Sophie

Sophie

distrib > Mandriva > 2010.1 > x86_64 > by-pkgid > 965e33040dd61030a94f0eb89877aee8 > files > 5466

howto-html-en-20080722-2mdv2010.1.noarch.rpm

<HTML
><HEAD
><TITLE
>Current PKIs</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SSL Certificates HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Global PKI"
HREF="c398.html"><LINK
REL="PREVIOUS"
TITLE="Global PKI"
HREF="c398.html"><LINK
REL="NEXT"
TITLE="The need for a Global PKI"
HREF="x405.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SSL Certificates HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="c398.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 4. Global PKI</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x405.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN400">4.1. Current PKIs</H1
><P
>At the moment you have the choice between a commercial PKI or your own PKI. The commercial PKI were created at the beginning to enable secure commerce over the Internet, basically securing HTTP. The pricing of certificates was calculated on a per host basis. The cost is more expensive than for a domain name because of the costs to identify the owner of the certificate (tracability), but also as a percentage into your e-commerce profits. Unfortunately this vision of a host basis has some major limitations. It is still acceptable to have a certificate to secure POP, IMAP, and other protocols, but when you need a certificate for each e-mail box on your network, costs start to skyrocket as well as the administrative burden to register all these certificates to the Certificate Authority and that every year. This problems exists too if you want to use certificates to authenticate clients in client/server applications (Web server, IPsec,..)</P
><P
>Why not have a certificate that can sign other certificates? At the moment the only option is to build your own Certificate Authority as described in this document. This allows flexible management of certificates but is limited to the people in your organisation, because people outside your organisation will have to load your root CA certificate to allow smooth operations.</P
><P
>The solution an unique PKI managed by a central authority in a similar format as DNS is managed. This is called a Global PKI.</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="c398.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x405.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Global PKI</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="c398.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>The need for a Global PKI</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional