|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: PKI for medium scale network operations
Most people figured out I was not looking for a "public" CA solution. There is very little reason why internal certificates need to be recognized world-wide, or by anything outside of the internal organization. Also I didn't say it, but I'm not looking to identify natural people. Instead of using community names for SNMP or shared secrets for VPN, an alternative for a network operator is some form of public/private keys. 1. Cisco IOS CA server (http://www.cisco.com/) 2. Microsoft CA software (http://www.microsoft.com/) 3. roCA, based on TinyCA (http://www.intrusion-lab.net/roca/) 4. CATool (http://www.open.com.au/) The Cisco IOS CA and Microsoft CA have the advantage of being integrated with a lot of each vendor's products. Once set up, both try to simplfy on-going maintenance as long as you use their products. roCA and CATool are stand-alone. Several people pointed out certificates don't fix the compromised device problem. Public/private key pairs are only as secure as the private key. The length of the key doesn't matter if you can get a copy of the private key.
|