Entrust offers certificate technology to Mozilla

Also visit our blog pages to read and comment on: The landmine of P2P file sharing

Information security vendor Entrust Inc. has released code to its patented certificate revocation list distribution points (CRL-DP) technology to open source group Mozilla Foundation in a bid to further increase uptake of its PKI product, an Entrust executive said.

“What we wanted to do is promulgate (the CRL-DP capability) and get it out there as much as possible so we elected to make this technology available to the open source community so they can use it,” explained Kevin Simzer, senior vice-president at Addison, Tex.-based Entrust on Wednesday.

“Then when a customer wants to buy PKI, hopefully they will pick Entrust because we have that capability built into our product,” he added.

The Entrust executive also said the move will allow open source users to build “more scalable” PKI environments by having access to the CRL-DP code. A certificate revocation list tracks users’ security credentials and associated rights.

Entrust’s CRL-DP technology allows an enterprise IT administrator to efficiently manage the increasing number of revoked or invalid digital certificates from users, said Simzer.

Under a royalty-free Mozilla Public Licence, the GNU GPL and Lesser GPL, Entrust will contribute its CRL-DP code to Mozilla’s Network Security Services (NSS) libraries, allowing open source users to incorporate CRL-DP capability to their PKI developments.

NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications, which can support secure sockets layer (SSL) v2 and v3, transport layer security and other security standards.

Simzer said Entrust’s CRL-DP is currently the only certificate revocation list distribution feature within the NSS libraries. In a statement, Frank Hecker, executive director of the Mozilla Foundation said incorporating the CRL-DP capability into the existing NSS libraries will “significantly elevate the value of the PKI-enabled applications that use these libraries.”

“Secure technology like PKI is too important no to provide to the open-source community,” he said.

One open source enthusiast, however, was not quick to applaud the Entrust move.

“It’s hard to tell, just from the press release, some of the legal fine prints,” said Russell McOrmond, policy coordinator for Ottawa-based Canadian Association for Open Source.

He added that the open source community should look at the specific “field of use” clause associated with Entrust’s contribution.

“There have been attempts before to make software available to a specific open source community, but not the entire open source community, and it turns out that that legal fine print makes it not very workable,” said McOrmond.

McOrmond explained some royalty-free licences involving code released to the open source community contain clauses that restrict the use of the contributed code for purposes outside the project it was originally intended for.

“Something can be on an open source-approved license and yet not be open source,” he said.

An ideal arrangement would be a royalty-free license with no field of use restriction where a code that was originally targeted for one project can be moved to an entirely different project. “And that is how a lot of the innovation happens,” McOrmond said.

Also visit our blog pages to read and comment on: The landmine of P2P file sharing

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now