PaulDotCom mailing list archives
Re: Digital Signature with internal CA
From: Herndon Elliott <alabamatoy () gmail com>
Date: Sun, 24 Mar 2013 07:32:03 -0500
The DoD has a very thorough Smartcard solution. For those on the outside, lots of good info is here: http://militarycac.com/ One must have significant infrastructure shared between the parties who will exchange signed/encrypted documents, such as Certificate Revocation List (CRL pronounced "krill") and LDAP. The whole point of shared trust is that the CA should be trusted by both organizations in order to exchange signed/encrypted. An internal CA is by definition not a part of the deal, unless both orgs choose to trust it. This means that in nearly all implementations, the CA would be a third party chosen (and usually paid) to be trusted by both parties. The CA issues the certificates used to produce the keys, both public and private, and maintains the CRL and LDAP services for certificate lookup. The internal CA would be for internal trust, like corporate apps and interoffice commo, VPNs, authethentication etc. DoD can easily exchange signed and encrypted documents (NSA Type3 encryption) internally. There are also good companion solutions which work well with the CAC within Adobe Acrobat, ApproveIT and others. Many web apps now have built-in signature capability. Middleware is required to support the interface between the smartcards and the apps - here is more info: http://www.axway.com/products-solutions/email-identity-security/identity-security/desktop-validator HTH - Apologies if this already has been discussed. Herndon Elliott Madison, Al https://keyserver.pgp.com key ID: 24B60B6150130832 ΜΟΛΩΝ ΛΑΒΕ "molon labe"
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Digital Signature with internal CA marck e. (Mar 22)
- Re: Digital Signature with internal CA - (Mar 22)
- Re: Digital Signature with internal CA Carlos Perez (Mar 22)
- Re: Digital Signature with internal CA marck e. (Mar 23)
- Re: Digital Signature with internal CA Carlos Perez (Mar 22)
- <Possible follow-ups>
- Re: Digital Signature with internal CA Matt Summers (Mar 22)
- Re: Digital Signature with internal CA Matt Summers (Mar 23)
- Re: Digital Signature with internal CA Herndon Elliott (Mar 24)
- Re: Digital Signature with internal CA - (Mar 22)