[SmartcardServices-Dev] SmartCardServices in OSX 10.8

Thomas Harning Jr. harningt at gmail.com
Tue Aug 13 10:31:38 PDT 2013 

Has Apple worked out the next generation USB Token / Network HSM system
support yet? From what I'm seeing, all the interfaces I am developing
against for Symantec are deprecated - which is an unpleasant situation to
be in, since technically the interface can be swiped out from under us.

Are there any plans on patching pcscd daemon or the ccid drivers? We are
using Aladdin tokens and experience routine failures and "race conditions"
between multiple applications using a device where even though transactions
are properly used, hangs are encountered. This also bubbles up to SecurityD
causing system hangs since it accesses pcscd as well.

If a third party were to upgrade pcscd or the ccid driver to resolve
problems with what is installed at the system level, what sort of issues
would we encounter if Apple were to push an update these components (or is
it planned to never update these)?
- Would the apple update fail completely preventing further updates to the
system?
- Would the update ignore the update to a changed system component?
- Would the update overwrite our changes?


On Fri, Feb 17, 2012 at 12:09 PM, Shawn Geddis <geddis at me.com> wrote:

> On Feb 17, 2012, at 11:52 AM, Thomas Harning Jr. wrote:
> > I see that 10.7 has CDSA and SmartCardServices deprecated, meaning it
> > is out the door for 10.8.
> >
> > How would one build TokenD implementations since CDSA is an integral
> > dependency (TokenD directly exposes/consumes CSSM* types)?
> >
> > Is there a new pluggable-crypto system in the works? If so, hopefully
> > it can support software-driven interfaces (ex: those that aren't
> > PC/SC, perhaps direct USB tokens or network-based devices)...
>
> Thomas,
>
> Deprecation of CDSA is what prompted the removal of the Tokend modules
> from OS X Lion.  If you restore them on an OS X Lion system, you will have
> capabilities restored.  The Tokend modules have been based on CDSA in OS X
> 10.4, 10.5, 10.6 and still can in 10.7.  Deprecation of CDSA means that it
> is no longer THE  Crypto/PKI architecture to rely on and that it will be
> gone in some future version of the OS - not exactly a guarantee it will be
> gone, but you can’t count on it being there in a future release once it has
> been publicly announced as deprecated.
>
> Apple has not made any announcements with respect to future frameworks to
> provide the same or similar functionality.  I can say that it is extremely
> high on the customer request list for Token/SmartCard support on iOS & OSX.
>  Since CDSA is deprecated and was never going to make it to iOS
> (size/age/functionality working against it), Apple was always faced with
> looking at something new.
>
> As for the "software-driven interfaces”, Tokend has been used quite a bit
> with USB Tokens and Network HSMs.  The system-wide support for abstracting
> Identities (of various types) for iOS / OSX is quite important.
>
> Stay tuned to this space for future information.
>
> -Shawn
> __________________________________________________
> Shawn Geddis
> geddis at me.com
> Security Consulting Engineer                              geddis at apple.com
>
> MacOSForge Project Lead:                           Smart Card Services
>         Web:    http://smartcardservices.macosforge.org/
>         Lists:  http://lists.macosforge.org/mailman/listinfo
> __________________________________________________
>
>
>
>
>
>
>
>
>
>


-- 
Thomas Harning Jr. (http://about.me/harningt)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-dev/attachments/20130813/255f6d71/attachment.html>

More information about the SmartcardServices-Dev mailing list