[SmartcardServices-Dev] SmartCardServices in OSX 10.8
Frank Marien
frank at apsu.be
Tue Aug 13 12:06:38 PDT 2013
Thomas,
I don't have the answers to your questions, exactly..
What I do know is that despite the fork involved with SmartCardServices,
the pcsc-lite project still builds on OSX, out-of-the-box (given
macports and proper command-line tools), and it could therefore quite
easily be packaged by "a third party" that would require an up-to-date
pcscd/ccid combo. We've been investigating doing exactly that and so
your scenario may be quite imminent.
We're wondering about the future, also. I don't really see how we can
continue to support the OSX platform, or begin supporting iOS, without
at least some information from the manufacturer.
Frankly, if it were a matter of personal choice, I would have dropped
the entire platform 2 years ago. With that kind of attitude..
WKR,
-f
>
> If a third party were to upgrade pcscd or the ccid driver to resolve
> problems with what is installed at the system level, what sort of
> issues would we encounter if Apple were to push an update these
> components (or is it planned to never update these)?
> - Would the apple update fail completely preventing further updates to
> the system?
> - Would the update ignore the update to a changed system component?
> - Would the update overwrite our changes?
>
>
> On Fri, Feb 17, 2012 at 12:09 PM, Shawn Geddis <geddis at me.com
> <mailto:geddis at me.com>> wrote:
>
> On Feb 17, 2012, at 11:52 AM, Thomas Harning Jr. wrote:
> > I see that 10.7 has CDSA and SmartCardServices deprecated,
> meaning it
> > is out the door for 10.8.
> >
> > How would one build TokenD implementations since CDSA is an integral
> > dependency (TokenD directly exposes/consumes CSSM* types)?
> >
> > Is there a new pluggable-crypto system in the works? If so,
> hopefully
> > it can support software-driven interfaces (ex: those that aren't
> > PC/SC, perhaps direct USB tokens or network-based devices)...
>
> Thomas,
>
> Deprecation of CDSA is what prompted the removal of the Tokend
> modules from OS X Lion. If you restore them on an OS X Lion
> system, you will have capabilities restored. The Tokend modules
> have been based on CDSA in OS X 10.4, 10.5, 10.6 and still can in
> 10.7. Deprecation of CDSA means that it is no longer THE
> Crypto/PKI architecture to rely on and that it will be gone in
> some future version of the OS - not exactly a guarantee it will be
> gone, but you can’t count on it being there in a future release
> once it has been publicly announced as deprecated.
>
> Apple has not made any announcements with respect to future
> frameworks to provide the same or similar functionality. I can
> say that it is extremely high on the customer request list for
> Token/SmartCard support on iOS & OSX. Since CDSA is deprecated
> and was never going to make it to iOS (size/age/functionality
> working against it), Apple was always faced with looking at
> something new.
>
> As for the "software-driven interfaces”, Tokend has been used
> quite a bit with USB Tokens and Network HSMs. The system-wide
> support for abstracting Identities (of various types) for iOS /
> OSX is quite important.
>
> Stay tuned to this space for future information.
>
> -Shawn
> __________________________________________________
> Shawn Geddis
> geddis at me.com <mailto:geddis at me.com>
> Security Consulting Engineer
> geddis at apple.com <mailto:geddis at apple.com>
>
> MacOSForge Project Lead: Smart Card Services
> Web: http://smartcardservices.macosforge.org/
> Lists: http://lists.macosforge.org/mailman/listinfo
> __________________________________________________
>
>
>
>
>
>
>
>
>
>
>
>
> --
> Thomas Harning Jr. (http://about.me/harningt)
>
>
> _______________________________________________
> SmartcardServices-Dev mailing list
> SmartcardServices-Dev at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/smartcardservices-dev
More information about the SmartcardServices-Dev
mailing list