Re: [Fed-Talk] CACs with updated certs
Re: [Fed-Talk] CACs with updated certs
- Subject: Re: [Fed-Talk] CACs with updated certs
- From: "Timothy J. Miller" <email@hidden>
- Date: Thu, 30 Jul 2009 16:53:20 -0500
Walter Adams wrote:
Honestly there should be an easier way to get the OS to recognize the new
certs on the CAC and to allow you to delete the old ones. There maybe some
cryptographic reason to assume that the file system knows best, but frankly
I think the CAC card should be the canonical source of what it contains, not
the file system.
No security reason, just speed. It takes a noticeable amount of time to
read the certs off the card, which delays having the token ready in your
keychain by a fair bit.
I agree that securityd should be capable of noting when the cache is out
of date and fixing it, though.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden