The Encrypting File System (EFS) smartcard certificate implementation in Windows Vista ignores the Enhanced Key Usage extension if the extension does not specify EFS. In this situation, a certificate may be selected that is not intended for data encryption. Therefore, data may be lost if a Disaster Recovery Agent (DRA) is not configured or if the noncompliant certificate that was previously selected is not retained after it expires.

Leave a Reply