Does anyone know how/if you can lock down the use of the "New ID..." feature when selecting what Certificate to sign with. In our enviroment, we do not use any CA or signature validation features. The default option is the certificate on our users smart cards, but they still have the option to create a new ID/Certificate. When the windows certificate store option is used, The signature and certificate pass all the validation checks avialable in the Adobe suite. This means, to the untrained eye, every certifcate used to sign a field in a PDF will apprear valid as long as the data has not failed any of the security checks mentioned above.
I have done sveral hours of open source research and can not find a way to lock down that feature or to limit the available certifcate import options so our users would be forced to only use the certificate on their smart cards. Any security tips would be appreciated.