<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1251"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Eugene,</div></div><div><br></div><div>Internal verification that it looks like there was regression on the VPN side of things. Not a problem with any of the Smart Card Services components or your Tokend / PKC11 components. </div><div><br></div><div>I’ll create a ticket in our system to reflect the status of the RADAR in Apple’s system.</div><div><br></div><div>-Shawn</div><br><div><div>On Mar 14, 2014, at 5:14 AM, Ìèðîíåíêî Åâãåíèé <<a href="mailto:mironenko@rutoken.ru">mironenko@rutoken.ru</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=us-ascii"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Shawn,<div><br></div><div>Finally I've captured logs from PKCS11. tokend: see the file attached. </div><div>I'd like to note, that there is no log activity during the selection of certificate in VPN client. </div><div>Activity logged corresponds to viewing the certificates in the keychain and signing e-mail.</div><div><br></div><div></div></div><span><Gemalto.TokenD.log></span><meta http-equiv="Content-Type" content="text/html charset=koi8-r"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div></div><div>Best regards,</div><div>Eugene Mironenko</div><div><br><div><div>12.03.2014, â 19:39, Shawn Geddis <<a href="mailto:geddis@me.com">geddis@me.com</a>> íàïèñàë(à):</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">On Mar 12, 2014, at 5:29 AM, Ìèðîíåíêî Åâãåíèé <<a href="mailto:mironenko@rutoken.ru">mironenko@rutoken.ru</a>> wrote:<br><div apple-content-edited="true">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><font face="Helvetica" style=""><span style="font-size: 12px;">- Shawn</span></font><span style="font-size: 12px; font-family: Helvetica; text-align: -webkit-auto;">_____________________________________________________________________</span></div></span></div></div></div></div></div></div></div></div>
</div>
<br><div><blockquote type="cite">Hello!<br><br>I'm using Gemalto Tokend to access the certificates on the token. On Mac OS X 10.8 the certificates on the token are accessible via Keychain Access, Mail utilities and built-in VPN client, but after updating to 10.9 I've got an issue that certificates on the token are not listed in built-in VPN client (when selecting authentication parameters) though they are visible in Keychain Access utility. <br><br>Is it a problem with Tokend used or Apple has just cut out tokend support from VPN client? Is there any workaround for the issue?<br><br>Best regards,<br>Eugene Mironenko<br></blockquote><br></div><div>Eugene, </div><div><br></div><div>Nothing has changed architecturally from the Apple side on Tokend or on the ability of any Apple services (ie. VPN) to utilize the Keychain APIs which is how they get access to Smart Cards supported with a Tokend. Have you updated the Tokend for 10.9 using the updated installers posted ? There was a security CVE addressed and implemented in the new updates as well.</div><div><br></div><div>Please capture logs before and during the transactions and submit with a ticket, so we can look into it. We may uncover something from there.</div><div><br></div><div>-Shawn</div><div style="orphans: 2; widows: 2; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><font face="Helvetica"><span style="font-size: 12px;">_____________________________________________________________________<br>Shawn Geddis<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span> </span></font><font face="Helvetica"><span style="font-size: 12px;">geddis@{Mac | Me | iCloud}.com</span></font><font face="Helvetica"><span style="font-size: 12px;"><br>Enterprise Security Consulting Engineer, Apple <a href="mailto:geddis@apple.com">geddis@apple.com</a><br><br>Smart Card Services Project/Dev Lead: <br><span class="Apple-tab-span" style="white-space: pre;"> </span>Project Wiki:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="http://smartcardservices.macosfforge.org/">SmartCardServices.MacOSFforge.Org</a>]<br><span class="Apple-tab-span" style="white-space: pre;"> </span>Mailing Lists:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="http://lists.macosforge.org/mailman/listinfo">Lists.MacOSForge.Org/mailman/listinfo</a>]</span></font></div><div style="orphans: 2; widows: 2; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><font face="Helvetica"><span style="font-size: 12px;"><span class="Apple-tab-span" style="white-space: pre;"> </span>SCS Contact:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="mailto:scs-cotact@macosforge.org">scs-cotact@macosforge.org</a>]</span></font></div><div style="orphans: 2; widows: 2; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><font face="Helvetica"><span style="font-size: 12px;"><span class="Apple-tab-span" style="white-space: pre;"> </span>SCS Admin:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="mailto:scs-admin@macosforge.org">scs-admin@macosforge.org</a>]</span></font></div><div><font face="Helvetica"><span style="font-size: 12px;"><br></span></font></div></div></blockquote></div><br></div></div></blockquote></div><br></body></html>