Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Common Access Cards with Entourage 2004 and Tiger

On May 3, 2005, at 4:45 PM, Brian Cadwell wrote:

A note for those of you trying to sign mail messages with Mail.app and your CAC (just PKI really). My understanding is that for SMIME support Mail.app
assumes that everything to the right of the @ symbol on your address is case sensitive. So if your account address is entered into Mail.app in all lower
case letters, but your CAC email address was entered all in capitol letters (like mine was), Mail.app will *appear* to not see your certificates. In fact there is no indication of any kind of problem. Apparently this behavior is the result of strict adherence to the RFC #822, which does indeed indicate that the local-part of the address requires case preservation. Hard to argue with that, but I'm not aware of any other client that works like this, so users are bound to be confused... I know I was.


It is good Brian brought this up, but I need to correct just one point noted in his message to ensure that there is no confusion....

My understanding is that for SMIME support Mail.app assumes that everything to the right of the @ symbol on your address is case sensitive. 


Actually, it is everything to the _left_ of the _@_ symbol......

                                email@hidden     
does not equal    
                                email@hidden

when used with a Signing Certificate with an email address.

It is not that Mail.app _assumes_ it is that the OS is strictly enforcing the RFC.  Remember that Mac OS X / Mac OS X Server is provides an OS-based PKI rather than the more problematic approach of PK-Enabling each application.  A perfect example of this is the recent discussion we have been having with Entourage 2004 automatically getting Smart Card Support from Tiger without Microsoft modifications needed.  This provides a more stable, secure and forward thinking architecture.

-Shawn
___________________________________________
Shawn Geddis                 
Security Consulting Engineer
Apple Computer - US Federal Government

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/fed-talk/email@hidden

This email sent to email@hidden
References: 
 >Re: [Fed-Talk] Common Access Cards with Entourage 2004 and Tiger (From: Brian Cadwell <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.