Latest news
When did you start working with PKI?
I started working with PKI at the very beginning of this field. The people at Entrust (which was a spin-out of the Secure Networks group at Nortel) were largely responsible for defining PKI and introducing it to the rest of the world. More than just issuing certificates (which a lot of other people were experimenting with), we emphasized the full life cycle management of certificates (i.e., understanding what needs to be done with them at every stage in their life) as well as the integration of PKI into applications and processes. Concepts like two key pairs per user, key histories, key backup & recovery, and efficient alternatives to traditional CRLs were all pioneered and fleshed out (and implemented in product!) at Nortel Secure Networks and Entrust long before many others had even heard of them. Now, of course, these concepts are standard and well accepted by the industry.
How long did it take you to write "Understanding PKI: Concepts, Standards, and Deployment Considerations 2/e"? Any major difficulties?
The second edition took about 8-10 months to write. The main difficulty (as with the first edition in 1999) was to make sure we included the latest information on each topic (the world -- especially in standards -- is a rapidly-changing place), without including too many details that would quickly become out of date or obsolete. The other difficulty was in trying to strike the proper balance between an introduction to the topic and an implementer's guide. Often we were tempted to go into more detail on some topic but felt we had to hold back because that would have been the wrong level for the intended audience.
In your opinion, what are the pros and cons of PKI with proprietary software and open PKI systems that allow companies to become their own CA?
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
