Re[2]: Relative Security Provided by Cached Domain Credentials?

From: Vyacheslav Ponomarenko (VPonomarenko_at_taos.com)
Date: 05/26/04

  • Next message: Kevan Smith: "RE: Relative Security Provided by Cached Domain Credentials?"
    Date: Tue, 25 May 2004 20:13:54 -0700
    To: focus-ms@securityfocus.com
    
    

    Kim,

    When you use EFS on a file server it encrypts/decrypts data on user's
    behalf via delegation. Thus it can only access keys stored in user's
    profile.

    Vyacheslav

    Tuesday, May 25, 2004, 6:56:01 AM, you wrote:

    KO> I have seen mentioned the use of smartcards for efs certificates in this
    KO> thread a couple of times.

    KO> Although it would be nice in theory it was my understanding that this cannot
    KO> be used at present because not thought about in the efs API, so during
    KO> decreption or encryption for that matter only the personal certificate store
    KO> is checked for a key, not any smartcard related stuff.

    KO> At least that is what I understood about efs and smartcards.
    KO> Has any of you actually tested the smartcard solution, or it this how you
    KO> would theoratically handle it?

    KO> Kim Oppalfens

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Kevan Smith: "RE: Relative Security Provided by Cached Domain Credentials?"