phmb@otter.hpl.hp.COM (Peter Brooks) (04/10/91)
This is less a scientific than a commercial question, but somebody may know that answer. CCITT recommendation X.509 makes reference to a CA or Certification Authority. This is the agent who can supply a public key certificate, or the public and private algorithms to companies, or, presumably anybody else who wants to use them. My question is, do such CA's exist? Are they bodies such as the CCITT, or the NIA, or is this service offered by private companies? What does it cost? Is it supplied as a service with an annual charge - for secure coding, X.506 suggests that the keys expire? Do any banks or other firms use X.509? Peter Brooks
janm@dramba.neis.oz.au (Jan Mikkelsen) (04/12/91)
I know of no bank or firm providing certification authority services using X.509. If there are, I too, would be very interested to hear about it. I don't think there is even enough stable software out there to provide the service. There are companies which intend to provide such a service, the one for which I work is one of them. In the EDI world, there is work being done on security, the MD4 Edifact banking security working party, and the Tedis programme. While both make mention of X.509 they are basically emerging standards for using X.509 in an Edifact EDI message. These standards are not yet stable. What is the application you have in mind for X.509? -- Jan Mikkelsen janm@dramba.neis.oz.AU or janm%dramba.neis.oz@metro.ucc.su.oz.au "She really is."