... PKI isn't a drop-in proposition. Someone's got to design an infrastructure for it, based on both the requirements of the technology and the structure of the organization's existing security systems. Key pairs and digital certificates must be generated, distributed, and . . .
... PKI isn't a drop-in proposition. Someone's got to design an infrastructure for it, based on both the requirements of the technology and the structure of the organization's existing security systems. Key pairs and digital certificates must be generated, distributed, and tracked. Someone's got to make sure the Certificate Revocation List (CRL) remains up-to-date, so that employees who've left the company don't have active certificates floating around.

A solid Certificate Authority (CA) that verifies certificate authenticity must also be created. Then there's the issue of the Registration Authority (RA), which processes users' certificate requests: Even if you're using an automated RA, someone's still got to administer it.

The link for this article located at Network Magazine is no longer available.