Security Considerations for Implementers

Mechanisms of trust depend on secure initialization. [MS-LSAD] describes the secure trust creation system that is used by Active Directory. In this system, all creation and manipulation of TDOs takes place over a secure session transport, where the client has been authenticated, and sensitive trust information is not sent in the clear. Keys used for trust secrets are sufficiently strong to disallow brute force attacks on the cryptographic material used in cross-domain protocols.