Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
iPhone 5 rumor rollup for the week ending Feb. 10
Forget Public Cloud or Private Cloud, It's All About Hyper-Hybrid
Apple passes HP as largest tech company
How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
Much of Western U.S. is a 3G wasteland, says FCC
How the Phoenix Suns basketball team takes on social media attacks
Microsoft details Windows 8 for ARM devices
Resume Makeover: How an Information Security Professional Can Target CSO Jobs
Blogger exposes major Google Wallet security flaw
Web app lets enterprise set security, sharing for Google Apps users
Cloudscaling to offer OpenStack private cloud platform
Macs take on the enterprise
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
/

Network vendors push public keys

By Bob Brown
Network World, 7/18/97

San Francisco - Network product vendors are rallying around public key technology as the way to ensure secure electronic messaging and electronic commerce transactions, but experts here last week said plenty of obstacles still stand in the way of this technology becoming ubiquitous across corporate networks.

Incompatible public key infrastructure (PKI) offerings from different vendors, the challenge of managing PKI systems and differences in countries' encryption rules were the top concerns raised by attendees of The Burton Group's Catalyst conference here this week.

PKI refers to a set of security services for authentication, encryption and digital certificate management under which documents are encrypted with a private key and decrypted using a publicly available key accessible to the recipient via a network. PKI differs from private key technology, like Kerberos, in which a single key that is shared by the sender and receiver is used to encrypt and decrypt a message or document

Customers such as Brian Plackis think PKI sounds good in theory, but he is worried about the reality distributing keys to 45,000 end users overnight. "How do we get past that?" asked Plackis, a senior manager at MCI Communications Corp. and a member of the Network Applications Consortium (NAC), a large organization of corporate customers.

Not only is distributing the keys a problem, but so is renewing, deleting and backing them up.

Another concern is that once keys are generated and distributed, end users may not be capable of or interested in using the keys, Plackis said.

In order for PKI to blossom, products supporting it must also support emerging standards such as S/MIME and the Lightweight Directory Access Protocol, said James Brentano, director of systems engineering for Intraware. Brentano was speaking on behalf of the NAC.

Vendors representatives from Lotus Development Corp., Microsoft Corp., Netscape Communications Corp. and others acknowledged that PKI has barriers to overcome and is still at least a couple of years away from hitting its stride. But they also said products addressing management and other issues will be rolling out in the months ahead and that vendors are working together in groups such as the IETF to forge PKI standards.

Interoperability testing of PKI products would go a long way toward building customer confidence in the security technology, said Paul Van Oorschot, chief security architect for Entrust Technologies, which sells a variety of PKI products. Entrust and the federal government are among the organizations thinking of heading up such tests, he said.

Charlie Kaufman, Lotus Notes security architect for Iris Associates, said he would support such tests and that Lotus is committed to evolving its Notes/Domino groupware to adhere to emerging PKI standards. Notes has been shipping with proprietary PKI technology in it for years, but that's only because there hasn't been a standard, he said. Lotus recently struck a deal with Entrust to let customers plug Entrust's PKI technology into Notes, Kaufman added.

None of the vendors had a specific answer for customers wondering how to roll out PKI systems without any pain.

"You might need to pay the price at the start," Van Oorschot told customers. But he urged vendors to deliver products that ensure PKI management is automated once the system is in place.

As for customers, Van Oorschot advised them not to "keep adding security to each application... Think infrastructure first. You'll be better off."

Despite the support for PKI sounded at the conference, Microsoft Security Architect Barbara Fox emphasized that PKI will co-exist with private key technology.

RELATED LINKS

Contact News Director Bob Brown

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.