Re: [Fed-Talk] Apple Mail and PKI
Re: [Fed-Talk] Apple Mail and PKI
- Subject: Re: [Fed-Talk] Apple Mail and PKI
- From: "Levine, Jason (NIH/NCI) [E]" <email@hidden>
- Date: Tue, 01 Jul 2014 19:06:52 +0000
- Thread-topic: [Fed-Talk] Apple Mail and PKI
I have seen both of these things, and then also see:
* near-universal failure to look up recipients' encryption certs in Active Directory, despite all the settings being correct (as per any documentation I can find and Shawn Geddis's occasional advice here);
* inability to see or use smartcard-based certs under a number of circumstances;
* failure to cache smartcard PIN leading to need to enter PIN dozens or hundreds of times — in modal dialog boxes that can't be cancelled — if you open a mailbox that contains dozens or hundreds of encrypted emails.
I can't agree more that Mail.app isn't ready for use with PKI. Unfortunately, the only other game in town is Outlook, and it has an entire OTHER set of issues that make it nigh-unusable. Which leads me to recommend that people just avoid PKI-based email in its entirety; it's a pile of fail, at least on OS X.
Jason
Jason Levine, email@hidden
NCI CCR Acting Associate Director for IT and Clinical Informatics
NCI CCR Pediatric Oncology Branch
(240) 276-5557
On Jul 1, 2014, at 2:50 PM, Ron Colvin <email@hidden> wrote:
> I have seen this as well. Other email clients work just fine on the same email message including Outlook on Mac and PC as well as Thunderbird. In looking at full headers it is clearly marked as an S/MIME message. Even more disturbing from my perspective is that the actual encrypted state of the message is not retained on replies or forwards. If there is a need to encrypt the content of the message the user needs to be notified of that before it is sent on if it will not be encrypted.
>
> I think this is a serious enough bug to recommend no one use Apple Mail with PKI.
>
> On 7/1/14 2:40 PM, Martin M. Lindner wrote:
>> So, first the header bar (i.e., to, from, subject) stops displaying the status of messages that are signed and/or encrypted. Sometimes if I rebuild the mailbox it will work for a while but in short order it disappears:(
>
> --
>
>
> ********************************************************
> Ron Colvin CISSP, CAP, CEH
> Certified Security Analyst
> NASA - Goddard Space Flight Center
> <email@hidden>
> Direct phone 301-286-2451
> NASA Jabber (email@hidden) AIM rcolvin13
> NASA LCS (email@hidden)
> ********************************************************
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden