Thomas, I don't have the answers to your questions, exactly.. What I do know is that despite the fork involved with SmartCardServices, the pcsc-lite project still builds on OSX, out-of-the-box (given macports and proper command-line tools), and it could therefore quite easily be packaged by "a third party" that would require an up-to-date pcscd/ccid combo. We've been investigating doing exactly that and so your scenario may be quite imminent. We're wondering about the future, also. I don't really see how we can continue to support the OSX platform, or begin supporting iOS, without at least some information from the manufacturer. Frankly, if it were a matter of personal choice, I would have dropped the entire platform 2 years ago. With that kind of attitude.. WKR, -f
If a third party were to upgrade pcscd or the ccid driver to resolve problems with what is installed at the system level, what sort of issues would we encounter if Apple were to push an update these components (or is it planned to never update these)? - Would the apple update fail completely preventing further updates to the system? - Would the update ignore the update to a changed system component? - Would the update overwrite our changes?
On Fri, Feb 17, 2012 at 12:09 PM, Shawn Geddis <geddis@me.com <mailto:geddis@me.com>> wrote:
On Feb 17, 2012, at 11:52 AM, Thomas Harning Jr. wrote: > I see that 10.7 has CDSA and SmartCardServices deprecated, meaning it > is out the door for 10.8. > > How would one build TokenD implementations since CDSA is an integral > dependency (TokenD directly exposes/consumes CSSM* types)? > > Is there a new pluggable-crypto system in the works? If so, hopefully > it can support software-driven interfaces (ex: those that aren't > PC/SC, perhaps direct USB tokens or network-based devices)...
Thomas,
Deprecation of CDSA is what prompted the removal of the Tokend modules from OS X Lion. If you restore them on an OS X Lion system, you will have capabilities restored. The Tokend modules have been based on CDSA in OS X 10.4, 10.5, 10.6 and still can in 10.7. Deprecation of CDSA means that it is no longer THE Crypto/PKI architecture to rely on and that it will be gone in some future version of the OS - not exactly a guarantee it will be gone, but you can’t count on it being there in a future release once it has been publicly announced as deprecated.
Apple has not made any announcements with respect to future frameworks to provide the same or similar functionality. I can say that it is extremely high on the customer request list for Token/SmartCard support on iOS & OSX. Since CDSA is deprecated and was never going to make it to iOS (size/age/functionality working against it), Apple was always faced with looking at something new.
As for the "software-driven interfaces”, Tokend has been used quite a bit with USB Tokens and Network HSMs. The system-wide support for abstracting Identities (of various types) for iOS / OSX is quite important.
Stay tuned to this space for future information.
-Shawn __________________________________________________ Shawn Geddis geddis@me.com <mailto:geddis@me.com> Security Consulting Engineer geddis@apple.com <mailto:geddis@apple.com>
MacOSForge Project Lead: Smart Card Services Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo __________________________________________________
-- Thomas Harning Jr. (http://about.me/harningt)
_______________________________________________ SmartcardServices-Dev mailing list SmartcardServices-Dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-dev