Yubico Forum
https://forum.yubico.com/

Question Regarding minidriver announcement.
https://forum.yubico.com/viewtopic.php?f=35&t=2772
Page 1 of 1

Author:  My1 [ Wed Nov 01, 2017 11:32 am ]
Post subject:  Question Regarding minidriver announcement.

I see that the minidriver completely changes how windows sees the smartcard, but wouldnt it be possible that both ways can be used in the following way:

1) the PIV Manager maintains the container map meeded for container mode on the Yubi properly
2) otherwise the slots work as normal when the card is accessed like a slot based card

regarding 1) in newer yubikey versions coulnt the yubi itself maintain the map while being accessed in slot-mode?

essentially the yubi would have the up to 4 certs in their slots, but each slot is properly listed in the container map.

when creating/importing a key/Cert the user would have to decide whether to use them in a slot for cross-platform or not (only for use with specific applications like windows).

Author:  mainpony [ Wed Nov 01, 2017 11:44 pm ]
Post subject:  Re: Question Regarding minidriver announcement.

The above are very good questions, and hopefully they'll get answers from Yubico.

I'll add two rhetorical questions that probably won't get an answer from Yubico:

1. Why was the announcement made over a month after they pushed out the driver that broke PIV (as it has existed thus far) for everyone?

2. Why did Yubico force-push this update from WU knowing that it would break PIV on Windows for all existing users?

Yubico is certainly lucky that their competition in the USB smartcard space (and smartcard space in general) is generally so terrible that this display of arrogance and utter disregard for their users disappears into the noise. Hopefully competitors will appear in the near future.

Author:  My1 [ Wed Nov 01, 2017 11:59 pm ]
Post subject:  Re: Question Regarding minidriver announcement.

true, I really hope that there will someday be more USB-smartcards, because they just work, no readers and stuff needed plugin and lets go that was one reason why I got a yubi in the first place.

but then again it's not much different in how twitter totally broke their social sign in so users now always have to click though, for the excuse that users can better see what permissions are needed and stuff although from a practical side the opposite is going to happen since the user will just always click through (or just stop using the service)

and the reaction of the forum mod was hilarious, we should use an old token to verify the identity which doesnt even make sense, as we 1) dont know who we are talking about in the first place and 2) that old token wont tell us whether that twitter user is signed in at the browser atm.

Author:  maggis [ Wed Jan 17, 2018 10:44 am ]
Post subject:  Re: Question Regarding minidriver announcement.

What offends me most, is that the exact update name/KB has never been listed anywhere that I can find.

So how can I un-approve it in WSUS??

Author:  My1 [ Wed Jan 17, 2018 11:31 am ]
Post subject:  Re: Question Regarding minidriver announcement.

maggis wrote:
What offends me most, is that the exact update name/KB has never been listed anywhere that I can find.

So how can I un-approve it in WSUS??


are drivers even KBs?

iirc drivers are a bit different than normal updates.

Author:  ChrisHalos [ Wed Jan 17, 2018 7:34 pm ]
Post subject:  Re: Question Regarding minidriver announcement.

Blocking the minidriver from installing is covered in the deployment guide, page 32 (last page). No, it's not part of a KB.

https://www.yubico.com/wp-content/uploa ... 7_RevB.pdf

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/