Andrew Wnuk writes:
 On 06/08/2011 02:46 PM, Mike Helm wrote:
 > Andrew Wnuk writes:
 >> Will Safari on iPad work similar way?
 > ipad/iphone seems to lack crypto services - there's nothing presented
 > by<keygen>,&  no keys are generated.  I don't find any UI for
certificate
 > management either but I don't know very much about this platform.
 >
 > We suspect Apple is going to (or maybe does) support certificates by
 > generating keys, signing,&  pushing to the device.  I'd like to be
 > wrong about all of this - if we had some certificate UI we could
 > start supporting this platform in some capacity, which would be very
 > welcome.  Thanks, ==mwh
 
 I saw some references on the net saying that iPad could use SCEP 
 protocol to deploy certificates.
 (
http://images.apple.com/ipad/business/pdf/iPad_Deployment_Scenarios.pdf)
 Have you tried this? 
No we haven't but thanks for that tip - will definitely look into this.
My _guess_ at this point is that the platform can't generate the keys,
it needs to get them from somewhere else.   Having never used SCEP I don't
know if the ipad platform can use a bare key pair to craft a signed SCEP
request or not.  Otherwise, I read the page as discussing various methods the ipad
can use to download a certificate from a smarter one - like your Mac laptop.
However, the page doesn't seem to distinguish the private key handling from
cert handling, so....
Hand-me-down certificates fit our working scenarios today but we'll soon have
customers that
want to conduct these transactions directly on their mobile platform.  I think
that'll
mean we have to have a key pair generator or some other trusted service.
Thanks, ==mwh