[14933] in cryptography@c2.net mail archive
Re: PKI root signing ceremony, etc.
daemon@ATHENA.MIT.EDU (Rich Salz)
Sun Dec 14 18:07:35 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 14 Dec 2003 11:14:19 -0500 (EST)
From: Rich Salz <rsalz@datapower.com>
To: Dave Howe <DaveHowe@gmx.co.uk>
Cc: "Email List: Cryptography" <cryptography@metzdowd.com>
In-Reply-To: <020501c3c253$772da4e0$01c8a8c0@broadbander>
> These days there is a very nice oss/free gui tool which makes the whole
> process a whole lot easier - check out:
> http://sourceforge.net/projects/xca
It's nice to have a GUI, but seeing phrases like
For building the chains the CA flag is disregarded ...
doesn't make me feel very comfortable. Also, there's no discussion of key
management, auditing, etc. XCA is probably useful, but as a Level 1 CA,
not an enterprise root or management thereof. Those are the points I
tried to address in the column.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
