14 DAY TRIAL // When it comes down to security, Microsoft has on numerous occasion applauded Windows Vista as the most secure Windows platform it has even delivered. Cryptographic enhancements are in this sense a great addition to the operating system for the benefits of the corporate environment. However, cryptographic improvements are but one detail of the work done by the Microsoft Public Key Infrastructure team.
In order to understand PKI users have to think of a framework designed and set in place to enable secure data transfer methods. The framework is based on a public key cryptography, digital certification and code signing. The "CA (Certificate Authority), the client enrollment API and UI, OCSP (Online Certificate Status Protocol) Responder, SCEP (Simple Certificate Enrollment Protocol) and the smart card subsystem in Windows" are all in fact examples of Microsoft's involvement in the creation of technologies and products associated with digital certificates.
In Windows Vista and Windows Server 2008, "the Microsoft crypto and PKI platform now supports the most advanced crypto algorithms such as ECC and the SHA-2 hashing alg family out of the box. The Microsoft CA can now issue ECC certificates and the Microsoft client can enroll and validate ECC and SHA-2 based certificates. Moreover, the platform is now dynamic enough to allow plugability of new algorithms much easily than before," revealed Avi Ben-Menahem, the lead program manager for the PKI and smart card technologies in Windows Security.
But the evolution of Vista and Windows Server 2008 does not stop with crypto enhancements. But also covers revocation, management and monitoring and Certificate Services Client. Ben-Menahem explained that native support for OCSP (Online Certificate Status Protocol), the availability of OCSP Responder together with the Certificate Server role, revocation analysis improvements, OCSP response stapling and CAPI diagnostics are all integer parts of Vista and Windows Server 2008.
PKI deployment and management is a process that has been streamlined with Windows Server 2008 and Windows Vista. Handling and monitoring PKI can be done via a single console following enhancements introduced on the server side.
"Certificate Services Client - on the client side of the Microsoft PKI we focused on both the UX (User experience) and on the developer experience. A completely new set of developer enrollment API is introduced (CertEnroll). This new COM based library replaces the legacy XEnroll library which been around for a long time and provides an OO developer experience and the ability to practically modify any request extension or attribute. Pretty powerful stuff. By doing that we ensure we give the proper developer support to enable PKI-Aware applications development," Ben-Menahem added.