Computer security has been victim of the "year of the..." syndrome. First it was firewalls, then intrusion detection systems, then VPNs, and now certification authorities (CAs) and public-key infrastructure (PKI). "If you only buy X," the sales pitch goes, "then you will be secure." But reality is never that simple, and that is especially true with PKI. Certificates provide an attractive business model. They cost almost nothing to make, and if you can convince someone to buy a certificate each year for $5, that times the population of the Internet is a big yearly income. If you can convince someone to purchase a private CA and pay you a fee for every certificate he issues, you're also in good shape. It's no wonder so many companies are trying to cash in on this potential market. With that much money at stake, it is also no wonder that almost all the literature and lobbying on the subject is produced by PKI vendors. And this literature leaves some pretty basic questions unanswered: What good are certificates anyway? Are they secure? For what? In this essay, we hope to explore some of those questions.
Did you find this white paper useful?
29 out of 50 users found this white paper useful
Related white papers
Reduce the Risk of Costly Data Breaches: Three Pillars of Data Protection
There are numerous regulations that govern the protection of private, personal and confidential data regardless of whether the data resides on a secure mainframe computer, desktop PC or mobile device...
Two-Factor Authentication: A Total Cost of Ownership Viewpoint
Enterprises have traditionally used strong authentication to secure access to corporate resources remotely. Today OTP-based solutions are the most widely deployed by enterprises. In addition to remote access solutions, more and...
Using Public Key Cryptography in Mobile Phones
As mobile networks expand their bandwidth, mobile phones, as with any other Internet device, become substantially exposed to Internet security vulnerabilities. Public key cryptography is a primary concept in implementing wireless device security....
PKI and VPNs: Enabling Security in an Increasingly Networked World
This paper explores PKI technology, building a PKI, the business case for PKI. It also examines VPNs as the killer application for PKI. The IPSec protocol provides many of these...
MiniPASS: Authentication and Digital Signatures in a Constrained Environment
We describe an implementation of the PASS polynomial authentication and signature scheme that is suitable for use in highly constrained environments such as SmartCards and Wireless Applications. The algorithm underlying...
Ruesch International Partners With Baltimore To Provide Secure High Value Transactions
Ruesch International is a leading global financial institution specializing in international B2B payment solutions. The organization provides full-service foreign exchange operations in the USA, the UK, Switzerland, and the Czech...
TechNet Webcast: 24 Hours of Windows Server 2008 (Part 20 of 24): Windows Server 2008 Public Key Infrastructure (Level 200)
The presenter of this webcast covers new functionalities and enhancements for certificate services and Public Key Infrastructure (PKI) in the Windows Server 2008 operating system. The presenter explains how certificate...
