Re: [Fed-Talk] CAC enabled jabber client
Re: [Fed-Talk] CAC enabled jabber client
- Subject: Re: [Fed-Talk] CAC enabled jabber client
- From: "Miller, Timothy J." <email@hidden>
- Date: Thu, 19 Feb 2015 13:23:49 +0000
- Thread-topic: [Fed-Talk] CAC enabled jabber client
Three ways: They could apply XML-Enc to the XMPP messages. :)
However, since XMPP Core already requires TLS (technically it's a SHOULD clause, but that really means "MUST unless you know what you're doing and have a damn good reason" :). I'm relatively certain DCO's already running over TLS, so the simplest expedient is to turn on client cert authN in the server TLS config.
I doubt the use of GSSAPI simply because DCO has to operate across multiple mutually untrusting Kerberos realms.
-- T
> -----Original Message-----
> From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-talk-
> bounces+tmiller=email@hidden] On Behalf Of Henry B Hotz
> Sent: Wednesday, February 18, 2015 5:59 PM
> To: John Daly
> Cc: email@hidden
> Subject: Re: [Fed-Talk] CAC enabled jabber client
>
> For me the question would be how they are CAC-enabling the server end.
> What is it?
>
> There are two ways they could do it: they could use the CACs client cert with
> a TLS tunnel to the server as the other poster was discussing, or they could
> use the GSSAPI/Krb5 mechanism to authenticate the user and require that
> the tickets have been acquired with PKINIT and the CAC.
>
> In the latter case the Jabber client need merely understand the Krb5
> mechanism, but nothing about smart cards itself.
>
> Personal email. email@hidden
>
> > On Feb 18, 2015, at 1:12 PM, John Daly <email@hidden> wrote:
> >
> > Greetings all,
> > This summer, the DOD chat will go to being CAC enabled. Of course, the
> client you can download is Windows only.
> > Does anyone know of a CAC enabled jabber client for Mac? One for linux
> would be nice too.
> >
> > Thank you,
> > John
> >
> > From the mind of me
> >
> >> On Feb 18, 2015, at 12:00 PM, email@hidden wrote:
> >>
> >> Send Fed-talk mailing list submissions to
> >> email@hidden
> >>
> >> To subscribe or unsubscribe via the World Wide Web, visit
> >> https://lists.apple.com/mailman/listinfo/fed-talk
> >> or, via email, send a message with subject or body 'help' to
> >> email@hidden
> >>
> >> You can reach the person managing the list at
> >> email@hidden
> >>
> >> When replying, please edit your Subject line so it is more specific
> >> than "Re: Contents of Fed-talk digest..."
> >>
> >>
> >> Today's Topics:
> >>
> >> 1. Re: Why DNS in OS X 10.10 is broken, and what you can do to
> >> fix it (Joel Peterson)
> >> 2. Re: Why DNS in OS X 10.10 is broken, and what you can do to
> >> fix it (Ben Greisler)
> >>
> >>
> >> ---------------------------------------------------------------------
> >> -
> >>
> >> Message: 1
> >> Date: Tue, 17 Feb 2015 21:03:46 +0000
> >> From: Joel Peterson <email@hidden>
> >> To: William Cerniuk <email@hidden>
> >> Cc: "email@hidden" <email@hidden>, Carlos
> >> Velazquez <email@hidden>
> >> Subject: Re: [Fed-Talk] Why DNS in OS X 10.10 is broken, and what you
> >> can do to fix it
> >> Message-ID: <email@hidden>
> >> Content-Type: text/plain; charset="utf-8"
> >>
> >> discoveryd hasn't had a MD5 checksum change since 10.0.0, I think. Even
> the latest prereleases have the same binaries.
> >>
> >> Joel Peterson
> >> email@hidden<mailto:email@hidden>
> >>
> >>
> >>
> >>
> >>
> >> On Feb 16, 2015, at 5:10 PM, William Cerniuk
> <email@hidden<mailto:email@hidden>> wrote:
> >>
> >> Kinda thinking of it, I have not seen it in a while now. Running prerelease
> as well.
> >>
> >>
> >> --
> >> R/Wm.
> >>
> >> 703.594.7616
> >>
> >>
> >>
> >>
> >> On Feb 16, 2015, at 19:04, Carlos Velazquez
> <email@hidden<mailto:email@hidden>> wrote:
> >>
> >> I don't use beta software but I sure have seen the problem. I had no idea
> why all of a sudden my computers had a number next to them. And I think
> my iOS devices sometimes do too.
> >>
> >> Sent from my 📲
> >> Date: Mon, 16 Feb 2015 14:58:19 -0500
> >> From: Ben Greisler
> >> <email@hidden<mailto:email@hidden>>
> >> To: Apple Fed-Talk
> >> <email@hidden<mailto:email@hidden>>
> >> Subject: Re: [Fed-Talk] Why DNS in OS X 10.10 is broken, and what you
> >> can do to fix it
> >> Message-ID:
> >> <CEA8A3EA-F093-444C-B07A-
> email@hidden<mailto:CEA8A3
> >> email@hidden>>
> >> Content-Type: text/plain; charset="utf-8"
> >>
> >> From the author of the article:
> >>
> >> "FYI:
> >> I installed the 10.10.2 update beta and the mDNSResponder was still
> active afterwards, with no apparent problems. I deactivated the
> mDNSResponder and reactivated the (updated) discoveryd, and so far (after
> 10 hours) I haven't seen the problems listed in the article."
> >>
> >>
> >> I haven’t tested it but I haven’t seen the problem as bad as described
> either.
