In the first move toward that goal, Network Associates said it will support VeriSign digital IDs, issued through VeriSign's Onsite outsourcing service, in Network Associates' next release of its Gauntlet virtual private network software.
"In essence, we have declared peace here," said Peter Watkins, who runs Network Associates' security business.
The two companies estimate that nearly 9 million people have been issued PGP or VeriSign certificates for corporate use. Network Associates acquired PGP in December 1997.
The agreement includes only corporate versions of VeriSign's product line, not the individual digital IDs that it issues consumers.
Applications such as secure email, extranets, virtual private networks, and access to sensitive data are increasingly using digital certificates, which serve as electronic IDs for online networks. In addition, financial applications such as credit card purchases often require special-purpose digital certificates.
"For holders of PGP certificates, this will give them the capability to work with other corporate users who are using VeriSign," said Gene Hodges, Network Associates vice president of marketing for security products.
Network Associates also will recommend VeriSign's service to customers who don't want to operate their own certificate authority.
However, the interoperability features will not be available immediately. The new version of the Gauntlet VPN software is due by August, but existing holders of PGP certificates will have to act to make their certs work with VeriSign's Onsite.
Technically, Network Associates said it will use a "wrapper" around its PGP certificates to make them comply with the X.509 standard.
By year's end, VeriSign's OnSite service will be enhanced to issue certificates under the Diffie-Hellman encryption algorithm that PGP certificates use, in addition to RSA's algorithm. Network Associates will update its security offerings, including its PGP encryption products, to request and use either type of certificate.
But the overall market for digital certificates remains a muddle because not all X.509 certificates interoperate technically. In November, a group of certificate authorities lead by Entrust Technologies and their customers announced an effort to make digital certificates interoperate. VeriSign was not part of that effort.
"The problem has been that PGP and S/MIME [a secure email protocol] certificates don't interoperate," said Victor Wheatman, a security analyst at Gartner Group. "The hope is that this brings together PGP with the X.509 world, since most of the world is doing S/MIME." Use of S/MIME requires X.509 certificates.