| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Decommissioning Certification Authorities This paper outlines the process of terminating a certificate authority, this requires planning several physical, logical and human aspects. Security of information and reputation is at risk. The current and future needs of subscribers and other relying parties require consideration. Certification Authorities (CA) based on Public Key Infrastructure (PKI) are in regular use throughout the world. While there are increasing numbers of CA's initiated each month, the time may have come to decommission a "pioneer" CA installed in the early years of commercial PKI, roughly 1995 - 1999. Business, financial, legal or simply technology shelf life may lead to terminating a CA. Terminating a CA is as important an event as its initiation - both require planning physical, logical and human aspects. Security of information and reputation is at risk. The current and future needs of subscribers and other relying parties require consideration.
By Claudia N. Lukas, 04/04/2004
|
|
A vulnerability assessment of roaming soft certificate PKI solutions In the past two or three years most major PKI technology vendors have released products which allow digital certificate holders with "soft certificates" to have their private keys stored at a central server and uploaded when needed to their local machine. This allows users to "roam" from one machine to another without having to manually manage the export and import of their keys onto temporary media like diskettes. Thus users gain much of the portability and usability advantages of hardware key media like smartcards and USB dongles but without the associated cost. This paper highlights the security engineering and deployment considerations by presenting a systematic vulnerability assessment of the common roaming architecture.
By Stephen Wilson, 04/04/2004
|
|
PKI, The What, The Why, and The How The purpose of this paper is to describe what Public Key Architecture (PKI) is, and how it can help organizations and individuals during the enactment of electronic transactions. I want to title this paper as the "PKI, The good, the bad and the ugly" even though it might attract the curious it was a little too off beat to qualify (even with my sense of humor) as a good title. The purpose of this paper is to describe what Public Key Architecture (PKI) is, and how it can help organizations and individuals during the enactment of electronic transactions (The GOOD), detail why governments worldwide have, or are, introducing legislation and guidelines covering information privacy and the operation of PKI facilities. Due to the nationality of the author, Australian regulations are drawn upon throughout this document (The BAD), and to show how with honest definition of business requirements, and careful architectural decisions, a way forward satisfying both the business requirements and the legalities (The UGLY)
By Duncan_Wood, 04/04/2004
|
|
No Single Killer App for PKI This paper covers the well known security functions enabled by PKI, more attention, however is focused on business and technology issues associated with PKI implementations. Talk about Public Key Infrastructure (PKI), the technology behind digital certificates, and opinions start flying. While there have been a number of successful implementations over the past five years, many evaluators still see PKI as a technology poised at the starting gate. As with most research papers on the subject, this one covers the wellknown security functions enabled by PKI. More attention, however, is focused on business and technology issues associated with PKI implementations. Reflecting on five years of PKI project experience, the author will identify technology trends and valuable lessons learned that might help the success of any PKI project. Finally, after evaluating truths about the title statement "No single killer application for PKI" this paper presents the author's perspective on the real benefits of PKI as a technology.
By Cliff Schiller, 04/04/2004
|
|
The Risks Involved With Open and Closed Public Key Infrastructure Over the past couple of decades, on-line communication, especially electronic mail and on-line shopping, has changed the way that people transfer sensitive information to and from each other. As long as these methods of communication will be used, there needs to be a way to keep this information secure. One solution to help us solve this problem is Public Key Infrastructure (PKI). There are two types of PKI models: open and closed. Each one has its advantages, but there is a certain level of risk and liability involved with each model. This paper will provide a basic overview of PKI and its components. It will then discuss the advantages and disadvantages of both the open and closed PKI models. Finally, this paper will present some of the risks and liability issues involved with PKI. In particular, it will discuss the enormous risks behind the open PKI model and why it never flourished in the marketplace.
By Philip Hlavaty, 04/04/2004
|
|
Common issues in PKI implementations This paper is an attempt to go beyond the many conceptual papers published about Public Key Infrastructure (PKI) and look at the actual problems experienced when implementing it. In particular, it looks at issues connected with the design and roll- out of large scale, identity PKIs. The issues chosen and the examples used have been sourced from real-life experience, as well as from public records of two current large-scale implementations of Identity cards incorporating PKI: The Common Access Card currently being rolled out to United States Department of Defense staff and the Estonian ID card.
By Angela Keith, 03/24/2004
|
|
Page: 1 2 |
