I have a client who is implementing an intranet with sensitive
information. Their deveolpers are telling them Netscape's Certificate
Server is "good enough" for their security, but they are not convinced.
The manager of the project sat in on a conference call with Meta Group
while they tore apart the Certificate Server. He's not real technical,
so he can't convey all the problems he heard.
What is the general opinion of this product? Has anyone heard or seen
any specific holes with the application or security scheme? Would you
recommend a token based security policy?
Any help will be greatly appreciated.