA packages for SSL and IPSEC Paul D. Robertson (Aug 22)
- Re: CA/RA packages for SSL and IPSEC Joseph S D Yao (Aug 23)
- <Possible follow-ups>
- Re: CA/RA packages for SSL and IPSEC Vin McLellan (Aug 22)