2.8 pKIDefaultCSPs Attribute

The pKIDefaultCSPs attribute is a list of cryptographic service providers (CSPs) that are used to create the private key and public key.<10>

Each list element MUST be in the following format:

intNum, <strCSP>

where intNum is an integer that specifies the priority order in which the system administrator wants the client to use the CSPs listed, and <strCSP> is the CSP name.

The implication of this list of CSPs is that any one of the listed CSPs is acceptable to the system administrator but that a preference is indicated by the value of intNum if a client has more than one of those CSPs. The security implications of violating this expressed priority are up to the system administrator who established that priority ranking to determine and to document.

For schema details of this attribute, see [MS-ADA3] section 2.96.