[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: authenticating intrahost crypto providers

To: [email protected] (James Leppek), [email protected]
Subject: Re: authenticating intrahost crypto providers
From: "James A. Donald" <[email protected]>
Date: Sat, 20 Jan 1996 12:26:16 -0800
Sender: [email protected]

At 11:37 AM 1/18/96 EST, James Leppek wrote:
>
> I have been doing some research on the development of an abstract
> security services API(not just a CAPI) and have hit a road block. 
> The problem revolves around the need to authenticate a 
> security service provider to an application.

No such need.

If the attacker can introduce his own module to supply crypto services
then he must have administrator (NT equivalent of root) privileges,
in which case your are stuffed regardless.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   [email protected]

Follow-Ups:
- Econo-terrorism against Iraq
  - From: "Patiwat Panurach (akira rising)" <[email protected]>

Prev by Date: No Subject
Next by Date: ITAR and hash functions (Perry's question)
Prev by thread: authenticating intrahost crypto providers
Next by thread: Econo-terrorism against Iraq
Index(es):
- Date
- Thread