When viewing the properties of a Certificate Template, under the Request Handling tab, what is the purpose of the check box "Include symmetric algorithms allowed by the subject."?This is what the help for Certificate Templates snap-in says:"When the subject requests the certificate, they can supply a list of supported symmetric algorithms. This option allows the issuing certification authority to include those algorithms in the certificate, even if they are not recognized or supported by that server. The algorithms are commonly used by applications like Encrypting File System (EFS) or secure e-mail."I am using an SMIME certificate to send encrypted e-mail, so I am looking for some more specific information about symmetric algorithms & this check box.Thank you.-TG23

Hi, Generally speaking, certificate is based on asymmetric algorithms to get better security and symmetric algorithms were not recorded in certificates. As the Help Document explains, Email applications need to use symmetric algorithms to generate "one-time symmetric session key" to encrypt email message. If there is no information about symmetric algorithms used by the sender, the receiver may not handle email correctly. For more information about how S/MIME certificate was used, please refer to the following articles. Understanding Digital Certificates http://technet.microsoft.com/en-us/library/bb123848(EXCHG.65).aspx Understanding Public Key Cryptography http://technet.microsoft.com/en-us/library/aa998077(EXCHG.65).aspx Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Symmetric algorithms rely on a public key which makes it vulnerable to a man in the middle attack. Asymmetric algorithms include a private key (RSA) which ensures a three way authentication.Information is the most valuable commodity I know off.