Enabling Secure Business Operations
« Don’t forget to secure your gaming consoles
RFID-enabled Credit Cards… »

Red Hat Certificate System now open source

Project Dogtag, the Red Hat Certificate System which was born from the Netscape Certificate Server (acquired from AOL), has been released as open source under a number of licenses.

A customized version of Dogtag is the certification authority system which manages the entire U.S. Department of Defense CAC card system. I believe I heard once before that they issue on the order of 50,000 CAC cards a day. It is a real system with real users, and real good performance.

This could be a tremendous event in the PKI industry. By open-sourcing Dogtag, lesser-known open efforts such as OpenCA will probably be pushed out. Microsoft’s PKI Services are available free with a Server operating system license, which is countered by Dogtag’s completely open sourced and free solution for both operating system and certification authority. How do expensive certification authority software products such as Entrust and UniCERT plan to compete now?

This entry was posted on Wednesday, March 19th, 2008 at 6:22 pm by Peter Hesse and is filed under software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Red Hat Certificate System now open source”

  1. Scott Shorter Says:
    March 20th, 2008 at 3:01 pm

    I’m curious how long it will be until it shows up as a debian package.

    Open source of course doesn’t mean secure or easy to use, it just increases the avenues for scrutiny of the software. I’ve seen plenty of open source projects where you need to spend a long time learning the system because of the poor documentation – that lack of documentation will be an impediment to any effort to obtain assurance in the security of the system.

    OpenSSL is a fine example of open source software for which vulnerabilities continue to be found and fixed. The Bleichenbacher vulnerability (http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/) is not something that any amount of testing would have uncovered, until the nature of the exploit was known.

    Finally, several years ago when NSS was opened up I remember talking to our friend TP about it – I asked if his agency or the DoD were likely to object, celebrate, or even notice the fact that the server was opened up – the best guess was “not even notice”. It’s been almost a decade since then, I wonder if agencies pay any more attention to such questions now.

Leave a Reply

Contact

Recent Posts

Archives

Categories

© Gemini Security Solutions, Inc. 2008. All Rights Reserved.       Privacy Policy