Re: [Fed-Talk] DISA to test mobile ID, replacement for CAC
Re: [Fed-Talk] DISA to test mobile ID, replacement for CAC
- Subject: Re: [Fed-Talk] DISA to test mobile ID, replacement for CAC
- From: "Neely, Lee" <email@hidden>
- Date: Wed, 16 Apr 2014 19:17:17 +0000
- Thread-topic: [Fed-Talk] DISA to test mobile ID, replacement for CAC
Agree on escrow, and reasons behind. Our problem is they are not exportable, so we cannot export the private key onto our mobile devices. That decision goes back to GSA/Entrust/US Access. We are currently restricted to issuing PIV certificates (As in key recovery) to Smartcard devices. My understanding is CAC is not so restricted.
Lee
-----Original Message-----
From: Miller, Timothy J. [mailto:email@hidden]
Sent: Wednesday, April 16, 2014 12:02 PM
To: Neely, Lee; 'Blumenthal, Uri - 0558 - MITLL'; Fed Talk
Subject: RE: [Fed-Talk] DISA to test mobile ID, replacement for CAC
>Interestingly, the PKI community I work with would love to have some
>form of derived credential to allow Encryption certificates that are
>stored in a PIV (or
>CAC) card to be used on a smartphone without a PIV/CAC reader.
You don't need (or want) a derived credential for this use case. Your PIV issuer should be escrowing encryption certificates already, and should be allowing users to recover their own. This is required to support access to encrypted data after PIV re-issuance and is duplication of that key to a mobile device for encrypted email access should be allowed for the same reason (e.g., this is an allowed use in the DoD, as long as the mobile device is DoD-owned).
-- T
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden