Browse by Tags

• .net 3.5
• certificate chain
• FAT
• https
• NTFS
• orcas
• SSL

• CardSpace Certificate Chain Validation Issue with Intermediate Certificates

  One problem with the original version of CardSpace was that it seemed to reject some legitimate SSL sites, but like all tricky bugs, it didn’t happen consistently enough to be caught in the first release. What was going on was that sometimes CardSpace couldn’t validate the intermediate certificates in the certificate chain because of a disconnect with the browser’s certificate store. If intermediate certificates aren’t installed on a user’s computer, most browsers use the certificate obtained from the site to reconstruct the whole chain and show the user they are at an SSL site. CardSpace, as it turns out, was not able to get the missing certificates. Since, this bug could make a legitimate site appear to be fraudulent in CardSpace and because the behavior is intermittent, it might be missed by a web developer adding support for Information Cards to their site. We asked the IE team and the maintainers of the browser add-on for Firefox to enable CardSpace to retrieve the correct certificate, and they did. The update to IE was included in the October 2007 IE Security Update and the updated Firefox add-on can be downloaded here (thanks Axel !). Implementers of other Identity Selectors should consider whether this issue is present in their code as well. I’ll hand off now to Shan to explain more details about the problem and the fix. Rob Franco Lead Program Manager CardSpace ======== Introduction – How the recipient certificate & its intermediates Read More... Posted Friday, March 21, 2008 2:46 AM from CardSpace: Behind The Code | 1 Comments Filed under: CardSpace, security, orcas, SSL, https, certificate chain

• CardSpace on FAT File Systems

  The version of Windows CardSpace that shipped in .NET Framework 3.0 will not run when installed on a FAT file system. We’ve received a surprising amount of feedback (some of the earliest from Pamela Dingle ) that customers are still using FAT file systems and this is causing problems.  This was done because FAT doesn’t provide ACLs and therefore the files CardSpace uses for storing cards can be deleted or corrupted by malicious code running as the user. Since the store files are still double encrypted by both the user’s and the system’s keys, even on a FAT drive, user code cannot access the contents of the file and read the secret card information. Given the feedback we received, and that the cards are still protected against theft, we decided to make the changes and enable CardSpace (shipped with .NET Framework 3.5) on FAT File Systems. This change doesn’t have any side effect on the rest of the product so running CardSpace on partitions formatted with FAT or NTFS produces the same results. This is a change intended to meet some customers’ demands but we still recommend the use of NTFS because it’s a more secure environment not only for CardSpace but also for all other files in the computer.   Rafael Windows CardSpace Team Read More... Posted Monday, December 10, 2007 9:07 PM from CardSpace: Behind The Code | 1 Comments Filed under: CardSpace, FAT, security, .net 3.5, NTFS