Will the subject name be automatically populated using
Active Directory or will the data be entered manually by a user via web-based enrollment?
What the subject should be is really application dependent. For example, when
used to sign computer certificates, the subject name might be the fully qualified domain
name of the computer it is issued to.
You must also decide how many certificates each subject will get. Do you want each
subject to have many individual and specialized certificates used for each different function,
or do you want fewer, more generalized certificates that are multipurpose in use?
Multipurpose certificates may sound like a great idea, but they can reduce your ability
to control the specific uses of the certificates. Each template must be associated with an
appropriate CSP.
407 Chapter 12: Enterprise Public Key Infrastructure
Since PKI relies on CSPs to perform the actual cryptographic function, your selection
of the most appropriate CSP for your organization is an important decision. You must
also decide on the length of the key used by the CSP for its cryptographic function. The
longer the key length, the greater its security??”but the trade-off is time. A long key will
take additional processing time to use. If the key CSP is heavily used??”for example, if
it is used for securing network traffic using IPSec??”the added processing time could severely
decrease throughput.
Pages:
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443