All, I have a report in front of me commissioned by someone in my company to review our CA/PKI system. Frankly I'm not too happy about it and would like some bitingly worded and technically brilliant responses to support our use of OpenSSL which I would like to continue. The push of the report is to move away from openss to a vendor solution. I've had a cursory look over some vendor products like baltimore, identrus and iplanet and haven't been too impressed with any of the bells and whistles they offer like vendor specific browser apps and client private key escrow in proprietary databases. I was very impressed by Iplanet's pre sales "technical" sales guys telling me they didn't use Xenroll.dll to install certs in IE browsers with their certificate management software (as I do with my CA), they use OSPF! and suggest we _force_ all of our clients to use netscape browser anyway. Some other unnamed company expect you to think adding %30 to the price of their already pricey software is justified if it lets you use "advanced features" (ie x509v3 extended attribute). I guess people that have never used openssl would be impressed. Is there anyone on the list who has done a more rigourous comparison of commercial systems Vs. OpenSSL? Either out of the box openssl executables or custom written apps using the libraries? An independant review of commercial CA's would be the ultimate resource here and I can add on the features possible with openssl based apps/scripts. Any help as always greatly appreciated. Dereck Charles. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]