OpenFortress Mission statement
OpenFortress is a certification authority that aims to make digital signatures possible for anyone, anywhere. The `anyone' part is reflected in low prices for automatically processed signatures, as well as in OpenFortress' role of technology provider for digital signatures; the `anywhere' part is reflected in a broad and flexible range of products, that can be extended with signatures based on original material by external parties.
OpenFortress sells digital signatures with the following principles in mind:
- Fortress: Top-notch security, signatures made in solid vaults, using proven cryptographic techniques. Also available in customised services.
- Open: Signatures in a plug-and-play fashion, open to signatures by certified external parties, help structures as common in the Open Source world.
- Low-cost: Using automation, many of our online products can be sold at competitive prices.
- Creative: More than just certificates... because digital signatures are usable for so much more!
Two complementary validation mechanisms are used to define the OpenFortress approach to security.
- Classical validation is based on authentic database content and legal documents such as passports.
- Peer review is based on multiple parties who independently vouch for a statement to be signed.
The technology used is PGP where possible, and X.509 (known from the PKI) where necessary.
- PGP is proven technology, is well standardised and implemented by several independent parties, and has been widely used since 1991.
PGP keys enable flexible signature management, and that is why OpenFortress prefers them.
- X.509 is common in browsers, because TLS/SSL protocols such as
https use it.
OpenFortress usually derives X.509 certificates from the flexibly collected PGP keys.
X.509 standardisation is so-so, but OpenFortress thoroughly verifies these certificates on a wide variety of platforms.
OpenFortress is a marketplace with the digital signature as its commodity.
- Signatures are sold by holders of authentic content, who will charge a fee for their service.
OpenFortress offers a cryptographic backbone to such parties.
- Signatures are purchased as online products by anyone who needs them; if multiple providers exist, the cheapest one can be chosen.
- Resellers are welcomed to sell OpenFortress products in offerings to their customers.
OpenFortress embraces the open source movement in modern software, for the following reasons:
To support this movement, OpenFortress maintains a open source outlet with freely usable software.
- The spirit in which the software is built places technology central, not money. This leads to the decisions that make the software user happy, not the salesman.
- Open source software welcomes peer review. This is of vital importance to any security-related software, as it is the only reaslistic mechanism to exclude backdoors and other nasty tricks.
- Both the software and community of open source are much more fun than their closed source parallels.