Re: [Fed-Talk] DISA to test mobile ID, replacement for CAC
Re: [Fed-Talk] DISA to test mobile ID, replacement for CAC
- Subject: Re: [Fed-Talk] DISA to test mobile ID, replacement for CAC
- From: "Miller, Timothy J." <email@hidden>
- Date: Wed, 16 Apr 2014 19:02:13 +0000
- Thread-topic: [Fed-Talk] DISA to test mobile ID, replacement for CAC
>Interestingly, the PKI community I work with would love to have some form of
>derived credential to allow Encryption certificates that are stored in a PIV (or
>CAC) card to be used on a smartphone without a PIV/CAC reader.
You don't need (or want) a derived credential for this use case. Your PIV issuer should be escrowing encryption certificates already, and should be allowing users to recover their own. This is required to support access to encrypted data after PIV re-issuance and is duplication of that key to a mobile device for encrypted email access should be allowed for the same reason (e.g., this is an allowed use in the DoD, as long as the mobile device is DoD-owned).
-- T
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden