SAN JOSE, Calif. Jan. 17, 2000 - In an effort to make digital certificates useful for electronic commerce and virtual private networking (VPN), Cisco Systems, Inc. today announced a free software protocol to better manage the secure delivery of these certificates to network devices and users. Because digital certificates enable a higher level of user access and authentication than network passwords, they are valuable components in Public Key Infrastructure (PKI) and will assist in advancing commerce in the Internet economy.
The protocol, called the Simple Certificate Enrollment Protocol (SCEP), is one of the first such specifications to be adopted by numerous vendors because it offers a common, consistent method of requesting and receiving (also known as enrolling) digital certificates from different certificate authorities (CAs). Interoperability has been a critical issue inhibiting more widespread adoption of PKI. SCEP removes this significant roadblock by offering an open, scalable, Web-based solution for deploying certificates. It can be beneficial to all network devices and IPSec software solutions, including Cisco Secure Integrated VPN Software and the Cisco Secure PIX Firewall.
"We think SCEP solves an important piece of the interoperability puzzle and brings the industry a step closer to delivering on the promise of PKI technology," said Elizabeth Kaufman, senior director and general manager of the Security Internet Services Unit at Cisco. "SCEP extends the Cisco commitment to supporting multiple PKI solutions as part of our ongoing effort to securely enable the Internet economy."
"Customers have asked for network-based certificate enrollment solutions to make PKI cost effective and easy to deploy," said John Frederiksen, director of product management for Windows server, Microsoft Corp. "Microsoft is pleased Cisco has published this open Internet protocol, as it will continue to advance the use of PKI. Microsoft ships this protocol as an option in the Windows 2000 resource kit, with tested interoperability between Windows 2000 Certificate Server and Cisco products."
SCEP Draws Industry SupportIn addition to Microsoft, SCEP is backed by several other major PKI vendors and CAs, including: Baltimore Technologies; Cybertrust, a GTE company; Cylink Corp.; Entrust Technologies; iD2 Technologies; the Sun-Netscape Alliance; Phaos Technology; RSA Security; Thawte Consulting; Verisign; and Xcert International. SCEP is the evolution of a specification developed by VeriSign, Inc. and Cisco, and is already commercially available in both client and CA implementations.
"VeriSign and Cisco developed the protocol as part of our efforts to simplify the use of PKI and ease the integration of digital certificates in trusted VPNs," said Judy Lin, vice president of engineering, enterprise and international products at VeriSign. "We're pleased to be working with an industry leader like Cisco to further the adoption of SCEP, as simplicity in technology helps enterprise customers speedily achieve the business benefits."
The SCEP specification is publicly available from the "Cisco System's Simple Certificate Enrollment Protocol" Cisco Web site and open to any interested party looking to add certificate enrollment services to their application. Cisco is an active participant in the Internet Engineering Task Force's PKIX working group. Through its co-authorship of the PKIX CMC draft, Cisco will continue its strong support of PKIX working group efforts to further develop PKI industry standards and technology.
Cisco will also work to drive adoption of PKI technology in the enterprise through the PKI Forum, which the company recently joined as an associate member. The PKI Forum is an international, not-for-profit, multivendor alliance charged with accelerating the adoption and use of PKI technology, products and services. Cisco and each of the PKI Forum members will encourage industry cooperation and market awareness to enable organizations to understand and exploit the value of PKI in e-commerce applications.