ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Does Smime works fine with Windows 2000 PKI

2000-05-11 10:10:42
from [Piers Chivers] [Permanent Link] 
MS have published a White Paper on Win2k PKI interoperability with other
leading PKI vendor products.  The WP is available on their MSDN website
(can't remember where but it's called win2kpkinterop.doc).

In my experience Win2k PKI is excellent as choice for an Enterprise PKI.  It
integrates well with AD (not surprisingly).  However, as a commercial PKI
the best thing that can be said about it is that it is free.  And that
probably sums it up succintly.

Piers

-----Original Message-----
From: Laurent Deffranne [mailto:Laurent(_dot_)Deffranne(_at_)dexia(_dot_)be]
Sent: 11 May 2000 14:19
To: walter.williams
Cc: ietf-smime
Subject: RE: Does Smime works fine with Windows 2000 PKI


Walt,

Do you mean that there are difficulties to access through LDAP an Active
Directory, as you want to read or use X509 certificates ?

By the way,does somebody know issues about Active Directory LDAP, or
issues to read a certificate in an Active Directory ?

For me it would be a mistake to use now the "brand new" Active
Directory, but if someone could tell me where I can find proofs of lack
of compatibility (from Microsoft, there must be surely one of two), this
would interrest me.

Laurent





walter(_dot_)williams%genuity(_dot_)com(_at_)Internet
11/05/2000 14:54
To:     Laurent Deffranne/GKBCCB(_at_)GKBCCB, 
ietf-smime%imc(_dot_)org(_at_)Internet
cc:

Subject:        RE: Does Smime works fine with Windows 2000 PKI

Laurent;

Yes, certs issued from a W2K CA can be used for S/MIME, and no less so
than
certs issued from Baltimore, Iplanet or any other CA vendor or product.
The
main issue is not will they work, but will you be able to validate the
certs.  Unless the person issuing the cert from W2K has provided you
with
their server's cert, or they have certified their CA with the signature
of
the publicly known CAs you will not be able to easily verify the
signature
to its source.  This is not the most technically acurate way of saying
this
but I'm not awake yet.  Baltimore has preregistered there CA with the
vendors distributing products, as has Verisign, Thaught, and many
others.
Just make certain that you have the certificates for the W2K CA, and
access
to its revocation list so you can validate properly and you'll be fine.

Walt Williams
TSD-Systems
Senior IT Analyst
Genuity
www.genuity.com

Please note: GTE Internetworking is now Genuity.


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Laurent 
Deffranne
Sent: Thursday, May 11, 2000 5:45 AM
To: ietf-smime
Subject: Does Smime works fine with Windows 2000 PKI


Hi everybody,

Just a question :

Is there any known issues using S/MIME with Win2000PKI-certificates ?
More generally, are Win2000 certificates usable with (and
understood by ) the others mailers (especially Lotus Notes,
Netscape, Eudora +plug-in?)

Isn't Baltimore Unicert a "better choice" due to its greater
compatibility ?

Any advices are welcome.

Regards,

Laurent Deffranne
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Does Slime works fine with Windows 2000 PKI, Philip Hallam-Baker
Next by Date:  RE: Does Slime works fine with Windows 2000 PKI, Piers Chivers
Previous by Thread:  RE: Does Smime works fine with Windows 2000 PKI, Walter Williams
Next by Thread:  RE: Does Smime works fine with Windows 2000 PKI, Walter Williams
Indexes:  [Date] [Thread] [Top] [All Lists]