I recently set up the Exchange 2000 Server Key Management Service (KMS) to prototype our deployment of Exchange advanced security. I was surprised to discover that the KMS is issuing certificates that users can employ for encryption and digital signatures, even though I specified that I wanted an encryption-only key. Why is this discrepancy occurring?

A bug is responsible. X.509 version 3 certificates contain bits that specify what the certificate can be used for. Windows 2000 supports a range of these capability indicators so that you can use Win2K Certificate Services to issue certificates that users can employ for, say, the Encrypting File System (EFS) but not for signing email. Unfortunately, the Exchange 2000 KMS doesn't turn off the signature bit when you request an encryption-only certificate.