Re: [Fed-Talk] New Email Requirement
Re: [Fed-Talk] New Email Requirement
- Subject: Re: [Fed-Talk] New Email Requirement
- From: Paul Nelson <email@hidden>
- Date: Wed, 16 Aug 2006 11:20:44 -0500
- Thread-topic: [Fed-Talk] New Email Requirement
>From talks with Apple, they don't have plans to implement the same kind of
OCSP that Tumbleweed does on client desktop systems.
I did talk with a number of Apple's engineers at WWDC, and explained why
this is important for the military. They were receptive, so we might see
something in the future. There is an API for using an OCSP responder in
Tiger, but it is private, and does not work properly.
on 8/16/06 9:09 AM, Timothy J. Miller at email@hidden wrote:
> Now, OS X from Jaguar (I think) onwards supports OCSP, but it doesn't
> work with the existing constraints of the DoD PKI. Most importantly, OS
> X OCSP support relies on the OCSP service URL being in the certificate
> itself (in the authorityInformationAccess extension) which the DoD PKI
> didn't start using until *very* recently. It also doesn't obey the
> system proxy settings (despite the fact that OCSP uses HTTP as its
> transport). I'm also not certain if OS X OCSP supports the trust model
> the DoD PKI is using for OCSP, but given the first two problems this
> becomes 1) difficult for me to test, and 2) irrelevant anyway. :/
>
> I'm hoping these are going to be (finally) addressed in Leopard, but
> I've not gotten my hands on a seed yet. Hint hint, Shawn.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden