Choosing Security Solutions That Use Public Key Technology

Previous Topic Next Topic

Public Key Technology Standards and Interoperability

To maximize the interoperability of Windows 2000 public key infrastructure with third-party applications that use public key technology, the Windows 2000 public key infrastructure is based on the standards recommended by the PKIX working group of the IETF. Other standards that have been recommended by the IETF also have a significant impact on public key infrastructure interoperability, including standards for TLS, S/MIME, and IPSec. Microsoft is collaborating with the other members of the IETF to develop these open standards and is committed to ensuring that its public key infrastructure products are compliant with the standards recommended by the IETF.

For cryptographic technology, the de facto standards are the public key cryptography standards (PKCS) developed and maintained by RSA Data Security, Inc. PKCS technologies are broadly deployed in products today and provide a basic, but well-tested and well-understood framework for interoperability. In fact, when the PKIX working group proposed another standard for certificate management, the S/MIME working group created its own proposal that is based on PKCS. This response is typical of the IETF process for developing standards and reflects awareness of market conditions. Microsoft has incorporated these de facto standards into its Windows 2000 public key infrastructure to maximize interoperability with third-party public key security products.

Standards, however, do not ensure interoperability between commercially available PKIX-compliant products because public key technology is still in an early stage of development. Historically, commercial product development has outpaced the collaborative process. This has been especially true for public key technology. Currently, the IETF has several working groups actively developing proposed standards for public key technology, but many of the applications to which these standards would apply are shipping already as products. Moreover, no standard can anticipate every application requirement and dependency, so standards often get watered down in implementation. Interoperability, then, is the result of standards tempered over time by vendors working together to ensure the interoperability of their products.

Today, SSL and TLS and S/MIME work well across the products of many vendors. As standards develop and vendors work together, more and more components of public key infrastructure become compatible. One day, complete interoperability might be taken for granted. However, at this time, the only way to know for sure how well products and features from different vendors work together is to test them in the lab.

© 1985-2000 Microsoft Corporation. All rights reserved.