Re: [Fed-Talk] re: OpenSSL on OS X old?
Re: [Fed-Talk] re: OpenSSL on OS X old?
- Subject: Re: [Fed-Talk] re: OpenSSL on OS X old?
- From: "Timothy J. Miller" <email@hidden>
- Date: Fri, 8 May 2009 08:33:52 -0500
David Emery wrote:
The three big things that are essential from my perspective are
a. full CAC integration, including Safari, Mail.app, and a means
for 3rd party apps to make appropriate use of CAC Cards.
Ummm...Safari has a bug, but this was all done in 10.4. Smartcards are
fully integrated into CDSA (Common Data Security Architecture, and Open
Group managed standard framework). First-class OS X applications are
expected to use CDSA for security and cryptography, and if they do they
get access to smartcards for free.
b. Whole-disk encryption (and that's something so dangerous to get
wrong, that I think the OS vendor is the right vendor to do it.)
I disagree here. Disk encryption is a niche and belongs to third-party
vendors.
The actual issue is protecting data from unauthorized access, and to be
blunt disk encryption isn't the answer. Disk encryption only addresses
*one small part* of data protection; it *only* protects data in the slim
case where all users are logged out and the computer is *off* (not
asleep). I think you'll find in practice most mobile systems are asleep
with at least one user logged in.
Disk encryption doesn't protect your data from other users of the
system, which is a *much* bigger concern.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden