[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Microsoft CAPI



>From today's HotWired Packet http://www.packet.com:

"Today Microsoft is using similar technology as part of its Cryptography
API: You can't load an encryption engine into Windows 95 or Windows NT
unless that engine has been specially signed by Microsoft's corporate key.
The reason for this restriction, says the company, is the Clinton
administration: Microsoft couldn't have gotten export permission for its
operating systems if users could easily plug in crypto engines that hadn't
been approved. "

This is disturbing, if true, though I suspect there is also a less ominous
reason: you certainly want your cryptography provider to be trusted, and you
want to be sure the code has not been altered. The implications really
depend on Microsoft's policy on signing cryptography engines, and whether
they allow a way to delegate signature authority.

Ravi