Re: WHAT'S BEST OF SECURITY TOKEN ?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: leighsword (leighsword_at_163.net)
Date: 10/07/04 

Date: Thu, 7 Oct 2004 10:27:10 +0800

wow,it's very clear,thanks.
to username token, the X509 token is secure ,but slow.
if using pvkimprt.exe + makecert.exe to make a x509 certificate ,is it still
secure?
or i need to buy a CA certificate from Big company,microsoft or whatever?

thank for your kind again.

"Julie Lerman" <jlermanATNOSPAMPLEASEthedatafarm.com> дÈëÓʼþ
news:%23e%23W%23J7qEHA.1952@TK2MSFTNGP12.phx.gbl...
> X509 and UsernameToken's are very different in nature and x509 is many
many
> many times more secure. There are other options, such as creating a
> symmetric key and using a security token.
>
> However a few differences...
>
> In WSE2, except for authorization where you use a UsernameToken, the
> X509Token is the easiest to work with. Especially if you want to do all of
> your work by way of the WSE settings tool. Of course, using the tool to
> create policies will only give you a limited range of policies that you
can
> work with. But you can use the tool if you only need to do the most
> straightforward security and policies.
>
> If you dig a few days back into the newsgroup, you can see a message from
me
> where I was attempting to use usernametokens for a secure conversation. It
> is quite possible to do, yet it means learning a lot and also creating a
lot
> of custom classes so it is a lot more work..
>
> Although encrypting messages with an X509 certificate is a lot slower,
WSE2
> will automatically use a different algorithm whereby you still get the
great
> security that X509 provides, but the message itself is encrypted with a
> symmetric key. WSE2 will do all of this automatically when you provide the
> X509.
>
> Bottom line...X509 is MUCH more secure for signing and encryption - let me
> just say like a gazillion times, although that would be a slight
> exaggeration.
>
> hth
> julie lerman
> "leighsword" <leighsword@163.net> wrote in message
> news:elbEGv2qEHA.4008@TK2MSFTNGP14.phx.gbl...
> > X509 TOKEN?USERNAME TOKEN?...
> > WHAT'S FASTEST OF SECURITY TOKEN?
> > WHAT'S SAFE OF SECRUTY TOKEN?
> >
> >
> > REGARDS.
> >
> >
>
>

Relevant Pages

  • Re: How can I secure my site?
    ... I searched certificate authorities and I found that their certificates ... there are indeed varying levels of verification/trust in a given SSL ... But as this is a security list, let me be among the folks to make it ... crystal clear to you that SSL WILL NOT SECURE YOUR WEB SITE. ...
    (Security-Basics)
  • RE: Configure Secure POP3
    ... To configure secure POP3 connection for PDAs, MAC etc, please refer to the ... We can assign the certificate is created by the CEICW. ...
    (microsoft.public.windows.server.sbs)
  • WCF Message Security Problem
    ... username password authentication via a custom asp.net provider. ... password authentication mode requires transport or message security to ... I created the certificate with makecert following ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Setting passwords in ADAM
    ... LDAP over Secure Sockets Layer (SSL) will be unavailable at this time ... because the server was unable to obtain a certificate. ... >> adam instance and it is able to set passwords as well, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Secure TN3270
    ... Subject: Secure TN3270 ... Point the PROFILE DD statement to the telnet parameter member ... We got a certificate from THAWTE. ... Search the archives at http://bama.ua.edu/archives/ibm-main.html ...
    (bit.listserv.ibm-main)