Re: [Fed-Talk] [External] Re: Yosemite and FIPS 800-73 v3 smart cards and Applications
Re: [Fed-Talk] [External] Re: Yosemite and FIPS 800-73 v3 smart cards and Applications
- Subject: Re: [Fed-Talk] [External] Re: Yosemite and FIPS 800-73 v3 smart cards and Applications
- From: "Binet, Valere (NIH/NIA/IRP) [C]" <email@hidden>
- Date: Thu, 12 Feb 2015 14:08:29 +0000
- Thread-topic: [Fed-Talk] [External] Re: Yosemite and FIPS 800-73 v3 smart cards and Applications
Thank you for volunteering to help him.
Valère Binet [C]
IT Security Administrator
Kelly Government Solutions On-Site at the NIH
NIH / NIA / IRP
Tel : 410 558 8013
mailto: email@hidden<UrlBlockedError.aspx>
________________________________
From: Joel Peterson [email@hidden]
Sent: Wednesday, February 11, 2015 10:06 PM
To: William Cerniuk
Cc: Littleton, Adam [USA]; Cook, Ryan [USA]; Fed Talk
Subject: Re: [Fed-Talk] [External] Re: Yosemite and FIPS 800-73 v3 smart cards and Applications
It’s not necessarily open source in how much support you get when Apple’s Shawn Geddis is doing much of the work. I just think “open source” in this case needs an asterisk. :)
Joel Peterson
email@hidden<mailto:email@hidden>
On Feb 11, 2015, at 5:41 PM, William Cerniuk <email@hidden<mailto:email@hidden>> wrote:
Open source smart card shim:
https://smartcardservices.macosforge.org/
--
R/Wm.
703.594.7616
On Feb 11, 2015, at 19:05, Evans, Frazier [USA] <email@hidden<mailto:email@hidden>> wrote:
That would be the native smart card drivers..
Frazier
Sent from my iPhone
+1.703.377.7997 (office) / +1.703.342.9567 (cell)
On Feb 11, 2015, at 5:38 PM, Evans, Frazier [USA] <email@hidden<mailto:email@hidden>> wrote:
William / Martin,
Are both of you using the data card drivers / middleware or have you
installed something else?
Frazier
On 2/11/15, 5:03 PM, "William Cerniuk" <email@hidden<mailto:email@hidden>> wrote:
Your assessment matched mine, spot on. My keychains are large and
numerous.
This does beg the question : why linear search the keychains?
Surely and index item could be stored in each keychain holding the index
for that and only that keychain. To be robust, the index would be able to
be deleted to trigger the automatic rebuild of the index from the
available items in the keychain. It would also make sense to have it as a
user visible index item that presented useful information to the user on
the state of the keychain items and index state.
--
R/Wm.
703.594.7616
On Feb 11, 2015, at 16:36, Martin M. Lindner <email@hidden<mailto:email@hidden>> wrote:
I’ve opened several tickets with Apple on this topic. Never got a good
answer but the issue appears to be how Apple Mail search the keychain
for matching email addresses. As your keychains get longer the search
takes longer. Also there seems to be a difference in timing if your
replying to a message vs. creating a new message.
Marty
Martin Lindner
Principal Engineer / Information Assurance Manager
Software Engineering Institute
Carnegie Mellon University
Office: +1 412 268-3107
Email: email@hidden<mailto:email@hidden>
Email: email@hidden<mailto:email@hidden>
On Feb 11, 2015, at 10:54, William Cerniuk <email@hidden<mailto:email@hidden>> wrote:
Greetings,
Apple Mail works solidly. Don’t have any secret sauce for Outlook.
Working with Apple Mail in beta Yosemite, same, works.
There is a delay to the PIV recognition. Insertion to keychain
recognition is immediate. Keychain recognition to Email activitivation
of the sign and encrypt buttons is where the delay is. This delay is
typically only on first insertion but can be lengthy. I have found
that quitting mail, inserting the PIV, launching Mail helps with the
delay but is not the fix-all.
--
R/Wm.
703.594.7616
On 11-Feb-2015, at 10:45, Evans, Frazier [USA]
<email@hidden<mailto:email@hidden>> wrote:
Help,
I am currently trying to figure out what makes the most sense for
this scenario.
OSX Yosemite 10.10.2, Outlook v.15 from Office 365, and smart cards.
Prior to 10.10, I was able to use commercial middleware solutions
to send signed and/or encrypted emails. I was okay with this and it
worked. With Yosemite 10.10.2 I am able to use the PIV auth
certificate but that is it, at least some of the time and it is
prompting me with the KeyChain Pin dialog not the Middleware dialog.
Depending on the middleware and Outlook it will vary as to it’s
behavior but they will all fail in some fashion and generally require
a reboot to clear the corrupted system state.
I am hoping that someone out here has gotten this to work stably and
is willing to share their magic sauce. Please feel free to ask
additional questions and I will try to answer what I can.
Frazier
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden