Re: [Fed-Talk] Root Cert on MacBookPro Question
Re: [Fed-Talk] Root Cert on MacBookPro Question
- Subject: Re: [Fed-Talk] Root Cert on MacBookPro Question
- From: David Emery <email@hidden>
- Date: Mon, 28 Dec 2009 12:30:58 -0500
So, Tim, would you carry a PKI-enabled rifle into combat? It's one thing to get this stuff to work in command posts where there's an IT support staff, great connectivity, etc. It's a whole 'nuther thing to try to get this to work on end user devices with intermittent radio communications, with no IT staff riding in the vehicle, with more than just Microsoft Windows XP/Vista as the device OS.
dave
On Dec 28, 2009, at 12:17 PM, Peter Link wrote:
> Tim,
> It's funny you should reply to this email thread since your email comes across with an untrusted rootCA. I checked through my 10.5 keychain and mitre.org is not listed in the System Roots and the mitre.org root certs I've received from you and others show an untrusted insurer. I don't receive the digest.
>
> As far as David's comment about not being able to send a return encrypted email, that doesn't surprise me since our DOE Entrust certificates are split so the recipient doesn't necessarily (always) get the encipherment certificate with every signed email. Does this mean PKI isn't ready for combat, it just means some organizations implemented some weird configurations awhile ago and haven't fixed them. Change, especially in the government, is next to impossible.
>
>
> On Dec 28, 2009, at 9:07 AM, Timothy J. Miller wrote:
>
>> David Emery wrote:
>>> Well, I have tried to move to Mail.app from Thunderbird, and I'm still having major certificate problems. People send me signed messages; their certs come across as invalid, I try to trust them, but can't reply encrypted.
>>
>> This is most likely the result of mis-match between the email address in the cert and the email address in the From:/To: line. Mail.app requires exact match, including case-sensitive match for the part to the left of the @ sign.
>>
>>> Anyone who thinks this PKI <stuff> is ready for combat should be sent to Afghanistan with a "PKI-enabled" rifle!!!
>>
>> PKI has been in active use in theater for about 5 years now.
>>
>> -- Tim
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> Peter Link
> Cyber Security Analyst
> Cyber Security Program
> Lawrence Livermore National Laboratory
> PO Box 808, L-315
> Livermore, CA 94550
> email@hidden
>
>
>
-----
David Emery, 703 298 3473 (c) 703 272 7496 (fax)
Supporting PdM Software Integration
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden