<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
On Oct 30, 2015, at 16:30 , Miller, Timothy J. <<a href="mailto:tmiller@mitre.org" class="">tmiller@mitre.org</a>> wrote:<br class="">
<div>
<blockquote type="cite" class="">... If you don't send VERIFY in the APDU immediately prior to the DSK operation, the PIV card applet should return an error (I don't have 800-73 in front of me, but you can look up the error). The tokend then handles that error.
That's all integral to the PIV card data model. <br class="">
</blockquote>
<div><br class="">
</div>
OK, and that’s what NEO seems to require!</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">Non-conformance can happen at both ends, but I'm relatively certain that PIV.token and PKard.tokend are conformant (no offense to Shawn or Paul :). Yubi's PIV applet is possibly suspect, not having been certified,
</div>
</blockquote>
<div><br class="">
</div>
<div>OK, but if Yubi refuses to work without a PIN, and the PIN is not sent to it and the user is not prompted for for a PIN - how can Yubi be a suspect in
<u class="">this</u> particular case? </div>
<br class="">
<blockquote type="cite" class="">
<div class="">but you know you can download NIST's PIV data model test tools, right? <br class="">
<br class="">
<a href="http://csrc.nist.gov/groups/SNS/piv/download.html" class="">http://csrc.nist.gov/groups/SNS/piv/download.html</a><br class="">
</div>
</blockquote>
<div><br class="">
</div>
<div>I will download it - though I suspect it requires Windows, which would make my ability to try it rather unlikely…</div>
<br class="">
<blockquote type="cite" class="">
<div class="">I'd be more apt to believe a bug in Mail or securityd, however.<br class="">
</div>
</blockquote>
<div><br class="">
</div>
</div>
<div apple-content-edited="true" class="">
<div style="orphans: 2; widows: 2;" class="">I’m in complete agreement here. :-)</div>
<div style="orphans: 2; widows: 2;" class="">--</div>
<div style="orphans: 2; widows: 2;" class="">Uri Blumenthal</div>
<div style="orphans: 2; widows: 2;" class=""><a href="mailto:uri@mit.edu" class="">uri@mit.edu</a></div>
</div>
<br class="">
</body>
</html>