[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Microsoft's CAPI
The shadowy figure took form and announced "I am Alan Bostick and I say ...
> The next obvious question is: Will Microsoft sign strong-crypto CSPs
> developed by foreign developers for out-of-USA use?
To obvious really, if they signed strong foreign crypto MS would
neither be exporting strong crypto or exporting an application that
had general purpose crypto hooks, since technically only that specific
foreign implementation could be used.
However I would guess that the arrangement with the guvmint would
label the signing to be the equivalent of MS exporting an application
with strong crypto and subject to the same disciplinary measures, just
transfered to the time of signing. Perhaps there will be some
modification to the itar - thou shalt not _enable_ foreign markets to
have strong crypto.
I assume MS would be free to sign weak foreign crypto, but as "weak"
crypto is hard/expensive to determine I think they would take the easy
way out. Id also expect a kernel patch to be part of the install
procedure of foreign crypto.
--Matt