Re: MS: David Cross
From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 11/28/02
- Next message: Ahd: "Re: Propogation of MS02-064 root folder permission"
- Previous message: Chadi: "Re: Win2K - Account Lockout Policy"
- In reply to: Joe Richards [MVP]: "Re: MS: David Cross"
- Next in thread: John McCoy: "Re: MS: David Cross"
- Reply: John McCoy: "Re: MS: David Cross"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "S. Pidgorny [MVP]" <slavickp@yahoo.com> Date: Thu, 28 Nov 2002 20:28:19 +1100
It looks like everyone suggests to contact MS with such question?
I do have some suggestions:
* Crtificate distribution: create all certificates inhouse, make private
keys exportable, export the cert and send the PFX file to the customer. It
is password-protected.
An online CA is also acceptable but you need to have a mean of verifying
customer identity before approving the request. The above approach is easier
but not good for mass deploument.
* ISA Server and certificate authentication. Trouble, AFAIK. No, it works
fine, but the problem is CRL checking. It just doesn't happen. And yes, MSCS
do have a solution for that problem already.
-- Svyatoslav Pidgorny, MS MVP, MCSE -= F1 is the key =- "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message news:#4LwvlqlCHA.2224@tkmsftngp02... > Again, I would recommend contacting MSCS. Either they will be able to allay > your concerns or they can float your concerns back to Redmond and get a > satisfactory answer for you. You might possibly get lucky and get the answer > here but in matters of security you should be the as careful as you can be. > > -- > Joe Richards > www.joeware.net > --- > > "John McCoy" <itsme109@hotmail.com> wrote in message > news:utvqinfrovp500@corp.supernews.com... > > It isn't my site I am thinking of. I just want to make sure when we set up > a > > certificate server for outside users to contact it is a secure method. > There > > are some concerns about how I planned to do it. > > > > This is for our customers to be in compliance with HIPAA > > > > -- > > John McCoy > > > > > > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message > > news:OnCdlZykCHA.2008@tkmsftngp08... > > > I would recommend contacting your local Microsoft office and getting a > > MSCS > > > Security specialist to visit. > > > > > > -- > > > Joe Richards > > > www.joeware.net > > > --- > > > > > > "John McCoy" <itsme109@hotmail.com> wrote in message > > > news:utu0dj97tne95f@corp.supernews.com... > > > > Thank you, I just want to make sure the distribution method we choose > is > > > the > > > > most secure one. > > > > > > > > -- > > > > John McCoy > > > > > > > > > > > > "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message > > > > news:u2qstZekCHA.348@tkmsftngp12... > > > > > I am fairly sure you can get pricing and phone numbers from > > > > > www.microsoft.com/support. Look under the section for ISA server > [or > > > > maybe > > > > > windows 2000 server] > > > > > > > > > > "John McCoy" <jmccoy@cmatech.com> wrote in message > > > > > news:esVI9GakCHA.2276@tkmsftngp12... > > > > > > I would like to call and speak to someone in some greater detail > > about > > > > the > > > > > > best way to distribute certificates to outside users. > > > > > > > > > > > > I plan to use a CA Root for internal users and a standalone sub > for > > > > > > external users. We want external users to be issued a certificate > to > > > be > > > > > able > > > > > > to disgitally sign and encrypt email and attachments. We are using > > ISA > > > > > 2000. > > > > > > The question is, is it a good security practice to explse the > > > standalone > > > > > sub > > > > > > to issue certificates? We would publish it using ISA 2000. > > > > > > > > > > > > I understand this would be a fee based call. > > > > > > > > > > > > Thanks > > > > > > > > > > > > John McCoy > > > > > > jmccoy@cmatech.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Ahd: "Re: Propogation of MS02-064 root folder permission"
- Previous message: Chadi: "Re: Win2K - Account Lockout Policy"
- In reply to: Joe Richards [MVP]: "Re: MS: David Cross"
- Next in thread: John McCoy: "Re: MS: David Cross"
- Reply: John McCoy: "Re: MS: David Cross"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
