Re: [Fed-Talk] [External] Re: Yosemite and FIPS 800-73 v3 smart cards and Applications
Re: [Fed-Talk] [External] Re: Yosemite and FIPS 800-73 v3 smart cards and Applications
- Subject: Re: [Fed-Talk] [External] Re: Yosemite and FIPS 800-73 v3 smart cards and Applications
- From: "Martin M. Lindner" <email@hidden>
- Date: Thu, 12 Feb 2015 00:58:46 +0000
- Thread-topic: [External] Re: [Fed-Talk] Yosemite and FIPS 800-73 v3 smart cards and Applications
I’m current using the PKard middleware but I’ve used others. I don’t think it’s actually a smart card problem. I can create the same issues with soft-certs. I really think it’s all about how keychain works.
As for the index question. I don’t think the email address portion of the cert (i.e., rfs822 name) is indexed so it has to read and parse each cert every time. I’ve done some experimentation using certificate preferences. This seems to help because the key name is now the email address.
Marty
Martin Lindner
Principal Engineer / Information Assurance Manager
Software Engineering Institute
Carnegie Mellon University
Office: +1 412 268-3107
Email: email@hidden
Email: email@hidden
> On Feb 11, 2015, at 19:05, Evans, Frazier [USA] <email@hidden> wrote:
>
> That would be the native smart card drivers..
>
> Frazier
> Sent from my iPhone
> +1.703.377.7997 (office) / +1.703.342.9567 (cell)
>
>> On Feb 11, 2015, at 5:38 PM, Evans, Frazier [USA] <email@hidden> wrote:
>>
>> William / Martin,
>>
>> Are both of you using the data card drivers / middleware or have you
>> installed something else?
>>
>> Frazier
>>
>>
>>
>>> On 2/11/15, 5:03 PM, "William Cerniuk" <email@hidden> wrote:
>>>
>>> Your assessment matched mine, spot on. My keychains are large and
>>> numerous.
>>>
>>> This does beg the question : why linear search the keychains?
>>>
>>> Surely and index item could be stored in each keychain holding the index
>>> for that and only that keychain. To be robust, the index would be able to
>>> be deleted to trigger the automatic rebuild of the index from the
>>> available items in the keychain. It would also make sense to have it as a
>>> user visible index item that presented useful information to the user on
>>> the state of the keychain items and index state.
>>>
>>> --
>>> R/Wm.
>>>
>>> 703.594.7616
>>>
>>>
>>>
>>>
>>>> On Feb 11, 2015, at 16:36, Martin M. Lindner <email@hidden> wrote:
>>>>
>>>> I’ve opened several tickets with Apple on this topic. Never got a good
>>>> answer but the issue appears to be how Apple Mail search the keychain
>>>> for matching email addresses. As your keychains get longer the search
>>>> takes longer. Also there seems to be a difference in timing if your
>>>> replying to a message vs. creating a new message.
>>>>
>>>> Marty
>>>>
>>>>
>>>> Martin Lindner
>>>> Principal Engineer / Information Assurance Manager
>>>> Software Engineering Institute
>>>> Carnegie Mellon University
>>>> Office: +1 412 268-3107
>>>> Email: email@hidden
>>>> Email: email@hidden
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On Feb 11, 2015, at 10:54, William Cerniuk <email@hidden> wrote:
>>>>>
>>>>> Greetings,
>>>>>
>>>>> Apple Mail works solidly. Don’t have any secret sauce for Outlook.
>>>>> Working with Apple Mail in beta Yosemite, same, works.
>>>>>
>>>>> There is a delay to the PIV recognition. Insertion to keychain
>>>>> recognition is immediate. Keychain recognition to Email activitivation
>>>>> of the sign and encrypt buttons is where the delay is. This delay is
>>>>> typically only on first insertion but can be lengthy. I have found
>>>>> that quitting mail, inserting the PIV, launching Mail helps with the
>>>>> delay but is not the fix-all.
>>>>>
>>>>>
>>>>> --
>>>>> R/Wm.
>>>>>
>>>>> 703.594.7616
>>>>>
>>>>>
>>>>>
>>>>>> On 11-Feb-2015, at 10:45, Evans, Frazier [USA]
>>>>>> <email@hidden> wrote:
>>>>>>
>>>>>> Help,
>>>>>>
>>>>>> I am currently trying to figure out what makes the most sense for
>>>>>> this scenario.
>>>>>>
>>>>>> OSX Yosemite 10.10.2, Outlook v.15 from Office 365, and smart cards.
>>>>>> Prior to 10.10, I was able to use commercial middleware solutions
>>>>>> to send signed and/or encrypted emails. I was okay with this and it
>>>>>> worked. With Yosemite 10.10.2 I am able to use the PIV auth
>>>>>> certificate but that is it, at least some of the time and it is
>>>>>> prompting me with the KeyChain Pin dialog not the Middleware dialog.
>>>>>> Depending on the middleware and Outlook it will vary as to it’s
>>>>>> behavior but they will all fail in some fashion and generally require
>>>>>> a reboot to clear the corrupted system state.
>>>>>>
>>>>>> I am hoping that someone out here has gotten this to work stably and
>>>>>> is willing to share their magic sauce. Please feel free to ask
>>>>>> additional questions and I will try to answer what I can.
>>>>>>
>>>>>> Frazier
>>>>>> _______________________________________________
>>>>>> Do not post admin requests to the list. They will be ignored.
>>>>>> Fed-talk mailing list (email@hidden)
>>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>>
>>>>>> This email sent to email@hidden
>>>>>
>>>>> _______________________________________________
>>>>> Do not post admin requests to the list. They will be ignored.
>>>>> Fed-talk mailing list (email@hidden)
>>>>> Help/Unsubscribe/Update your Subscription:
>>>>>
>>>>> This email sent to email@hidden
>>>>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden