Re: [Fed-Talk] Common Access Cards with Entourage 2004 and Tiger
Re: [Fed-Talk] Common Access Cards with Entourage 2004 and Tiger
- Subject: Re: [Fed-Talk] Common Access Cards with Entourage 2004 and Tiger
- From: Shawn Geddis <email@hidden>
- Date: Tue, 10 May 2005 10:35:39 -0400
On May 3, 2005, at 4:45 PM, Brian Cadwell wrote: A note for those of you trying to sign mail messages with Mail.app and your CAC (just PKI really). My understanding is that for SMIME support Mail.app assumes that everything to the right of the @ symbol on your address is case sensitive. So if your account address is entered into Mail.app in all lower case letters, but your CAC email address was entered all in capitol letters (like mine was), Mail.app will *appear* to not see your certificates. In fact there is no indication of any kind of problem. Apparently this behavior is the result of strict adherence to the RFC #822, which does indeed indicate that the local-part of the address requires case preservation. Hard to argue with that, but I'm not aware of any other client that works like this, so users are bound to be confused... I know I was.
It is good Brian brought this up, but I need to correct just one point noted in his message to ensure that there is no confusion....
My understanding is that for SMIME support Mail.app assumes that everything to the right of the @ symbol on your address is case sensitive.
Actually, it is everything to the _left_ of the _@_ symbol......
does not equal email@hidden
when used with a Signing Certificate with an email address.
It is not that Mail.app _assumes_ it is that the OS is strictly enforcing the RFC. Remember that Mac OS X / Mac OS X Server is provides an OS-based PKI rather than the more problematic approach of PK-Enabling each application. A perfect example of this is the recent discussion we have been having with Entourage 2004 automatically getting Smart Card Support from Tiger without Microsoft modifications needed. This provides a more stable, secure and forward thinking architecture.
-Shawn ___________________________________________ Shawn Geddis Security Consulting Engineer Apple Computer - US Federal Government |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden