Posted 25 January 2012 - 07:32 PM
I was wondering if anybody could help me understand this text and translate it into less technical speak.
Windows XP PKI supports cross-certification and Bridge CA scenarios. User-type certificates can be auto-enrolled and renewed. Certificate requests for issuing new certificates or renewing expired ones can be pending until administrator approval or until issued by the Certificate Authority and once approved, they install automatically. Root CA certificates now also auto-update via Microsoft Update. Windows XP also supports delta CRLs (CRLs whose status has changed since the last full base compiled CRL) and base64-encoded CRLs for revocation checking and will use them by default. Windows XP can enroll version 2 certificate templates which have many configurable attributes.
Smart cards can be used to login to terminal server sessions (when connecting to a Windows Server 2003 or higher Terminal Server), with CAPICOM or with system tools such as net.exe and runas.exe. There are also numerous improvements to certificate status checking, chain building and revocation checking, path validation and discovery. Windows XP Service Pack 3 adds SHA-2 hashing algorithms (SHA256, SHA384 and SHA512) to the CryptoAPI for validating X.509 certificates.