[Fed-Talk] Entourage and LDAP PKI Certificates
[Fed-Talk] Entourage and LDAP PKI Certificates
- Subject: [Fed-Talk] Entourage and LDAP PKI Certificates
- From: Joshua Krage <email@hidden>
- Date: Thu, 2 Nov 2006 11:03:50 -0500
- Mail-followup-to: email@hidden, Andy Ruff <email@hidden>
Feedback on Entourage I just submitted via the Product Feedback site. I'm
providing y'all a copy to solicit additional support for what is an
increasing problem for us.
I'm finding that Entourage is the only Mac-enabled email client that
includes the built-in certificate lookup from LDAP. Apple Mail will only
use certificates already in the keychain. Thunderbird doesn't do
certificate lookups. I haven't tried Evolution.
-=-=-=-=-
I am very pleased that Entourage as native LDAP lookup which includes X509v3
certificate downloads. However, there are two issues that are causing
increasing pain when using Entourage for SMIME-encrypted email using a
LDAP-queried certificate:
a) Names returned from lookups, frequently from Exchange server, are
presented in "Lastname, Firstname". The subsequent Entourage LDAP
lookup for a certificate doesn't unroll the name, so many lookups fail.
Manually changing the name to "Firstname Lastname" works, but is
extremely annoying (see next item).
b) Entourage sends quotes in the name-based LDAP certificate lookup.
Ex. "John B. Doe" is sent, with quotes. If the name is "John Doe",
Entourage will allow manual removal of the quotes, allowing the lookup
to proceed properly. Annoying, but possible. However, if the name is
more complex than two strings, ex. "John B. Doe", then Entourage
/forces/ the addition of quotes. e.g. John B. Doe becomes "John B.
Doe". Removing the quotes manually leads immediately to Entourage
re-adding them.
c) I wish there was an easier way to override the email address used after
a lookup has been completed. With the built-in name overrides, and
with a multiple match situation, it is hard to force the lookup of a
certificate you know exists since Entourage resists changing lookup
information it "knows".
--
------------------------------------------------------------------------
F. Joshua Krage, CISSP Code 700, Office of the CIO
email@hidden IT and Communications Directorate
Chief Information Security Officer NASA Goddard Space Flight Center
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden