Re: [Fed-Talk] Secure email with Mac and iOS
Re: [Fed-Talk] Secure email with Mac and iOS
- Subject: Re: [Fed-Talk] Secure email with Mac and iOS
- From: Michele Thomas <email@hidden>
- Date: Mon, 24 Oct 2011 08:10:50 -0400
How do you deliver the key to the iOS device? With a BlackBerry it's over a wired connection. But in the Good solution don't you have to do it over the air? Doesn't that violate PKI policy?
Michèle Thomas
U.s. Dept. of Energy
On Oct 24, 2011, at 7:56, "Miller, Timothy J." <email@hidden> wrote:
> On 10/21/11 4:03 PM, "seanmalone" <email@hidden> wrote:
>
>> Unlike an environment that normally backs up all 3 types of
>> certs in a Microsoft Identity Lifecycle Management server (ILM), it
>> appears we're only part way thru the process to achieve the goal of
>> being able to use iOS5's S/MIME capabilities with DoD-issued CAC certs.
>
> And you'll never get there. iOS5 has no smartcard infrastructure, and the
> application sandboxing means no third-party can extend the base platform
> *for other applications*. Ask Paul Nelson of Thursby--they approached
> Apple to do just that and were rebuffed. Apple, as usual, is completely
> inscrutable; so we can expect smartcard support to never happen--until the
> day it drops into a developer preview.
>
> CAC with iOS is currently possible via Good Technology's suite--but the
> CAC remains entirely within that application's sandbox. There is only one
> way to skin that cat.
>
>> ....really? If so, then in a word: fail.
>
> Actually this kind of fits with Apple's modus operandi, if you think about
> it. Apple's design intent is always to eliminate user decisions that are
> prone to error. This creates the 'seamless' experience we expect from
> Apple. Nothing in PKI is more prone to error than user-based trust
> decisions.
>
> If I had to speculate, I'd presume that Apple is looking at some kind of
> managed trust infrastructure to go with S/MIME support. However, re-read
> the 'inscrutable' comment above.
>
>
> -- T
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden