[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: Personal ID store
From: Tomas Palmer <tomasp () GTE ! NET>
Date: 2001-04-26 5:12:16
[Download RAW message or body]
Agreed. This is the whole point of PK. Private keys must remain private
otherwise you lose non-repudiation. If the admin has a copy, you might as
well use symmetric.
Clear Skies-PLEASE!
Tom=E1s Palmer
http://www.littlebear-observatory.com
tomas@littlebear-observatory.com
http://www.cosmiccontrols.com
tomasp@cosmiccontrols.com
----- Original Message -----
From: "Daniel Sie" <dsie@MICROSOFT.COM>
To: <CryptoAPI@DISCUSS.MICROSOFT.COM>
Sent: Wednesday, April 25, 2001 6:15 PM
Subject: Re: Personal ID store
The Private key is protected by the Protected Storage. Private key
backup is something that the industry is really struggling with what is
the "right" way to do so. Do you feel comfortable with your Admin having
a copy of your private key?
Thanks.
-----Original Message-----
From: Mays, Michael J (Pomeroy Select) [mailto:maysmj@BP.COM]
Sent: Wednesday, April 25, 2001 7:24 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Personal ID store
Is there any way to retrieve a users Win2000 private key (Personal ID)
for
safekeeping in case they accidentally delete the certificate from their
store, or the local drive crashes, etc., without physically visiting
each
user and exporting the key?
Are there security mechanisms in place that would prevent a program
(interacting with certmgr possibly?) from performing an export of a
users
private key? I'm not asking for specifics, only a confirmation it can or
can't be done.
The goal is to not leave the responsibility of backing up the private
key
solely in the hands of the end user. The fear is they'll receive an
email
encrypted with their public key or have saved messages encrypted with
the
public key and they'll have no way of decrypting because they (end user)
decided they didn't need their Personal ID and deleted it weeks ago.
...Or is this the idea behind KMS.
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic