Re: [Fed-Talk] CAC support in Lion
Re: [Fed-Talk] CAC support in Lion
- Subject: Re: [Fed-Talk] CAC support in Lion
- From: Dave Schroeder <email@hidden>
- Date: Thu, 07 Jul 2011 08:33:08 -0500
On Jul 7, 2011, at 7:52 AM, Miller, Timothy J. wrote:
> On Jul 6, 2011, at 3:50 PM, Dave Schroeder wrote:
>
>> For what it's worth, I use a next-gen CAC (Gemalto 144) on Windows 7 for web site login, email sign/encrypt, etc., all without ActivClient. So whatever one wants to call Microsoft's CAC support on Windows 7 (as I've had this discussion before), it works perfectly for every DOD site I use...
>
> Technically, you're not using a CAC, you're using a PIV. All CACs since 2008 have been issued with the PIV applets loaded, as part of DoD's transition to FIPS 201 compliance. If you inspect the certs on your card, you'll see that the DoD Identity certificate is missing, as it can only be accessed via the CAC interface, not the PIV interface. In its place you have the PIV Authentication certificate.
>
> This will cause you problems with applications that require the DoD Identity certificate for non-repudiation purposes (mostly document signing).
I suppose the question is, if integrated OS support works for all tasks one wants to accomplish with a CAC, does how it happens -- from a user perspective -- really matter? I have a couple of routine signing functions I also have no issues with, one example being DTS (which has been asserted to not work with Windows 7's integrated Smart Card support).
- Dave
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden