[Fed-Talk] RE: Fed-talk Digest, Vol 5, Issue 135
[Fed-Talk] RE: Fed-talk Digest, Vol 5, Issue 135
- Subject: [Fed-Talk] RE: Fed-talk Digest, Vol 5, Issue 135
- From: "Souvannavong, Prixa (HM2)" <email@hidden>
- Date: Wed, 14 May 2008 08:07:28 -0400
- Thread-topic: Fed-talk Digest, Vol 5, Issue 135
Does any one no where I can find a current directions on how to install
a CAC card reader on tiger?
-----Original Message-----
From: fed-talk-bounces+prixa.souvannavong=email@hidden
[mailto:fed-talk-bounces+prixa.souvannavong=email@hidden
] On Behalf Of email@hidden
Sent: Monday, May 12, 2008 11:09 AM
To: email@hidden
Subject: Fed-talk Digest, Vol 5, Issue 135
Send Fed-talk mailing list submissions to
email@hidden
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.apple.com/mailman/listinfo/fed-talk
or, via email, send a message with subject or body 'help' to
email@hidden
You can reach the person managing the list at
email@hidden
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Fed-talk digest..."
Today's Topics:
1. Re: Forcing Safari to use Email Cert (Billy Lenox)
2. Re: Forcing Safari to use Email Cert (Timothy J Miller)
----------------------------------------------------------------------
Message: 1
Date: Mon, 12 May 2008 09:32:55 -0500
From: Billy Lenox <email@hidden>
Subject: Re: [Fed-Talk] Forcing Safari to use Email Cert
To: FedTalk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
Classification: UNCLASSIFIED
Caveats: NONE
If this is possible someone really needs to let others know this. the
AFC Control was a hack to hide the Identity Certificate but then made
other websites stop working correctly.
Safari just needs to be fixed to allow the user to select which
certificate if it does not find the right one to use.
Following this by Timothy Miller : "Set an identity preference on your
email signing cert. Right click on it in Keychain, select "New Identity
Preference" and fill in the dialog for your OWA site" Does nothing but
causes Keychains and or Safari to Crash. Doing this is still a kludge.
Users should not have to do this at all. I wished there was better steps
then this. Multiple people use the Same machine (not at the same time)
but doing this for everyone just does not work.
Apple just needs to make it better for the Users and Add the Ask to
Choose Certificate.
Billy Lenox
COLSA Corporation
U.S. Army Aviation & Missile Research, Development, and Engineering
Command (AMRDEC) System Support Engineer AMSRD-AMR-SS-AT Building 5400
Room E-330-A
256.842.9547 (Phone)
email@hidden
Hackers are not just outside your network hacking to the inside, they
are also inside your network as well. - Billy Lenox
Classification: UNCLASSIFIED
Caveats: NONE
On May 12, 2008, at 8:41 AM, Mike Jackson wrote:
I don't run Leopard BUT isn't there a new preference setting in KeyChain
Access where you can tie a specific cert to a specific web site?
--
Mike Jackson Senior Research Engineer
Innovative Management & Technology Services
On May 12, 2008, at 9:32 AM, Billy Lenox wrote:
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> That software has problems with Leopard and does not fix the problems
>
> Billy
>
> Billy Lenox
> COLSA Corporation
> U.S. Army Aviation & Missile Research, Development,
> and Engineering Command (AMRDEC)
> System Support Engineer
> AMSRD-AMR-SS-AT
> Building 5400 Room E-330-A
> 256.842.9547 (Phone)
>
> email@hidden
>
> Hackers are not just outside your network hacking to the inside,
> they are also inside your network as well. - Billy Lenox
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
>
> On May 12, 2008, at 8:28 AM, Mike Jackson wrote:
>
> http://lists.apple.com/archives/Fed-talk/2007/Jan/msg00076.html
>
> --
> Mike Jackson Senior Research Engineer
> Innovative Management & Technology Services
>
>
> On May 12, 2008, at 8:32 AM, Moore, Michael - McLean [USA] wrote:
>
>> If you're a ADC member, I would suggest filing a bug at http://
>> bugreport.apple.com/ . These get reviewed and assigned. If lots
>> of bugs get assigned there, they will definitely take notice. If
>> you're not an ADC member, you can sign up at http://
>> developer.apple.com/ for free.
>>
>> -Michael
>>
>> __________________________________
>> Michael A. Moore :: office (703) 377-0949
>>
>>
>> From: fed-talk-bounces+moore_michael=email@hidden
>> [mailto:fed-talk-bounces+moore_michael=email@hidden] On
>> Behalf Of Billy Lenox
>> Sent: Monday, May 12, 2008 7:33 AM
>> To: FedTalk
>> Subject: Re: [Fed-Talk] Forcing Safari to use Email Cert
>>
>>
>> Classification: UNCLASSIFIED
>> Caveats: NONE
>>
>> Dan
>>
>> I agree with you. The Actual problem is with Safari. I do not know
>> why they can't have Safari Ask you to find the Right Certificate.
>> The problem has been the Same in All Versions of the OS.
>> Our Army Base here is asking for the EMAIL Certificate not the
>> Identity Certificate. Safari just does not know to goto the Email
>> Certificate on your CAC. Everyone in the Armed-forces Community needs
>> to goto http://www.apple.com/feedback/macosx.html
>>
>> Maybe Apple might get the hint to make that a feature like it is
>> in Internet Explorer, FireFox and Mozilla Browsers. If they did it
>> would fix alot of problems with the CAC.
>>
>> Billy Lenox
>> COLSA Corporation
>> U.S. Army Aviation & Missile Research, Development,
>> and Engineering Command (AMRDEC)
>> System Support Engineer
>> AMSRD-AMR-SS-AT
>> Building 5400 Room E-330-A
>> 256.842.9547 (Phone)
>>
>> email@hidden
>>
>> Hackers are not just outside your network hacking to the inside,
>> they are also inside your network as well. - Billy Lenox
>>
>> Classification: UNCLASSIFIED
>> Caveats: NONE
>>
>>
>> On May 11, 2008, at 10:10 AM, Dan Morrison wrote:
>>
>> This is certainly what I've found - I've tried the various
>> suggestions folks have made (trust settings, certificate
>> preferences, etc) and none have worked. I do appreciate all the
>> suggestions and explanation as to how the handshaking between OWA
>> and Safari works (or doesn't).
>>
>> Dan
>>
>> William G. Cerniuk wrote:
>>> There seems to be general keychain problems in Leopard with the
>>> "trust" settings not working consistently or at all depending on
>>> the day.
>>> In tiger they worked fine but in leopard, adding certs to the
>>> keychain seems to be an exercise in futility.
>>> V/R,
>>> Wm.
>>> Sent from my iPhone
>>> On May 9, 2008, at 23:40, Dan Morrison <email@hidden> wrote:
>>>> I am trying to access Outlook Web Access on Leopard, and I'm 99%
>>>> sure that it is not working because Safari is using my identify
>>>> cert instead of my email cert. I've imported the root CAs into
>>>> my keychain, and all 3 CAC certs show up in Keychain as valid.
>>>> I've gone into the trust settings for the email certs, and set
>>>> them trusted for all uses. I've gone into the identify cert and
>>>> set it not trusted for all uses. OWA still does not work. When
>>>> I go to the my.af.mil site (which uses the identity cert), it
>>>> still works, which leads me to believe that all my trusting and
>>>> not trusting didn't do a whole lot. How can I force Safari not
>>>> to use the identity cert for a particular site (or at all)?
>>>>
>>>> As an aside, why can't Apple modify Safari to toss up a dialog
>>>> and let you choose a cert for yourself? Does anyone know the
>>>> rationale behind hiding this decision from the user?
>>>>
>>>> Thanks,
>>>> Dan
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Fed-talk mailing list (email@hidden)
>>>> Help/Unsubscribe/Update your Subscription:
>>>>
>>>> This email sent to email@hidden
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> 40gmail.com
>>
>> This email sent to email@hidden
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.apple.com/mailman/private/fed-talk/attachments/20080512/1f9
caf29/attachment-0001.html
------------------------------
Message: 2
Date: Mon, 12 May 2008 10:07:13 -0500
From: Timothy J Miller <email@hidden>
Subject: Re: [Fed-Talk] Forcing Safari to use Email Cert
To: Billy Lenox <email@hidden>
Cc: FedTalk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
On May 12, 2008, at 9:32 AM, Billy Lenox wrote:
> Following this by Timothy Miller : "Set an identity preference on
> your email signing cert. Right click on it in Keychain, select "New
> Identity Preference" and fill in the dialog for your OWA site" Does
> nothing but causes Keychains and or Safari to Crash.
This is new in 10.5.2; worked in 10.5.1 when I last needed to hit DoD
OWA from my Mac. I'll log a bug today.
> Apple just needs to make it better for the Users and Add the Ask to
> Choose Certificate.
The problem with this is you'll get asked *all the time*. HTTP is
stateless, and the browser will drop the connection between page
fetches. Each time the browser needs to open up a connection, you'll
get prompted to select the cert again.
Try it in Firefox and you'll see what I mean. It even happens in IE.
There's no good solution. Auto-selection interferes least with the
user but sometimes gets it wrong, and with no control over the server
there may not be a good failure mode (as in this case). Manual
selection gets freakin' annoying *very* quickly. Setting a preference
has to be done on a site-by-site basis, which is a annoying to maintain.
These are computers, not magical "divine my intent" boxes. :)
-- Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2533 bytes
Desc: not available
Url :
http://lists.apple.com/mailman/private/fed-talk/attachments/20080512/20c
1c695/smime.bin
------------------------------
_______________________________________________
Fed-talk mailing list
email@hidden
http://lists.apple.com/mailman/listinfo/fed-talk
End of Fed-talk Digest, Vol 5, Issue 135
****************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden