Known issues and limitations

Known issues

  • Interopability:
    Installation of Net iD Client will remove Net iD Enterprise. They may be installed in parallel, but the current default package will replace to allow for better detection of missing functionality when used with different applications.

  • PKCS#11 location:
    The PKCS#11 library is renamed netid.dll/libnetid.so/libnetid.dylib, so applications loading the PKCS#11 library need to be updated and/or reconfigured.

  • PKCS#11 CK_ULONG:
    The PKCS#11 library will use 32-bits CK_ULONG on 64-bits Windows. This behavior is consistent with Mozilla and Java, so will remove the need for the special built library delivered with Net iD Enterprise.

  • Plugin ActiveX:
    Plugin used as ActiveX component will be identified by GUID:

    • {5BF56AD2-E297-416E-BC49-00B327C4428E} - Net iD Client

    • {5BF56AD2-E297-416E-BC49-00B327C4426E} - Net iD Enterprise Customers using the _netid.js file to access plugin will continue to work without and changes needed. Customers loading ActiveX direct will need to update to the new GUID. Customers should start using _netid-ng.js, since will also handle web-extensions to allow use of the plugin in other web-browsers (Chrome/Firefox/Edge/etc).

Known limitations

  • Special characters:
    The comma character "," is not allowed to be used in attributes for Subject RDN, Subject AltName or Issuer RDN, i.e., Title in Subject RDN. Since this character is used as delimiters there are in practice too many possible problems with implementations that cannot seperate the use of commas as characters from the use as delimiters.

  • ECC (Elliptic-Curve Cryptography):
    The ECC algoritms are fully implemented in PKCS#11, Plugin and MiniDriver, but are not available in CSP (not allowed by Microsoft), KSP (not implemented) and CryptoTokenKit (not implemented). The ECC algorithms are fully implemented for soft tokens. The ECC algorithms are fully implemented for some smart cards. Most smart cards lack the support, but missing implementation for some of the smart cards that have the support. The ECC algorithms are not implemented for TPM tokens.

  • Existing Soft Tokens:
    Net iD Client will totally ignore any soft tokens from Net iD Enterprise. This is by design for security reasons. Net iD Enterprise may allow export of soft tokens, depending on the issuing environment. Export of soft tokens is considered bad behavior, since allow for theft of the credential. Net iD Client will never allow export of soft tokens and consider all soft tokens from Net iD Enterprise as unsecure.

  • CryptoTokenKit:
    CryptoTokenKit replaces Tokend on macOS. Apple require this component to use the macOS smart card reader support and it is unfortunately not as stable as PC/SC Lite, please contact our support for more information.