TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi all...I'm posting the message below for one of our engineers...
-----Original Message-----
From: Filacchione, Alex (ISSAtlanta)
Sent: Monday, February 28, 2000 11:57 AM
To: 'Cecoban, S.A. de C.V. - Alejandro N��ez Hdez'; [EMAIL PROTECTED]
Subject: RE: ISS issue
Question:
There are two types of certicom that could be used. 1 is the
"stand-alone" plug-in provider. THis is something that you install outside
of realsecure (generally before the RS installation). THis creates registry
entries, etc.
The second is the ISS built-in certicom ECNRA provider. IF you are
using the latest version of RealSecure on both ends, it is possible that the
engine is using the ISS built-in provider and the console is using the
plug-in provider. They are essentially the same, EXCEPT in how they are
handled by RealSecure policies, etc.
If you are not sure, check the encryption settings on the console to
see if tehy are built-in providers or not. If you had previously installed
the Certicom provider on your machined separately (which you used to HAVE to
do), that provider is listed in teh NT registry, and during install you
should see BOTH the built-in and the Non-built-in providers listed
(depending on your setup, you may have to click on "ADD" under the crypto
provider settings to see all versions!).
In any regard, in order to use the new engines, you MUST use the
built-in providers vs the the older stand-alone. The reason for this drastic
and confusing change has to do with the crypto-politics behind the whole
thing. If you are interested in that information, you need to ask someone
other than myself :-) !!!
SO, make sure that you are using the right provider. ALSO, make sure
that you are using the same strength on both sides. IOW, if side A is set up
for Certicom-163/DESX/SHA-1 and the other side (B) is setup for something
like Certicom-163/3DES/SHA-1 they will not work - DESX vs 3DES. Similarly,
if the other side (B) is setup for Certicom-239/DESX/SHA-1 the two will not
communicate either - Certicom 163 vs 239.
Hope this helps,
Alex F
-----Original Message-----
From: Cecoban, S.A. de C.V. - Alejandro N��ez Hdez
[mailto:[EMAIL PROTECTED]]
Sent: Friday, February 25, 2000 4:12 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS issue
Are you using Certicom Cryptography on your Console ? ...I
mean Microsoft cryptographic method is installed by default during
instalation (in your console) but you have to add Certicom Cryptography if
you are using Solaris ...and is also a good idea to specify it as your
default method
Greetings!!