> >>
> >> Ben Greisler
> >>
> >>
> >>
> >> On Feb 12, 2015, at 6:52 PM, Joel Peterson
> <email@hidden<mailto:email@hidden>> wrote:
> >>
> >> Every beta seed, I do a MD5 on discoveryd hoping upon hopes that it has
> been patched, but no. I finally understand why I can no longer screen share
> into some systems.
> >>
> >> Joel Peterson
> >> email@hidden<mailto:email@hidden>
> >> <mailto:email@hidden>
> >>
> >>
> >> On Feb 12, 2015, at 2:14 PM, John Oliver
> <email@hidden<mailto:email@hidden>
> <mailto:email@hidden>> wrote:
> >>
> >> I'll just leave this here…
> >>
> >> http://arstechnica.com/apple/2015/01/why-dns-in-os-x-10-10-is-broken-
> >> and-what-you-can-do-to-fix-it
> >> <http://arstechnica.com/apple/2015/01/why-dns-in-os-x-10-10-is-broken
> >> -and-what-you-can-do-to-fix-it>/
> >>
> >> —
> >> John Oliver | SAIC
> >> SPAWAR Systems Center Pacific | Code 53223 Sr. Systems Administrator
> >> Bldg 600 | Room 428N
> >> Office: (619) 553-9567
> >> Lab: (619) 553-6664
> >> email@hidden<mailto:email@hidden>
> >> <mailto:email@hidden>
> >> email@hidden<mailto:email@hidden>
> >> <mailto:email@hidden>
> >> email@hidden<mailto:email@hidden>
> >> <mailto:email@hidden>
> >> DCO:
> >> email@hidden<mailto:email@hidden>
> >>
> <mailto:email@hidden>____________________________
> ___
> >> ________________ Do not post admin requests to the list. They will be
> >> ignored.
> >> Fed-talk mailing list (email@hidden<mailto:Fed-
> email@hidden> <mailto:email@hidden>)
> >> Help/Unsubscribe/Update your Subscription:
> >> >
> >>
> >> This email sent to email@hidden<mailto:email@hidden>
> >>
> >> _______________________________________________
> >> Do not post admin requests to the list. They will be ignored.
> >> Fed-talk mailing list (email@hidden<mailto:Fed-
> email@hidden>)
> >> Help/Unsubscribe/Update your Subscription:
> >> om
> >>
> >> This email sent to email@hidden<mailto:email@hidden>
> >>
> >> -------------- next part -------------- An HTML attachment was
> >> scrubbed...
> >> URL:
> >> <https://lists.apple.com/mailman/private/fed-talk/attachments/2015021
> >> 6/b6e4b45b/attachment-0001.html>
> >>
> >> ------------------------------
> >>
> >> _______________________________________________
> >> Fed-talk mailing list
> >> email@hidden<mailto:email@hidden>
> >> https://lists.apple.com/mailman/listinfo/fed-talk
> >>
> >> End of Fed-talk Digest, Vol 12, Issue 22
> >> ****************************************
> >>
> >> _______________________________________________
> >> Do not post admin requests to the list. They will be ignored.
> >> Fed-talk mailing list (email@hidden<mailto:Fed-
> email@hidden>)
> >> Help/Unsubscribe/Update your Subscription:
> >>
> >> This email sent to email@hidden<mailto:email@hidden>
> >>
> >> _______________________________________________
> >> Do not post admin requests to the list. They will be ignored.
> >> Fed-talk mailing list (email@hidden<mailto:Fed-
> email@hidden>)
> >> Help/Unsubscribe/Update your Subscription:
> >>
> >> This email sent to email@hidden<mailto:email@hidden>
> >>
> >> -------------- next part -------------- An HTML attachment was
> >> scrubbed...
> >> URL:
> >> <https://lists.apple.com/mailman/private/fed-talk/attachments/2015021
> >> 7/2a84486f/attachment-0001.html>
> >>
> >> ------------------------------
> >>
> >> Message: 2
> >> Date: Wed, 18 Feb 2015 12:17:08 -0500
> >> From: Ben Greisler <email@hidden>
> >> To: "email@hidden" <email@hidden>
> >> Subject: Re: [Fed-Talk] Why DNS in OS X 10.10 is broken, and what you
> >> can do to fix it
> >> Message-ID: <2FA70301-1596-4F57-923A-
> email@hidden>
> >> Content-Type: text/plain; charset="utf-8"
> >>
> >> That may be so, but there are plenty of interactions amongst processes
> and we don’t know if the problem lay with the binary or something
> supporting it.
> >>
> >> Ben Greisler
> >>
> >>> On Feb 17, 2015, at 4:03 PM, Joel Peterson <email@hidden> wrote:
> >>>
> >>> discoveryd hasn't had a MD5 checksum change since 10.0.0, I think. Even
> the latest prereleases have the same binaries.
> >>>
> >>> Joel Peterson
> >>> email@hidden <mailto:email@hidden>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>> On Feb 16, 2015, at 5:10 PM, William Cerniuk <email@hidden
> <mailto:email@hidden>> wrote:
> >>>>
> >>>> Kinda thinking of it, I have not seen it in a while now. Running
> prerelease as well.
> >>
> >> -------------- next part -------------- An HTML attachment was
> >> scrubbed...
> >> URL:
> >> <https://lists.apple.com/mailman/private/fed-talk/attachments/2015021
> >> 8/ca132f1c/attachment-0001.html>
> >>
> >> ------------------------------
> >>
> >> _______________________________________________
> >> Fed-talk mailing list
> >> email@hidden
> >> https://lists.apple.com/mailman/listinfo/fed-talk
> >>
> >> End of Fed-talk Digest, Vol 12, Issue 24
> >> ****************************************
> >
> > _______________________________________________
> > Do not post admin requests to the list. They will be ignored.
> > Fed-talk mailing list (email@hidden)
> > Help/Unsubscribe/Update your Subscription:
> >
> > This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden