An Evaluator''s Checklist

In Part Three we began taking a critical look at the trickier aspects of building a PKI to prepare for selecting an outsourced CA solution. We also began developing a checklist of sorts to help determine what''s required of a CA and what a CA will require of you. Throughout the series, we''ve been collecting requirements that you''ll need for detailed analysis and design of an ultimate PKI implementation. We can categorize these requirements as internal and external. You''ll need the internal requirements to help plan the work you''ll need to perform to integrate your legacy systems into the PKI, and you''ll need the external requirements to aid in your selection of a commercial CA solution. In this week''s column, we''ll map the list of external requirements onto 3 major CA outsourcing products - Verisign''s OnSite 4.0, Equifax Secure, and GTE Internetworking''s CyberTrust Accelerator Program.

To review, these external requirements include:

• Secure key management operations
• APIs to ease integration of legacy systems
• Support of industry-wide PKI standards
• Key escrow and key recovery services
• Support of Certificate Revocation Lists (CRLs)
• Training, support, and assistance with policy, procedures, and Certificate Practice Statement development

The CA systems discussed here were selected because of their prominence within the industry. A comprehensive list of CAs is also maintained within the E-commerce section of Webreference.com, and is accessible by clicking here. Use these comparisons as a launching pad for your own discoveries with other companies as you search for your own ideal PKI.