[78916] in North American Network Operators' Group
PKI for medium scale network operations
daemon@ATHENA.MIT.EDU (Sean Donelan)
Fri Mar 25 07:43:40 2005
Date: Fri, 25 Mar 2005 07:43:13 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Routers, IP phones, VPN, etc are starting to get reasonable support
for certificates. So network operators may need some PKI as part
of their infrastructure (rather than the traditional application-layer
PKI such as Web/SSL).
But there seems to be only two choices for Public Key Infrastructure. The
do it yourself crowd which requires a lot of expertise just to keep
running, and the we'll do everything for you crowd which is massive
in scale and price.
Have any network operators found something in between? Simple enough
that after it is set up, an administrative person can handle the day
to day operation. But not so expensive, you can justify the
infrastructure for the relatively certificates being managed?
Most network infrastructure is internal, so there is no need for
a world-wide PKI for internal stuff.
Microsoft is actually doing an impressive job building it into
their systems. Is that the direction network operators are going?
