RE: [Fed-Talk] Secure email with Mac and iOS
RE: [Fed-Talk] Secure email with Mac and iOS
- Subject: RE: [Fed-Talk] Secure email with Mac and iOS
- From: "Miller, Jason G. (MSFC-IS40)[LMIT - MSFC]" <email@hidden>
- Date: Mon, 24 Oct 2011 11:21:07 -0500
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Secure email with Mac and iOS
I've also used Profile Manager on Lion server to push a configuration profile containing the keys and required certificates. That also works.
--Jason
-----Original Message-----
From: fed-talk-bounces+jason.miller=email@hidden [mailto:fed-talk-bounces+jason.miller=email@hidden] On Behalf Of Walls, Bryan K. (MSFC-EO50)
Sent: Monday, October 24, 2011 9:14 AM
To: Michele Thomas
Cc: Fed Talk
Subject: Re: [Fed-Talk] Secure email with Mac and iOS
I use the iPhone Configuration Utility. I create a profile with my keys in it, and a second one with all the certificates our CA requires. That way I can apply it directly through a wire.
You can email it to yourself, or post the profile on a website, both rather dodgy security wise. You could also push them through an MDM. I'm not sure how that compares. The keys are password protected, but still, don't like someone else having access to my identity...
On Oct 24, 2011, at 7:10 AM, Michele Thomas wrote:
> How do you deliver the key to the iOS device? With a BlackBerry it's over a wired connection. But in the Good solution don't you have to do it over the air? Doesn't that violate PKI policy?
>
> Michèle Thomas
> U.s. Dept. of Energy
>
>
> On Oct 24, 2011, at 7:56, "Miller, Timothy J." <email@hidden> wrote:
>
>> On 10/21/11 4:03 PM, "seanmalone" <email@hidden> wrote:
>>
>>> Unlike an environment that normally backs up all 3 types of certs in
>>> a Microsoft Identity Lifecycle Management server (ILM), it appears
>>> we're only part way thru the process to achieve the goal of being
>>> able to use iOS5's S/MIME capabilities with DoD-issued CAC certs.
>>
>> And you'll never get there. iOS5 has no smartcard infrastructure,
>> and the application sandboxing means no third-party can extend the
>> base platform *for other applications*. Ask Paul Nelson of
>> Thursby--they approached Apple to do just that and were rebuffed.
>> Apple, as usual, is completely inscrutable; so we can expect
>> smartcard support to never happen--until the day it drops into a developer preview.
>>
>> CAC with iOS is currently possible via Good Technology's suite--but
>> the CAC remains entirely within that application's sandbox. There is
>> only one way to skin that cat.
>>
>>> ....really? If so, then in a word: fail.
>>
>> Actually this kind of fits with Apple's modus operandi, if you think
>> about it. Apple's design intent is always to eliminate user
>> decisions that are prone to error. This creates the 'seamless'
>> experience we expect from Apple. Nothing in PKI is more prone to
>> error than user-based trust decisions.
>>
>> If I had to speculate, I'd presume that Apple is looking at some kind
>> of managed trust infrastructure to go with S/MIME support. However,
>> re-read the 'inscrutable' comment above.
>>
>>
>> -- T
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> om
>>
>> This email sent to email@hidden
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden