Re: Removing smartcard certificates from the Microsoft Certificate Store (possible MCS API defect)
- From: Jurko Gospodnetić <mangled@xxxxxxxxxx>
- Date: Fri, 02 Mar 2007 13:08:58 +0100
Hi Eric.
Thank you very much for the reply.
Eric Perlin [MSFT] wrote:
And it also comes at a price.
It means the cert picker will only work when the card is inserted.
As it is, you can select a SC cert regardless (for S-MIMIE or SSL for example) and the infrastructure will ask for the card when appropriate.
Please correct me if I'm wrong here but I do believe this is a design flaw in the Microsoft Certificate Store/API infrastructure. Here are two use cases of which only one is currently supported:
1. use case (the supported one):
--------------------------------
You have a friend and want to be able to verify files he signs and sends to you. You friend comes over, plugs in his smartcard, his certificate is automatically transferred over to the Microsoft Certificate Store, he takes out his smartcard and the system is set to go. You may now verify his signatures using his certificate at will.
2. use case (the unsupported one):
----------------------------------
A lawyer receives clients in his office. Every client is identified using his or her smartcard. When a client arrives to the office the client's smartcard is inserted into the lawyer's PC and the client's certificate is transferred over to the Microsoft Certificate Store. The lawyer and client do their thing, client takes out his smartcard and leaves.
The lawyer has his other 1999 clients so eventually his Microsoft Certificate Store contains 2000 different certificates + his own, totaling 2001 certificates all listed in the Microsoft Certificate Store and marked as having their private key data available.
At some point the lawyer wants to access some lawyer-network web site over SSL. He inserts his own smartcard into the system, starts up Internet Explorer and types in the web site address. Now Internet Explorer asks him which of the 2001 different certificates to use to establish an SSL connection to the lawyer-network web site when in fact only one of those certificates actually has private key data available while all the other 2000 certificates can only be used to access their public data since their respective smartcards are not currently connected to the system.
The choice of 2001 certificates represents a big problem. How is the
lawyer supposed to find his own certificate in that bunch of certificates? And why is he supposed to choose at all?
The use case above is one from an actual production system and an actual real-world problem. The lawyer office does not yet have that many smartcards distributed but will with time.
We haven't yet gotten to dealing with that problem through official means but it would be great if one could (and if Internet Explorer/Outlook would) display only those certificates that actually have their private key data available when such private key data is actually required.
One quick-fix we were thinking about was automatically removing such certificates from the Microsoft Certificate Store once their smartcards get plugged out. This would allow us to support use case 2. (which is more important in our scenario) at the cost of supporting use case 1. with those smartcards.
Hope this clears the situation up. And if anyone has a suggestion on how to approach this problem - we would be very glad to hear it.
Many thanks & best regards,
Jurko Gospodnetić
.
- Prev by Date: Re: PLAP provider
- Next by Date: Re: manifest blues on Vista
- Previous by thread: Re: PLAP provider
- Next by thread: Re: manifest blues on Vista
- Index(es):
Relevant Pages
|
Loading
