Intro
Open CA Projects
Certificate Authority Services
from Mark Franklin 5 Aug 2003
HECA is the interim name for the Higher Education Certificate Authority.
They are picking a new name, one of which is USHER (US Higher Ed Root).
2) The InCommon CA "is used to directly issue server certs to InCommon
servers". It appears to be dedicated to Shibboleth infrastructure.
see also http://middleware.internet2.edu/hepki-tag/usher-common/in-common-root-2.html
from Stephen Cochran 4 Aug 2003
link returns a broken page
blackhelicopter.org
appears to be defunct; no CA info at web site.
Open Source CAs
pyCA
(from Jeff Schiller)
http://packages.debian.org/unstable/net/pyca.html a debian release of a python CA
http://www.pyca.de/
From the web site "Unfortunately I do not have the time at the moment to spend more time on developing this project. I will apply bug fixes and patches submitted by users as long as they do not require too much rewriting of code."
BBN Technologies
http://www.is.bbn.com/projects/darpa-chats-cms/index.html
http://www.is.bbn.com/projects/darpa-chats-cms/Q4_2001_Progress.html
This DARPA sponsored research effort, known officially as the High Assurance Open-Source Certificate Management System (CMS) project, placed a mature implementation of X.509 digital certificate management software into the open-source software community.
seems to be outdated. Dates on page point to goals for 2002
Papyrus
Georgia Tech John Douglass
http://www.cren.net/crenca/crencapages/papyrus.html newer URL
Papyrus (V5)
http://www.cren.net/cds.html
An open source CA written in python. Both ca.cren.net and ca.gatech.edu utilize the V5 framework. I'm glad
you found the application useful. Unfortunately right now it's got a
heavy "get up to speed" and I have taught classes on how to implement V5.
SimpleCA.
(Globus grid project, but this is ending Jan 2004???)
http://palms.ee.princeton.edu/globus/simpleCA.html.
Also,it might be better to go to globus itself for the information:
http://www.globus.org/security/simple-ca.html
(broken URL from UAlabama: http://lab.ac.uab.edu/node.php?title=SimpleCA)
OpenCA
http://www.openca.org/ which seeks to improve the state of open source CA stuff.
HEPKI-TAG Open Source CA List
Federations
Inqueue
from Mark Franklin 5 Aug 2003
web page by Neal McBurnett which seems to shed some light on the
naming scheme for Usher, InCommon, and InQueue:
http://bcn.boulder.co.us/~neal/i2/crencat/ (allegedly last modified 7/26).
3) From a link on this page
(http://marsalis.internet2.edu/cgi-bin/viewcvs.cgi/*checkout*/shibboleth/c/doc/InQueue.html?rev=HEAD&content-type=text/html, updated 8/4) I found the
following description of InQueue: "The InQueue Federation, operated by
Internet2, is designed for organizations that are becoming familiar with the
Shibboleth software package and the federated trust model." InQueue is
specifically NOT intended for production use.
PKI Documemts
validity periods and life cycles of keys
http://holstein.doit.wisc.edu/~ejnorman/keylife.html
Free (or Low cost) Cert Sources:
CACert.org
There is http://www.cacert.org which seeks to be a global free CA. They issue a cert, and you aquire 'points' by having
other people agree that you are who you say you are. There is some special case handling for people with Thawte Certs, at least
gilbertgeorge Pub CA
http://gilbertgeorge.com/certsrv/. the CA was interesting, is pretty anonymous, but appears to be run by someone at least affiliated with Cisco. I believe it's based on the Windows 2000 server CA. Interestingly, it has the exact same problem we ran into
with certificate store passwords being optional on Windows XP.
DST has a personal cert service
Thawte e-mail certs
http://www.thawte.com/html/COMMUNITY/personal/index.html
Seems to have another web-of-trust scheme to add data to certificates.
Versign (connection with AOL IM)
Here's a quick summary:
Back to PKI Lab Home
Top
Dartmouth College PKI Lab
Last update: 13 March 2006
