[Mono-devel-list] Corlib feature survey (security stuff)
spouliot at videotron.ca
Thu Aug 7 22:56:57 EDT 2003
> * DSACryptoServiceProvider, PasswordDeriveBytes,
> RNGCryptoServiceProvider, RSACryptoServiceProvider: 4 TODOs
> * SignatureDescription: one TODO constructor
- DSA|RSACryptoServiceProvider: missing key persistance
My plan is to get something modular (configurable in machine.config)
? anyone has an idea how to protect the keypairs (user/machine) under
- PKCS#5 derivation is implemented (including MS extensions)
? CryptDeriveBytes calls the specified CSP (mostly proprietary) algorithms
- RNGCryptoServiceProvider: lots of constructor for seeding the RNG
? I don't think that /dev/[u]random requires application seeding (but it
may be supported)
? The current RNG (residing in the runtime) doesn't work on Windows
- SignatureDescription: construct from XML (SecurityElement)
? I don't know the required format (undocumented anywhere on the Internet)
? There's no way to GET a XML representation of SignatureDescription from
> * X509Certificates: one TODO (CreateFromSignedFile)
- Code already exists to do this but requires some refactoring (and MUCH
more error checks).
Note: Most of the System.Security.Cryptography limitations are documented in
> * lots of types missing IBuiltinPermission (no docs)
> * missing CreatePermission methods in attributes.
> * FromXml and ToXml marked TODO in multiple Permissions.
Duncan and me commited many patches (IBuiltInPermission and From/ToXml)
recently (not visible on the status page yet). But there are still some
missing methods (and stubbed ones). Many classes don't have unit tests right
> * 7 missing types, PermissionRequestEvidence, Site,
> SiteMembershipCondition, StrongNameMembershipCondition,
> UnionCodeGroup, Url, UrlMembershipCondition,
> * missing IConstantMembershipCondition in Condition classes, no
> * PolicyLevel: needs impl.
Duncan did add much code lately in the Policy namespace.
Unit tests are also lagging in this area.
> * Missing WindowsPrincipal.
> * WindowsIdentity: only stubs.
> * WindowsImpersonationContext: only stubs
This is very Windows-related. I don't know enough on Linux to implement
> * we have nothing, no docs either.
Neither I :-(
but that's probably only internal stuff that we do not require to
Security Architect, Motus Technologies, http://www.motus.com/
work: spouliot at motus.com
home: spouliot at videotron.ca
More information about the Mono-devel-list