Re: [Fed-Talk] CAC Setup on Intel MACs (additional step)
Re: [Fed-Talk] CAC Setup on Intel MACs (additional step)
- Subject: Re: [Fed-Talk] CAC Setup on Intel MACs (additional step)
- From: "Shawn A. Geddis" <email@hidden>
- Date: Mon, 8 Oct 2007 11:51:57 -0400
On Oct 8, 2007, at 11:35 AM, Timothy J. Miller wrote:
On Oct 8, 2007, at 10:27 AM, Shawn A. Geddis wrote:
Using PKCS#11 applications on Mac OS X 10.4.0 and later is no
longer the preferred or integrated abstraction for Smart Cards. Be
aware that in future versions of Mac OS X, PKCS#11 support may not
ship on the product and may not be supported by AppleCare.
This is a mistake. PKCS#11 is still the only formal standard API
with wide acceptance for applications wishing to plug-in smartcard
support.
-- Tim
Tim et. al.,
Using PKCS#11 applications on Mac OS X 10.4.0 and later is no longer
the preferred or integrated abstraction for Smart Cards.
Allow me to further clarify my statement, since Tim's response points
out that it may easily be misunderstood by some.
Let me try this again:
From Apple's perspective, using the PKCS#11 abstraction layer has
repeatedly proved to be an inadequate abstraction for Smart Card
integration _On Mac OS X_. Starting with Mac OS X 10.4.0 and later,
PKCS#11 is no longer Apple's preferred or integrated abstraction for
Smart Cards. All installation, configuration and management of
PKCS#11 services are the responsibility of the end-user. Be aware
that in future versions of Mac OS X, PKCS#11 support may not ship on
the product and may not be supported by AppleCare.
Whereas, the integrated Smart Card Services (tokend) in Mac OS X
10.4.0 and later provided by Apple also includes out-of-box support
for US Federal Smart Cards meeting the CAC/GSC-IS specifications.
Built-in PIV support is coming with the release of 10.5 - "Leopard".
- Shawn
____________________________________________________
Shawn Geddis Security Consulting Engineer Apple Enterprise
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden