Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
/

Whom do you trust? Questions to ask potential PKI vendors

By David Newman
Network World, 12/10/01

Public-key infrastructure can help usher in a new age of secure transactions - or it can be a security nightmare. Before signing on the dotted line with any PKI vendor or service bureau, here are some tough questions to ask vendors vying for your business:

How vulnerable is the certificate authority's signing key?

Is your organization the only signing authority? If not, who else are we trusting to authenticate our certificates?

Does the PKI handle certificate revocation in real time or with static lists?

Can revocation be retroactive? Is the timestamp mechanism secure?

How is the certificate enrollment process protected from fraudulent requests?

What nonrepudiation and repudiation mechanisms are in place?

If the registration authority and certificate authority are separate, how vulnerable is the link between them?

For Secure Sockets Layer-enabled Web transactions, who certifies the security of the server?

How does the PKI ensure certificate holders are unique?

What vulnerabilities exist when integrating PKI with other authentication mechanisms such as single sign-on and Remote Authentication Dial-In User Service?

(Hint: "No," "none," or "not at all" are not good answers for any of the above.)

Back to the main article

RELATED LINKS

Newman is president of Network Test, an independent benchmarking and network design consultancy in Westlake Village, Calif. He can be reached at dnewman@networktest.com.


NW Test Alliance

Global Test Alliance

Newman is also a member of the Network World Global Test Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Test Alliance information, including what it takes to become a member, go to www.nwfusion.com/alliance.

PKI: Build, buy or bust?
Options abound for digital certificates, but so do security concerns and design headaches.

What is PKI anyway?
Any PKI design is only as secure as its weakest component. Therefore, good PKI design requires a thorough understanding of all the components.

PKI, firewalls and VPNs
Although work is underway to develop access control using PKI attribute authorities, firewalls remain the conventional means of access control, while VPNs remain the standard means of ensuring privacy through encryption.

The ABCs of PKI
Decrypting the complex task of setting up a public-key infrastructure.
Network World, 01/17/2000.

Wanted: PKI interoperability
Adoption of digital certificates by organizations for widespread e-commerce use remains clouded for several reasons, including a lack of interoperability among vendors' public-key infrastructure (PKI) offerings.
Network World, 04/16/01.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.