RE: Relative Security Provided by Cached Domain Credentials?

From: Kim Oppalfens (Kim.Oppalfens_at_azlan.be)
Date: 05/27/04

  • Next message: Kim Oppalfens: "RE: Re[2]: Relative Security Provided by Cached Domain Credential s?" 
    To: "Nicolas RUFF (lists)" <ruff.lists@edelweb.fr>
Date: Thu, 27 May 2004 08:56:17 +0200

    Hi Nicolas,

    I know from personal experience as well that most other uses for
    certificates on smartcards work fine.
    But I have to (in my eyes fairly knowledgable people stating it can not be
    done).

    One is Ben Smith a respected Microsoft security speaker, the other one is
    Brian Komar.
    So I don't like to say trust me on this one, but either trust those guys or
    try it out for yourself.

    Longhorn is supposed to be able to do this in the near future.

    Kim Oppalfens

            Hello,

    I do not have any personal experience of EFS + SmartCards. I guess it would
    work because of the CryptoAPI abstraction between applications and
    certificate stores, but I won't take it for granted because Microsoft
    documentation contradicts from one source to another.

    However I managed to get the following combo working : SmartCard + USB Token
    Reader + Windows 2003 Domain Controller + Windows XP Client + "SmartCard
    User" certificate. This certificate has been successfully used for Domain
    Logon, Mail Encryption and Mail Signature.

    Hope it helps.

    Regards,
    - Nicolas RUFF
    -----------------------------------
    Security Consultant
    EdelWeb (http://www.edelweb.fr/)
    -----------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Kim Oppalfens: "RE: Re[2]: Relative Security Provided by Cached Domain Credential s?"

    Relevant Pages

    • Re: Relative Security Provided by Cached Domain Credentials?
      ... > I have seen mentioned the use of smartcards for efs certificates in this ... > At least that is what I understood about efs and smartcards. ... CryptoAPI abstraction between applications and certificate stores, but I won't take it for granted ... Mail Encryption and Mail Signature. ...
      (Focus-Microsoft)
    • Re: CA Services enrollment agent and templates
      ... In our office we use certificates in smartcards extensively: ... card logon, e-mail and so on. ... capable of subverting whatever security measures have been put in place to ... revocate the certificate, take a new smart card and request a new ...
      (microsoft.public.windows.server.security)
    • Smartcard certificates naming convention
      ... could all the smartcards of a spesific organization have ... or the Common Name of the end-entity certificate ...
      (sci.crypt)
    • Re: Smartcard certificates naming convention
      ... the smartcards of a spesific organization have the same Common Name ... the Common Name of the end-entity certificate inside the smartcard ... relative to the entity who owns the private key, ...
      (sci.crypt)
    • Re: Do CAP members salute?
      ... from personal experience, changing the certificate just to get a new shiny ... one, or to change some personal information such as citizenship, in ...
      (rec.aviation.piloting)