Re: [Fed-Talk] CAC support in Lion
Re: [Fed-Talk] CAC support in Lion
- Subject: Re: [Fed-Talk] CAC support in Lion
- From: "Miller, Timothy J." <email@hidden>
- Date: Thu, 07 Jul 2011 08:52:00 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] CAC support in Lion
On Jul 6, 2011, at 3:50 PM, Dave Schroeder wrote:
> For what it's worth, I use a next-gen CAC (Gemalto 144) on Windows 7 for web site login, email sign/encrypt, etc., all without ActivClient. So whatever one wants to call Microsoft's CAC support on Windows 7 (as I've had this discussion before), it works perfectly for every DOD site I use...
Technically, you're not using a CAC, you're using a PIV. All CACs since 2008 have been issued with the PIV applets loaded, as part of DoD's transition to FIPS 201 compliance. If you inspect the certs on your card, you'll see that the DoD Identity certificate is missing, as it can only be accessed via the CAC interface, not the PIV interface. In its place you have the PIV Authentication certificate.
This will cause you problems with applications that require the DoD Identity certificate for non-repudiation purposes (mostly document signing).
-- T
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden