Re: [Fed-Talk] Apple Mail and PKI
Re: [Fed-Talk] Apple Mail and PKI
- Subject: Re: [Fed-Talk] Apple Mail and PKI
- From: "Trouton, Rich R" <email@hidden>
- Date: Tue, 01 Jul 2014 20:07:19 +0000
- Thread-topic: [Fed-Talk] Apple Mail and PKI
I should clarify. Outlook *on Windows* is looser with the case-sensitivity. Outlook 2011 on the Mac is not.
The reason for that is that Microsoft's team uses the same framework that Apple Mail does. That way, Apple handles the encryption support and upkeep and Outlook's encryption functionality keeps working without much work on Microsoft's part.
Thanks,
Rich
On Jul 1, 2014, at 3:05 PM, "Trouton, Rich R" <email@hidden> wrote:
> The encryption checkbox being active or not in Apple Mail depends on how the email address is listed in the "RFC 822 Name" field of the signing certificate. If it's listed as "email@hidden", then the encryption will only be available if the email address matches exactly. For example, "email@hidden" will match and you can send back an encrypted message. "email@hidden" does not match, so you will not be able to send back an encrypted message.
>
> I ran into this a few years ago at my old gig, where one of our folks could not sign his emails. When I took a look, his email address was listed in the "RFC 822 Name" field of the signing certificate as "email@hidden". In Apple Mail, he had his email address in the account settings set as "email@hidden". Once we changed his email address in the Account settings to be "email@hidden", he could start sending and receiving signed emails.
>
> Microsoft plays a little looser with the case-sensitivity and Outlook would be cool with both "email@hidden" and "email@hidden". However, they're not following the standard when they do that. Apple follows the standard, which says the email address must match exactly.
>
> Thanks,
> Rich
>
>
> On Jul 1, 2014, at 2:40 PM, Martin M. Lindner <email@hidden> wrote:
>
>> I know this has been discussed several times on the list but most recently others I work with and myself have been experiencing interesting behavior with Apple Mail as it relates to PKI.
>>
>> As a note, the problems don’t appears to be related to smart cards, I can create the problems using both smart cards and soft certs.
>>
>> So, first the header bar (i.e., to, from, subject) stops displaying the status of messages that are signed and/or encrypted. Sometimes if I rebuild the mailbox it will work for a while but in short order it disappears:(
>>
>> Second, The “sign” checkbox is active (i.e., is not grayed out) when a create a new message but if I reply to a message it can take MINUTES to be active:(
>>
>> Lastly, I still can’t explain when and why the “encryption” checkbox becomes active. Given the same reply email address, sometimes it works and sometimes is doesn’t. I’ve submitted multiple tickets but haven’t gotten any feedback from Apple.
>>
>> Are others experiencing these issues? I’m running 10.9.4 but this has been an issue for a while.
>>
>> Thanks,
>>
>> Marty
>> Martin Lindner
>> Principal Engineer / Information Assurance Manager
>> Software Engineering Institute
>> Carnegie Mellon University
>> Office: +1 412 268-3107
>> Email: email@hidden
>> Email: email@hidden
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> ---
> Rich Trouton
> email@hidden
>
> JFRC Help Desk
> phone: x4030
> email: email@hidden
>
> The best way to get in touch with me is through email.
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
---
Rich Trouton
email@hidden
JFRC Help Desk
phone: x4030
email: email@hidden
The best way to get in touch with me is through email.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden