Re: Implementing a Public Key Infrastructure

[Dick Jacobson <Dick.Jacobson () NDSU NODAK EDU>]

On Wed, 15 Feb 2006, jack suess wrote:

I hate to ask but .... the comment below about "financial institutions"
and "two-factor authentication".  Are Higher Ed institutions considered
"financial institutions" for purposes of this mandate ?

> Internet2 has a number of PKI activities in place. Look at
> middleware.internet2.edu. Jim jokl of U.Va is heading up the higher
> ed PKI group (HEPKI). I2 is trying to help with some of the issues
> related to CREN closing and higher ed PKI.
>
> Also Educause has a program where you can get discounts on trusted
> PKI certs from different vendors, if you go through a 3rd party this
> will save $$. Steve worona <sworona () educause edu> is the point of
> contact at educause for this.
>
> Finally, last week I was at the net@edu conference. Both Jim and Nick
> Davis presented at a session there on their respective PKI role out.
> There slides may be up under the net@edu conference.
>
> It was a very interesting discussion between U.VA, which has
> developed their own CA, and U.Wisc that went through a 3rd party,
> geotrust, for their implementation.
>
> What struck me in this discussion was the importance of understanding
> what you want to accomplish with PKI and making sure it fits your plans.
>
> On face value it appears more costly to go with a commercial CA but
> if you are only going to roll out certs to a small subset of your
> population then the costs may be quite comparable. Wisconsin showed
> that for its initial rollout of a few thousand certs it would have
> cost more to do this internally than to outsource it when you add in
> the cost of purchasing the CA and staffing. In addition, if key
> escrow is critical to your plans you should build that in and that
> may point to a commercial provider.
>
> On the other hand, UVA, VT, and MIT and others have all have done
> their own CA and found some use out of it. Again, the question is
> what your target application is and how broad the deployment will be.
>
> Finally, something that has not been mentioned often that you should
> keep in the back of your mind. Starting in January 2007, the SEC has
> mandated financial institutions doing online business with customers
> MUST have two-factor authentication in place. People are still not
> sure what that will mean in terms of specific implementation but it
> is clear you will see a surge in alternate authentication schemes
> coming out late this year by different financial institutions.
>
>
> jack suess
>
> On Feb 14, 2006, at 11:58 AM, Ricardo Lafosse wrote:
>
> > I have recently invested an ample amount of time in researching how
> > to implement a Public Key Infrastructure.  I am interested in
> > knowing if anyone has had prior experience employing this practice
> > and what difficulties were encountered?
> >
> >
> >
> > Thanks
> >
> >
> >
> >
> >
> > Ricardo Lafosse
> >
> > Systems Administrator
> >
> > Enterprise Computing Services
> >
> > Florida Atlantic University
> >
> > rlafosse () fau edu


----------------------------------------------------------------------- 
Dick Jacobson                   e-mail : Dick.Jacobson () ndus NoDak edu
ND HECN MultiUser Host SysAd    office : IACC 206, NDSU
NDUS IT Security Officer        phone  : 701-231-7385
-----------------------------------------------------------------------