Joint Effort to Advance OCSP and Test Interoperability for Real-Time, Online
Certificate Validation
BEDFORD, Mass. and MOUNTAIN VIEW, Calif., Jan. 11 /PRNewswire/ -- In
advance of next week's RSA Conference 2000, RSA Security Inc. (Nasdaq: RSAS)
and ValiCert, Inc., today announced a joint effort to boost trust in
e-business transactions by establishing a process for validating digital
certificates as quickly and accurately as validating credit cards. The
companies plan to achieve this goal through their Online Certificate Status
Protocol (OCSP) Interoperability Initiative, a cooperative endeavor to advance
this emerging Internet standard by establishing criteria and performing
interoperability testing of third-party OSCP-enabled products to ensure they
will work together.
RSA Security and ValiCert will combine their security expertise to
establish the testing criteria that will be used to determine OCSP
interoperability. Software developers will then be given the opportunity to
perform the tests on their OCSP-enabled applications. RSA Security expects to
post the test results on its Web site where organizations building e-business
solutions can determine which products have demonstrated interoperability
using these tests. The OCSP Interoperability Initiative is modeled after RSA
Security's S/MIME Interoperability Center, where over 30 companies have tested
their implementations online to ensure secure e-mail interoperability.
"Compliance with a standard is necessary but not sufficient for achieving
interoperability, which must also include real-world testing before it is
determined products will work together," said Scott Schnell, senior vice
president of marketing for RSA Security. "ValiCert's demonstrated leadership
with OCSP makes them the natural choice for a reference implementation, the
standard by which others are measured. This initiative is designed to offer a
win-win proposition for software vendors and their customers by promoting
interoperability through standardized testing and public display of the
results to ensure that OCSP-enabled applications will work together to
everyone's benefit."
"OCSP provides greater trust in business-to-business transactions by
providing an easy way to check in real-time the status of the millions of
digital certificates being presented to e-business applications. In order for
this to happen, organizations must be assured the OCSP-enabled applications
they purchase will work together," said Sathvik Krishnamurthy, vice president
of marketing and business development at ValiCert. "This initiative with RSA
Security is an important milestone in helping to provide interoperable
solutions for e-business."
The software being tested will use standard X.509 digital certificates
generated by the RSA Keon(TM) Certificate Server, and OCSP interoperability
will be determined through interaction with the ValiCert Validation Authority,
the industry standard OCSP responder. ValiCert security architect Ambarish
Malpani was the lead author of OCSP, which is rapidly gaining support as the
industry standard for performing real-time certificate validation on the
Internet.
"At this point in the evolution of e-business, it is clear the CRL
(certificate revocation list) model is giving way to positive certificate
validation, and the ability to obtain up-to-the-moment validity status will
play an increasingly important role as the value and velocity of transactions
increases," said Kristin Kupres, COO & CTO, Identrus. "We applaud the efforts
of RSA Security and ValiCert in advancing the ability of solution providers
worldwide to create interoperable products that respond to customer
requirements."
In order to demonstrate OCSP interoperability, vendors will test their
OCSP-enabled products in a real-world environment over the Internet.
Initiative participants will test their products against the "designated
reference implementation," the ValiCert Validation Authority. By performing
such testing, vendors can more easily refine their products to achieve
interoperability. The OSCP Interoperability Center on the RSA Security Web
site will provide results of interoperability testing in one master matrix
that includes version number, test dates and an archive of all test messages,
and will provide a forum for up-to-date information about OCSP-enabled
products.
More information about the OCSP interoperability initiative is available
at http://www.rsasecurity.com/standards/ocsp/.
About ValiCert
ValiCert is the leading provider of end-to-end, secure infrastructure
solutions for e-Transactions. ValiCert's Validation Authority, SecureTransport
and Digital Receipt services and products protect organizations before, during
and after e-Transactions through comprehensive trust, transaction and proof
solutions.
Through its technology and marketing alliances with the leading global
providers of e-commerce and security services and products, ValiCert's
e-Transaction solutions have become the de facto industry standard. ValiCert's
customers include Global 2000 organizations in financial services,
telecommunications, healthcare and government, and ValiCert's Worldwide
Affiliate Network of ISPs, ASPs and other service providers ensures the
highest level of service and support. ValiCert has headquarters in Mountain
View, California, and can be reached on the Internet at http://www.valicert.com.
RSA Security Inc.
RSA Security Inc., The Most Trusted Name in e-Security(TM) helps
organizations build secure, trusted foundations for e-businesses through its
RSA SecurID(R) two-factor authenticatiey management systems. With nearly a half billion RSA
BSAFE-enabled applications in use worldwide, more than six million RSA SecurID
users and almost 20 years of industry experience, RSA Security has the proven
leadership and innovative technology to address the changing security needs of
e-business and bring trust to the new, online economy. RSA Security can be
reached at http://www.rsasecurity.com.
NOTE: BSAFE and SecurID are registered trademarks, and Keon, RSA and The
Most Trusted Name in e-Security are trademarks of RSA Security Inc. All other
products and services mentioned are trademarks of their respective companies.
This press release contains forward-looking statements relating to joint
efforts of RSA Security and ValiCert to establish a process for validatinerability. Such statements
involve a number of risks and uncertainties. Among the important factors that
could cause actual results to differ materially from those indicated by such
forward-looking statements are operational delays in implementation of the
initiative, technical difficulties, product delays, software bugs and errors,
inability of RSA to establish an OCSP Interoperability Center, general
economic conditions and the risk factors detailed from time to time in RSA
Security's periodic reports and registration statements filed with the
Securities and Exchange Commission, including without limitation RSA
Security's Annual Report on Form 10K (File No. 000-25120), filed on
March 31, 1999 and on RSA Security's most recent Form 10Q, filed on
November 15, 1999.
SOURCE RSA Security Inc.
 back to top
Related links:
http://www.rsasecurity.com
CONTACT:
Patrick Corman of Corman Communications,
650-326-9648, or patrick@cormancom.com, for RSA Security Inc.; or
Richard Mack of RSA Security Inc., 781-301-5344, or
rhmack@rsasecurity.com; or Nancy MacGregor of Corman
Communications, 415-643-0766, or nancy@cormancom.com, for
ValiCert, Inc.
|
