Re: [Fed-Talk] Secure email with Mac and iOS
Re: [Fed-Talk] Secure email with Mac and iOS
- Subject: Re: [Fed-Talk] Secure email with Mac and iOS
- From: "Miller, Timothy J." <email@hidden>
- Date: Mon, 24 Oct 2011 11:56:04 +0000
- Thread-topic: [Fed-Talk] Secure email with Mac and iOS
On 10/21/11 4:03 PM, "seanmalone" <email@hidden> wrote:
>Unlike an environment that normally backs up all 3 types of
>certs in a Microsoft Identity Lifecycle Management server (ILM), it
>appears we're only part way thru the process to achieve the goal of
>being able to use iOS5's S/MIME capabilities with DoD-issued CAC certs.
And you'll never get there. iOS5 has no smartcard infrastructure, and the
application sandboxing means no third-party can extend the base platform
*for other applications*. Ask Paul Nelson of Thursby--they approached
Apple to do just that and were rebuffed. Apple, as usual, is completely
inscrutable; so we can expect smartcard support to never happen--until the
day it drops into a developer preview.
CAC with iOS is currently possible via Good Technology's suite--but the
CAC remains entirely within that application's sandbox. There is only one
way to skin that cat.
>....really? If so, then in a word: fail.
Actually this kind of fits with Apple's modus operandi, if you think about
it. Apple's design intent is always to eliminate user decisions that are
prone to error. This creates the 'seamless' experience we expect from
Apple. Nothing in PKI is more prone to error than user-based trust
decisions.
If I had to speculate, I'd presume that Apple is looking at some kind of
managed trust infrastructure to go with S/MIME support. However, re-read
the 'inscrutable' comment above.
-- T
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden