[Pki-users] keygen support in RA
Mike Helm
helm at fionn.es.net
Wed Jun 8 23:22:09 UTC 2011
Andrew Wnuk writes:
> On 06/08/2011 02:46 PM, Mike Helm wrote:
> > Andrew Wnuk writes:
> >> Will Safari on iPad work similar way?
> > ipad/iphone seems to lack crypto services - there's nothing presented
> > by<keygen>,& no keys are generated. I don't find any UI for certificate
> > management either but I don't know very much about this platform.
> >
> > We suspect Apple is going to (or maybe does) support certificates by
> > generating keys, signing,& pushing to the device. I'd like to be
> > wrong about all of this - if we had some certificate UI we could
> > start supporting this platform in some capacity, which would be very
> > welcome. Thanks, ==mwh
>
> I saw some references on the net saying that iPad could use SCEP
> protocol to deploy certificates.
> (http://images.apple.com/ipad/business/pdf/iPad_Deployment_Scenarios.pdf)
> Have you tried this?
No we haven't but thanks for that tip - will definitely look into this.
My _guess_ at this point is that the platform can't generate the keys,
it needs to get them from somewhere else. Having never used SCEP I don't
know if the ipad platform can use a bare key pair to craft a signed SCEP
request or not. Otherwise, I read the page as discussing various methods the ipad
can use to download a certificate from a smarter one - like your Mac laptop.
However, the page doesn't seem to distinguish the private key handling from
cert handling, so....
Hand-me-down certificates fit our working scenarios today but we'll soon have customers that
want to conduct these transactions directly on their mobile platform. I think that'll
mean we have to have a key pair generator or some other trusted service.
Thanks, ==mwh
More information about the Pki-users
mailing list