North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: PKI for medium scale network operations
- From: Sean Donelan
- Date: Sat Mar 26 02:20:49 2005
Most people figured out I was not looking for a "public" CA solution.
There is very little reason why internal certificates need to be
recognized world-wide, or by anything outside of the internal
organization. Also I didn't say it, but I'm not looking to identify
natural people.
Instead of using community names for SNMP or shared secrets for VPN,
an alternative for a network operator is some form of public/private
keys.
1. Cisco IOS CA server (http://www.cisco.com/)
2. Microsoft CA software (http://www.microsoft.com/)
3. roCA, based on TinyCA (http://www.intrusion-lab.net/roca/)
4. CATool (http://www.open.com.au/)
The Cisco IOS CA and Microsoft CA have the advantage of being
integrated with a lot of each vendor's products. Once set up,
both try to simplfy on-going maintenance as long as you use
their products. roCA and CATool are stand-alone.
Several people pointed out certificates don't fix the compromised
device problem. Public/private key pairs are only as secure as the
private key. The length of the key doesn't matter if you can get
a copy of the private key.
|
