Re: [Fed-Talk] CAC on the Mac - AIA?
Re: [Fed-Talk] CAC on the Mac - AIA?
- Subject: Re: [Fed-Talk] CAC on the Mac - AIA?
- From: "Shawn A. Geddis" <email@hidden>
- Date: Mon, 11 Feb 2008 12:05:47 -0500
On Feb 11, 2008, at 11:39 AM, Paul Nelson wrote:
It was very hard for me to explain to the Apple folks why this is a
requirement for the US Military. I really don't know if they "get"
it yet. It certainly is not a priority for them, as it would not be
difficult for them to implement. The underlying CSSM architecture
already supports using a specific OCSP responder. They just need to
add the UI and update the Apple trust policy to use it.
Paul Nelson
Thursby Software Systems, Inc.
Paul,
Not exactly a true or fair statement to be making about Apple.
Apple does understand the DoD request which was actually submitted to
radar by you. It is a bit unfortunate you make statements that "you
don't know if Apple 'gets it yet' " especially considering you have
also spoken directly to me about this particular situation.
It is true that currently Mac OS X does not provide the ability to
configure for "alternate OCSP responders", but that does not reflect
on the lack of understanding by Apple. "Just add the UI and update
the Apple Trust Policy" is not exactly something you do on a weekend
whim. Apple takes considerable care in *integration* of enhancements
and fixing bugs. There are considerably more factors at play when
doing so in an Operating System.
Customers/developers should also know that the integration of CDSA
does currently prevent third-party developers from overriding this and
providing a workaround in the interim. I continue to help drive
resolution to these kinds of requests/needs as appropriate.
- Shawn
_____________________________________________________
Shawn Geddis Security Consulting Engineer Apple Enterprise
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden