RE: IIS6 on W2k3 DCs
From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 01/15/05
- Previous message: Eric McCarty: "RE: IIS6 on W2k3 DCs"
- In reply to: Miroslaw Slawek Chorazy: "Re: IIS6 on W2k3 DCs"
- Next in thread: Security: "Re: IIS6 on W2k3 DCs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Miroslaw Slawek Chorazy'" <mchorazy@depaul.edu>, <focus-ms@securityfocus.com>, <sd_wireless@yahoo.com> Date: Fri, 14 Jan 2005 21:25:59 -0500
> One pro-vote for IIS6 being installed on DC is related to
> your Certificate Authority which might be installed on a DC.
> The Microsoft Certificate Engine would then by default; 1.
> try to obtain Certificate Revocation List updates from http
> location 2. offer certifcate enrollment for end-users via http
>
Actually, none of that has anything to do with the machine being a DC or
not. Enterprise CA, standalone CA, it doesn't matter- they should not be
installed on DCs. The items that you list, which are only a couple of the
methods available for CRL/AIA/CPS retrievals, do not have anything
whatsoever to do with the CA being a DC. And again, DCs should not be CAs,
both for performance and security reasons.
Laura
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Eric McCarty: "RE: IIS6 on W2k3 DCs"
- In reply to: Miroslaw Slawek Chorazy: "Re: IIS6 on W2k3 DCs"
- Next in thread: Security: "Re: IIS6 on W2k3 DCs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
