Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:23 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Wed Nov 01, 2017 11:32 am 
Offline

Joined: Tue Feb 02, 2016 9:23 pm
Posts: 58
I see that the minidriver completely changes how windows sees the smartcard, but wouldnt it be possible that both ways can be used in the following way:

1) the PIV Manager maintains the container map meeded for container mode on the Yubi properly
2) otherwise the slots work as normal when the card is accessed like a slot based card

regarding 1) in newer yubikey versions coulnt the yubi itself maintain the map while being accessed in slot-mode?

essentially the yubi would have the up to 4 certs in their slots, but each slot is properly listed in the container map.

when creating/importing a key/Cert the user would have to decide whether to use them in a slot for cross-platform or not (only for use with specific applications like windows).


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Nov 01, 2017 11:44 pm 
Offline

Joined: Fri Oct 13, 2017 5:31 pm
Posts: 6
The above are very good questions, and hopefully they'll get answers from Yubico.

I'll add two rhetorical questions that probably won't get an answer from Yubico:

1. Why was the announcement made over a month after they pushed out the driver that broke PIV (as it has existed thus far) for everyone?

2. Why did Yubico force-push this update from WU knowing that it would break PIV on Windows for all existing users?

Yubico is certainly lucky that their competition in the USB smartcard space (and smartcard space in general) is generally so terrible that this display of arrogance and utter disregard for their users disappears into the noise. Hopefully competitors will appear in the near future.


Top
 Profile  
Reply with quote  
PostPosted: Wed Nov 01, 2017 11:59 pm 
Offline

Joined: Tue Feb 02, 2016 9:23 pm
Posts: 58
true, I really hope that there will someday be more USB-smartcards, because they just work, no readers and stuff needed plugin and lets go that was one reason why I got a yubi in the first place.

but then again it's not much different in how twitter totally broke their social sign in so users now always have to click though, for the excuse that users can better see what permissions are needed and stuff although from a practical side the opposite is going to happen since the user will just always click through (or just stop using the service)

and the reaction of the forum mod was hilarious, we should use an old token to verify the identity which doesnt even make sense, as we 1) dont know who we are talking about in the first place and 2) that old token wont tell us whether that twitter user is signed in at the browser atm.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 17, 2018 10:44 am 
Offline

Joined: Mon Sep 05, 2016 7:30 am
Posts: 11
What offends me most, is that the exact update name/KB has never been listed anywhere that I can find.

So how can I un-approve it in WSUS??


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 17, 2018 11:31 am 
Offline

Joined: Tue Feb 02, 2016 9:23 pm
Posts: 58
maggis wrote:
What offends me most, is that the exact update name/KB has never been listed anywhere that I can find.

So how can I un-approve it in WSUS??


are drivers even KBs?

iirc drivers are a bit different than normal updates.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 17, 2018 7:34 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
Blocking the minidriver from installing is covered in the deployment guide, page 32 (last page). No, it's not part of a KB.

https://www.yubico.com/wp-content/uploa ... 7_RevB.pdf


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group