Is PKI ready for prime time?

Public key infrastructure (PKI) comprises all the capabilities you need to manage public keys, private keys and certificates (aka Digital IDs) in the enterprise. One important PKI component is the certificate authority (CA), which issues certificates. Other key PKI elements are tools and procedures for issuing and revoking certificates; procedures for "cross certifying" (establishing trust between different organizations' CAs); methods for key recovery when an employee's private key is lost; and the installation of certificates and private keys in software packages such as Netscape Communicator, Qualcomm Eudora and Microsoft Outlook 98.

However, PKI tools and procedures are still immature. While user interfaces to basic encryption and digital signature functions are reasonably straightforward, the process of obtaining a certificate and installing it in an end user's software is clunky. The administrator's and end user's experience with cross certification and CA interoperability is even worse.

While PKI is too unstable to deploy across every desktop of large enterprises, there are multiple opportunities for pilots and specific beneficial PKI applications (particularly for extranets) that justify initial PKI infrastructure investments. Although all industries can realize significant cycle time improvements through e-mail, some - notably legal, financial, securities and insurance - have a greater need for secure e-mail and more reason to consider PKI plans.

To deploy PKI selectively and cost effectively, such companies should look at solutions such as the Network Associates' or WorldTalk secure e-mail client "plug ins," which work with your existing Microsoft, Lotus, Netscape or Qualcomm e-mail clients. You may find these solutions fit your needs better than those from larger vendors. You should also consider whether your application requires encryption at the desktop or whether encryption from a firewall-based server under a corporate key will do.

Rapport Communication has recently merged with The Burton Group. The Burton Group is a leading information technology advisory and consulting firm. It provides in-depth analysis of emerging network computing technologies such as directory services, next generation messaging, secure messaging, NOS migration, public key infrastructure, and networking infrastructure. As part of its Network Strategy Service for network planners, The Burton Group offers the Catalyst Conference once a year in late July.

Certificates merit a look: Network World, 3/23/98.

Banks test 'Net: Big U.S. banks are teaming up to put digital certificate technology through its paces.

Network vendors push public keys: Network World, 7/18/97.

The PKI Page: Links to everything you need to know about evolving Public Key Infrastructure technology.

Subscribe to this and other free Network World Fusion Focus newsletters