Friday, July 30, 2004

Compelling replacement for CVS (Subversion)...

For the folks that have come to love CVS, here's the latest Source Control kid on the block: Subversion ( Actually, it was written from scratch to address all of CVS' shortcomings and the end result is a great product that simply works great!!!
Make sure that you read the the excellent tutorial ( first. Also check out the Tortoise plugin ( and the VS.NET SCC plugin (
The bottom line here is that if you are using CVS right now and feel that it's a bit archaic, it's time to switch. I would say that if you don't think so, there are compelling reasons to give Subversion a look.

Vote for my Whidbey X509CertificateEx bug...

The MS folks have done an excellent job in System.Security.Crytography but an surprising omission is the lack of an option to export the entire trust chain. The enumerations (X509IncludeOption) are already available and are used in other places, but aren't supported by X509CertificateEx .

This means that if a X509Certificate is exported, it won't have the entire trust chain that can traced back to the Root CA. This means that if you use this mechanism to say export your (WSE) signature / encryption certificate, you will have to go the additional process of manually exporting the trust chain and installing it on the remote machine.

This can be especially painful if you are trying to automate the entire deployment process. So please take a moment and let them know that it's important to get this bug fixed....


Whidbey Sytem.Security.Cryptography enhancements...

Hi folks, This is my very first blog entry. Pardon the number of exclamation marks in this post, but I downloaded Beta 1 of VS.NET a few weeks ago and but the improvements in System.Security.Cryptography are simply amazing!!! Here's a partial list of enhancements (this part is not everyone's cup of Framework :):
X509CertificateEx extends the X509Certificate class and lots of new properties like PrivateKey, Thumbprint, Extended Key Usage etc.
X509Store allows you to browse cert stores and even add and remove certs!!! Well, arguably WSE 1.0/2.0 gave you the browse features, but this is much more!!!
There's complete support for CMS, meaning there's not need to muck around with CAPI for signed / enveloped messages etc.!!! Granted, CAPICOM was easier, but I would rather do things w/o having to resort to a RCW and have to deal with some of the nasty bugs (like Decrypt problems when dealing w/ string data)
Support for ASN1 encoded data!!!
Ability to generate PKCS12/PFX files from certificates!!!