Date: Mon, 7 Jul 1997 12:57:20 -0400 (EDT) From: Robert N Watson <rnw@andrew.cmu.edu> To: Jim Binkley <jrb@cs.pdx.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: apology and question re certificate servers Message-ID: <Pine.SUN.3.93l.970707125110.13617B-100000@apriori.cc.cmu.edu> In-Reply-To: <199707011702.KAA07768@sirius.cs.pdx.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Jul 1997, Jim Binkley wrote: > > I hate it when I try and send personal mail and send it to > a mailing list... Sigh. Sorry ... shoot too quick and the foot hurts. > > but on the other hand, a question for anyone on the mailing list. > > Has anybody tried to setup any kind of certificate server > on any kind of system? With what results? > I'm not even sure what is available to play with at this point; > e.g., that might cost money or be free. > > 1. netscape server + certificate server I presume to do ssl > 3.0 stuff with netscape clients. > 2. dns sec stuff somewhere? > 3. ssleay? A free reference DNSsec implementation is available from Trusted Information Systems (TIS) at: http://www.tis.com/docs/research/network/dns.html It is based on BIND 4.9.5, although we currently have a BIND8 DNSsec implementation in the workings. Information on getting/configuring/etc DNSsec is all on that page. You'll need to get a copy of RSARef (free but export-restricted.) Instructions are all there. Since DNSsec is still under development (NXT records, dynamic DNS interaction, etc, are still underway, as is a clarify document, I believe.) With regards to other stuff -- haven't tried SSL/TLS in any of its forms, server-side. I noticed the other day that MIT now has their own certificate service (was grabbing some IETF Security Directorate stuff, and had to install a certificate in my browser before I could view the pages.) Seemed a little unusual -- I guess they are not interested in Verisign's offerings? Robert Watson (rwatson@tis.com for Trusted Information Systems related mail)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.93l.970707125110.13617B-100000>