- Optimistically treat failures as transient and continue to use any existing cached key ring for a short period of time
- Updates to the key ring shouldn't block other threads; they can use the outdated version while waiting for the update
This key is used if there is no preferred default key and the developer has disabled automatic key generation. This will keep the service from falling over if the keys are not rolled and they all expire.
- Move IDataProtectionProvider, IDataProtector, and extension methods to their own package
- Simplify the APIs for registering and configuring the system
- Default implementation now auto-detects capabilities of OS
- Use EncryptedXml for X.509 certificate-based encryption
- Add ability to escrow secret material upon key creation
- Use centralized system policy for default algorithm selection
- Simplify System.Web compatibility layer
- Add unit tests, logging, and doc comments throughout solution
Levi B