Public Key Certificate-Based Authentication
A well-implemented public key infrastructure, in which security credentials can be presented without compromising those credentials in the process, resolves many security problems. IPSec works with your public key infrastructure to allow certificate-based authentication of computers.
A public key certificate (PKC) ensures that who you say you are and who you really are do not differ. A PKC is one type of authentication that reliably provides this verification.
PKCs are like digital passports. They are used to verify the identities of non-Windows 2000 computers, stand-alone computers, clients that are not members of a trusted domain, or computers that are not running the Kerberos v5 authentication protocol (the default Windows 2000 authentication method.)
For information about implementing a public key infrastructure, see "Choosing Security Solutions That Use Public Key Technology" in the Windows 2000 Server Resource Kit Distributed SystemsGuide.