[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: exporting signatures only/CAPI (was Re: Why not PGP?)



-----BEGIN PGP SIGNED MESSAGE-----

In article <[email protected]>,
Adam Back  <[email protected]> wrote:
>
>What exactly is microsoft certifying when they sign a CAPI module?
>
>That it is quality crypto?  Has no obvious bugs?  That it won't crash
>your system?

I remember hearing (if my memory is correct, from the mouth of a Microsoft
employee at Crypto '96) that when Microsoft signs a module, they are certifying
that they saw a signed sheet of paper swearing that either
(1) you won't export the software, or
(2) you have received an appropriate export license.

AFAIK, they don't even read the code.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmaWoEZRiTErSPb1AQEsrQP/V8fxGzqySpul2UKQLHDcNeY23UFVibvo
weLgaoEdTE40+A7iKfEUyQe6LUvDKKO+HPdxO2jfq9rdT+QUFpm0e0VI8j8kaUQS
6M05fRV/Q66YlmTspiz0jfyGOLauYAtlh8ow+fftAdfUGnb9vN4ODsT8z0Vd59xc
nsAFH9UihU8=
=QIJT
-----END PGP SIGNATURE-----