[Fed-Talk] Help with actual & "certified" email address mismatch (CAC)?
[Fed-Talk] Help with actual & "certified" email address mismatch (CAC)?
- Subject: [Fed-Talk] Help with actual & "certified" email address mismatch (CAC)?
- From: "Blumenthal, Uri - 0668 - MITLL" <email@hidden>
- Date: Thu, 22 Jul 2010 15:00:03 -0400
- Acceptlanguage: en-US
- Thread-topic: Help with actual & "certified" email address mismatch (CAC)?
Title: Help with actual & "certified" email address mismatch (CAC)?
Basically this is for Shawn, but if anybody on the list knows how to remedy this problem – please don’t hesitate to jump in!
I’m using Mac OS X 10.6.4 (all the latest patches), installed CACNG-0.96. For email I use Apple Mail 4.3 (1081) and MS Entourage 13.0.5 (100510).
My Mac recognizes CAC, sees certificates on it, etc. I successfully used it to authenticate to US AF Portal.
Now I need to exchange email with a gentleman (either we both use CAC cards, or only he does: I have other – soft – certificates on my Mac that I can and often do use for email security).
His actual email address is: email@hidden
His CAC-based cert says: email@hidden
My needs are:
- Verify signature on John.Doe’s email that comes from his real address but is signed by his CAC identity
- Send email to email@hidden (his actual/real email address) – yet have it encrypted to his CAC identity.
My problems are:
- With Apple Mail - even after I mark (click) the box stating “Messages from ‘...’ are valid if signed by ‘...’”, not only this doesn’t persist – but the effect if not visible even on this same message! Apple Mail still says “Unable to verify”. With MS Entourage – at least it tells me that the message was not modified (partial verification). But there seems to be no way to make the system understand & associate the two addresses (see my report on Keychain Access below).
- Neither Apple Mail nor MS Entourage can send encrypted email to email@hidden and say that they can’t find encryption certificate for him (see Keychain Access report below).
I’ve imported his certificate into Keychain Access, clicked with the right button, selected New Certificate Preference and typed his actual email address in the “Enter the location (URL) or email address for which a certificate is required.” A similar procedure helped on my Blackberry Tour – but it did not help with Keychain Access, nor with mail clients recognizing that these two addresses are associated.
All the relevant DoD Root and Intermediate CA certificates are loaded and seem to be recognized OK.
Can you please help me?
Thank you!
--
Uri Blumenthal Voice: (781) 981-1638
Cyber Systems and Technology Fax: (781) 981-7687
MIT Lincoln Laboratory Email: <email@hidden>
244 Wood Street
Lexington, MA 02420-9185 Www: http://www.ll.mit.edu/CST/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden