I am currently doing some research into PEM and would greatly
appreciate some input to a few basic questions. I have a good
understanding of what PEM is and why it is being developed, but am
not very familiar with the direction that it is taking. If any of you would
take the time to respond to some of these questions, I would
appreciate it. Also, if you do respond, try to give facts and not
heresay because I am working on a feasability study. If you would
also leave your e-mail address I would appreciate that as well, in
case I want to talk with you more in depth about something I might not
understand. You can reply to:
kibrahim(_at_)peruvian(_dot_)cs(_dot_)utah(_dot_)edu
Thanks for your input!!
1. Do you know of any products that are currently on the market? If
so, do you know how I can get a hold of them?
2. I have read the RFC's containing the standards, but is there any
standard about how keys will be kept and managed. For example,
would I be able to have many different programs generate keys, and
have my version of PEM be able to keep one central database of
keys. Also, how do I collect public keys from 20 different programs
and put them on one ring?
3. In what direction is PEM heading now? I have heard that DES
can be cracked fairly easily if you have the right equipment. If this is
true, does anyone have any sources for this information. Are
developers still planning to use DES to encrypt messages and their
digests or are they looking at other methods (such as ideakey)?
Once again, thanks in advance for your responses.
-- Kevin