• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
[Fed-Talk] Entourage and LDAP PKI Certificates
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fed-Talk] Entourage and LDAP PKI Certificates

  • Subject: [Fed-Talk] Entourage and LDAP PKI Certificates
  • From: Joshua Krage <email@hidden>
  • Date: Thu, 2 Nov 2006 11:03:50 -0500
  • Mail-followup-to: email@hidden, Andy Ruff <email@hidden>
Feedback on Entourage I just submitted via the Product Feedback site.  I'm
providing y'all a copy to solicit additional support for what is an
increasing problem for us.

I'm finding that Entourage is the only Mac-enabled email client that
includes the built-in certificate lookup from LDAP.  Apple Mail will only
use certificates already in the keychain.  Thunderbird doesn't do
certificate lookups.  I haven't tried Evolution.

 -=-=-=-=-

I am very pleased that Entourage as native LDAP lookup which includes X509v3
certificate downloads.  However, there are two issues that are causing
increasing pain when using Entourage for SMIME-encrypted email using a
LDAP-queried certificate:

  a) Names returned from lookups, frequently from Exchange server, are
     presented in "Lastname, Firstname".  The subsequent Entourage LDAP
     lookup for a certificate doesn't unroll the name, so many lookups fail.
     Manually changing the name to "Firstname Lastname" works, but is
     extremely annoying (see next item).

  b) Entourage sends quotes in the name-based LDAP certificate lookup.
     Ex. "John B. Doe" is sent, with quotes.  If the name is "John Doe",
     Entourage will allow manual removal of the quotes, allowing the lookup
     to proceed properly.  Annoying, but possible.  However, if the name is
     more complex than two strings, ex. "John B. Doe", then Entourage
     /forces/ the addition of quotes.  e.g. John B. Doe becomes "John B.
     Doe".  Removing the quotes manually leads immediately to Entourage
     re-adding them.

  c) I wish there was an easier way to override the email address used after
     a lookup has been completed.  With the built-in name overrides, and
     with a multiple match situation, it is hard to force the lookup of a
     certificate you know exists since Entourage resists changing lookup
     information it "knows".

--
------------------------------------------------------------------------
F. Joshua Krage, CISSP                       Code 700, Office of the CIO
email@hidden                  IT and Communications Directorate
Chief Information Security Officer      NASA Goddard Space Flight Center
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: [Fed-Talk] DoD Root Certificates
  • Next by Date: [Fed-Talk] Re: FTC SOA project case study in eWeek
  • Previous by thread: Re: [Fed-Talk] DoD Root Certificates
  • Next by thread: [Fed-Talk] Re: FTC SOA project case study in eWeek
  • Index(es):
    • Date
    • Thread