Re: [Fed-Talk] RE: DoD ECA Certificates - Hardware vs Software with the Mac
Re: [Fed-Talk] RE: DoD ECA Certificates - Hardware vs Software with the Mac
- Subject: Re: [Fed-Talk] RE: DoD ECA Certificates - Hardware vs Software with the Mac
- From: "Martin M. Lindner" <email@hidden>
- Date: Mon, 10 May 2010 10:24:03 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] RE: DoD ECA Certificates - Hardware vs Software with the Mac
I have a ECA Smartcard from ORC and I'm not using any special middleware.
>From the OS point of view everything works well.
>From an Email client point of view there are some issues. Unlike a CAC,
which has 3 certs, the ECA Smartcard only has 2. It appears that Apple Mail
and Entourage select the wrong certs when selecting between signing and
encrypting. So, using my ECA Smartcard doesn't work well with mail.
My 2 cents,
Marty
--
Martin Lindner
Principal Engineer
Software Engineering Institute
CERT Coordination Center
Carnegie Mellon University
Office: +1 412 268-3107
Email: email@hidden
> From: "Miller, Timothy J." <email@hidden>
> Date: Mon, 10 May 2010 09:50:05 -0400
> To: Bob Colbert <email@hidden>, <email@hidden>
> Subject: [Fed-Talk] RE: DoD ECA Certificates - Hardware vs Software with the
> Mac
>
>> * Is this middleware still required using Mac 10.6.3? Previous
>> posts by Shawn Geddis from Apple seem to apply that everything is
>> provided for within the Mac OS.
>
> This depends on the cards. If the ECA card data follows CAC or PIV, you
> should be fine (presuming no bugs). I don't have an ECA vendor card (I test
> primarily CACs, PIVs, and PIV-compatibles) so I don't know for sure. Since
> CAC uses card applets initially developed by ActivIdentity, it may be a
> CAC-model card.
>
>> * The ECA vendor seemed to imply that the current version of
>> ActivClient is not ready for Snow Leopard.
>
> Yes and no. Card personalization has issues on SL (though these may be
> resolvable, I've been working with AI CMS lately and will know more this
> afternoon), but the ACTIVCARD.tokend process appears to run. I've not gotten
> past trying to get personalization to work, though, so there may be issues
> beyond this. However, if the card data model is CAC or PIV compatible, you
> shouldn't need the AI provided tokend.
>
>> * Does this middleware impact the logon process or just when I want
>> to sign/encrypt emails?
>
> Only if you want it to.
>
>> * Does this middleware interface properly with either Mac Mail or
>> Microsoft Entourage or again, is this middleware redundant?
>
> Both play with CDSA (mostly) properly. Entourage uses an older keychain trust
> model, but it's not insurmountable.
>
> -- Tim
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden