On Feb 17, 2012, at 11:52 AM, Thomas Harning Jr. wrote:
I see that 10.7 has CDSA and SmartCardServices deprecated, meaning it is out the door for 10.8.
How would one build TokenD implementations since CDSA is an integral dependency (TokenD directly exposes/consumes CSSM* types)?
Is there a new pluggable-crypto system in the works? If so, hopefully it can support software-driven interfaces (ex: those that aren't PC/SC, perhaps direct USB tokens or network-based devices)...
Thomas, Deprecation of CDSA is what prompted the removal of the Tokend modules from OS X Lion. If you restore them on an OS X Lion system, you will have capabilities restored. The Tokend modules have been based on CDSA in OS X 10.4, 10.5, 10.6 and still can in 10.7. Deprecation of CDSA means that it is no longer THE Crypto/PKI architecture to rely on and that it will be gone in some future version of the OS - not exactly a guarantee it will be gone, but you can’t count on it being there in a future release once it has been publicly announced as deprecated. Apple has not made any announcements with respect to future frameworks to provide the same or similar functionality. I can say that it is extremely high on the customer request list for Token/SmartCard support on iOS & OSX. Since CDSA is deprecated and was never going to make it to iOS (size/age/functionality working against it), Apple was always faced with looking at something new. As for the "software-driven interfaces”, Tokend has been used quite a bit with USB Tokens and Network HSMs. The system-wide support for abstracting Identities (of various types) for iOS / OSX is quite important. Stay tuned to this space for future information. -Shawn __________________________________________________ Shawn Geddis geddis@me.com Security Consulting Engineer geddis@apple.com MacOSForge Project Lead: Smart Card Services Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo __________________________________________________