Issue #2 December 2004

Red Hat Speaks

Bob Lord, Senior Director, Directory and Security Products

Red Hat recently acquired Netscape Directory Server and Netscape Certificate Management System from the Netscape Enterprise Suite. These products will be integrated into Red Hat's Open Source Architecture plan over the next 6 to 12 months. We interviewed Bob Lord, Senior Director, Directory and Security Products, about Red Hat's plans for these technologies.

What was the last position you held at Netscape?
Most recently, I ran the Directory and Security teams at Netscape/AOL. I've been doing that for a while, having started working with the crypto team in 1998.
What is your new position at Red Hat?
My job at Red Hat is largely a continuation of my job at Netscape/AOL. We expect to continue to develop these applications, and to advance them even more quickly at Red Hat. The customers of these server products are increasingly Red Hat customers, so this acquisition has tremendous potential.
What is the Red Hat Directory Server, formerly known as the Netscape Directory Server?
The Directory Server centralizes user profiles, application settings, group data, policies, and access control information into a network-based registry. It simplifies user management by eliminating redundant, and often inconsistent, sources of this information. You may have heard of the acronym LDAP (Lightweight Directory Access Protocol), the protocol clients use to talk to the Directory Server. Clients like Mozilla Thunderbird and Microsoft Outlook Express use the LDAP protocol to extend the user's local address book and "typedown addressing."
What is the Red Hat Certificate System, formerly known as the Netscape Certificate Management System?
The Certificate System is a collection of technologies to manage user identities and to ensure the privacy of communications. It handles all the major PKI (public key infrastructure) lifecycle functions, for example enrollment and revocation. New in the 7.0 release are several features to help an organization deploy hardware tokens, for example USB keys.
Are there plans to open source either of these products?
At Netscape/AOL, we led the efforts to advance the NSS module in Mozilla. This module provides the cryptographic functions you see in all our server products, as well as in the Mozilla browser and mail clients. We also opened the source to our LDAP SDK in Mozilla. We had a great deal of success with these open source projects, and opening the source to the servers themselves is a logical step forward at some point in the future. Right now we have existing contractual obligations for the next release of these products, and so we'll be firming up all these plans in the coming weeks.
Why did Red Hat buy these products instead of creating them or working on existing open source versions?
These products have been used in many large enterprises for years, and they've won numerous hard-core fans. The Directory Server has unique features like multi-master replication, and superior performance and deployability. The Certificate System also excels in performance, and also offers third party validation of certain security practices. For example, we've had independent labs validate that the NSS cryptographic libraries conform to the FIPS standards. We've also demonstrated that the Certificate System conforms to Common Criteria standards. The Certificate System has superior support for hardware security modules (HSM), and also integrates well with the Mozilla browser.
These server products tie together well. For example, the Certificate System's database is actually a Directory Server instance. By using the multi-master replication feature of the Directory Server, customers can clone a Certificate System server for performance and fault-tolerance.
Is the Red Hat Directory Server going to replace OpenLDAP in future Red Hat operating systems?
It's safe to say that the Directory Server is a mature and scalable product that companies will continue to want to buy for years into the future. We think it would be a good idea to provide migration utilities so that existing OpenLDAP customers could try out Red Hat Directory Server. Beyond that, we're going to be spending time talking to people inside and outside Red Hat to better understand the needs for a directory infrastructure.
What's your most prized possession?
Besides my Dalmatian, I would have to say I most prize my German Enigma machine. The Germans used the Enigma device during WWII to encrypt important military communications. Despite the excellent strength (for its time) of the Enigma code, the Allies secretly broke it and were able to eavesdrop on the Germans. This amazing accomplishment no doubt shortened WWII, and saved many lives on both sides of the conflict.