Re: [Fed-Talk] Oberthur ID One 128 v5.5 cards
Re: [Fed-Talk] Oberthur ID One 128 v5.5 cards
- Subject: Re: [Fed-Talk] Oberthur ID One 128 v5.5 cards
- From: Bob Colbert <email@hidden>
- Date: Fri, 13 May 2011 11:17:11 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Oberthur ID One 128 v5.5 cards
This may be another over-simplification of things, but since ActivClient
on Windows seems to work with everything, how come Apple doesn¹t just
license it and drop it in? I recall reading that ActivClient used to have
a Mac client, but Im not sure why they stopped making it.
Currently, I have to use ActivClient on Windows to mate the private keys
with the certs from the ECA vendor to set up a new user. Everything that
has been discussed thus far on this list for using CAC (or any Smart Card)
on a Mac, has just been the usage of the cards in the OS, not the
initialization/creation of them.
The cost of ActivClient for Mac would be relatively small to ensure that
it just works rather than have to keep posting to this list ;-)
Thanks,
Bob Colbert
DE Technologies, Inc.
On 5/13/11 10:31 AM, "Miller, Timothy J." <email@hidden> wrote:
>On May 13, 2011, at 8:04 AM, Bob Colbert wrote:
>
>> Im not a programmer by any means, but if I were, it would seem that
>> adjusting the source code for the card reading profile with the built-in
>> Mac tokends to actually parse the certificates would be something that
>> takes an hour or so.
>
>ECA smartcards are actually a different data model than the CAC and PIV,
>though IIRC the vendors are migrating to PIV-Compatibility. So
>supporting these cards needs a completely different tokend, not a tweak
>to existing code.
>
>The reason the card shows up is because the underlying cardstock is
>recognized by (at least one) tokend, but since the data model is
>different it won't actually work. This is a legacy of the days when
>every card had a unique data model, which meant that "overlaps" never
>occurred and the ATR code could be used to select appropriate drivers.
>Today, card abstraction layers (SP800-73, GSC-IS 2.1, JCOP, etc.) mooted
>this method (one ATR could map to an infinite number of data models), but
>this doesn't mean that the various software stacks grok it properly.
>
>-- T
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden