[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Microsoft's CAPI
-----BEGIN PGP SIGNED MESSAGE-----
In article <[email protected]>,
Matt Blaze <[email protected]> wrote:
> The OS will not load just any old CSP. CSPs have to be signed by
> Microsoft. The kernel contains a (hardcoded?) 1024 RSA public key
> that it uses to check the signature when the user tries to load a CSP.
> If the signature check fails, the CSP won't load. Microsoft says it
> will sign any CSP from anyone AS LONG AS THEY CERTIFY THAT THEY WILL
> FOLLOW THE EXPORT RULES. So you can get your CSP signed if you use
> exportable cryptography or if you agree not to send it outside the US
> and Canada, etc. But an end user can't just compile crypto code and
> use it as a CSP, even for his or her own use, without getting it
> signed by Microsoft first (actually, the CSP development kit does
> allow this, but it uses a special version of the OS).
The next obvious question is: Will Microsoft sign strong-crypto CSPs
developed by foreign developers for out-of-USA use?
- --
Alan Bostick | He played the king as if afraid someone else
Seeking opportunity to | would play the ace.
develop multimedia content. | John Mason Brown, drama critic
Finger [email protected] for more info and PGP public key
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQB1AwUBMP09JuVevBgtmhnpAQHbyQMAw3yh1qhIrBD0RF2ppiiiJnwJkF45qMKm
vsjXXZY92dJPbdLcOebxBRPCBxpyRSVqVKsy6QPA0KsYdLIgFt+ziFYWRrv3PFjz
f3Jf2dg+rhJ6G4dhDhTqp4/pdUT0huzy
=78Il
-----END PGP SIGNATURE-----