Educause Security Discussion mailing list archives
Use of SmartCards and PKI Components
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Tue, 11 Apr 2006 17:02:36 -0400
I'd like to hear opinions or experiences regarding the implementation of PKI/SmartCard systems - particularly for IT security applications like user authentication for VPN, websites, applications, S/MIME usage, document signing, etc. I'm working on a project to implement such a system to provide high 'level of assurance' user authentication for a targetted group of users but it would be nice to support the use of the devices more broadly for those users that need the security. I'm finding increasing maturity in PKI/SmartCard application and platform integration. Support is available in many commercial and open source desktop applications - even OpenSSH and Putty login authentication via X.509 cert/key on a SmartCard is available nowadays. I'm not too interested in using PKI components without the SC container - the institutional user ID/password system provides for this level of security. SC and USB components are relatively inexpensive - $30 - $50 range. The CA operation is another design choice - whether to stand up an internal CA or use a commercial provider. I'm investigating OpenCA at the moment which seems to provide a great deal of functionality. Some of the issues to tackle include automated certificate/keypair renewal, whether to use USB or SC form factors, the use of hybrid cards - multiple technologies on a sigle card for physical security and accounting and how long the USB devices can be expected to last. Mike Mike Wiseman Computing and Networking Services University of Toronto
Attachment:
smime.p7s
Description:
Current thread:
- Use of SmartCards and PKI Components Mike Wiseman (Apr 11)
- <Possible follow-ups>
- Re: Use of SmartCards and PKI Components jack suess (Apr 11)
- Re: Use of SmartCards and PKI Components Bill Betlej (Apr 13)