[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NOT NOISE] Microsoft Crypto Service Provider API

To: Marc Horowitz <[email protected]>, [email protected], [email protected]
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
From: [email protected]
Date: Wed, 18 Dec 1996 07:36:04 -0800
Cc: [email protected]
Sender: [email protected]

Microsoft had to agree to validate crypto binaries against
a signature to make sure they weren't tampered with, in 
exchange for shipping crypto-with-a-hole.  They will
sign anything (theoretically) if it has the export
papers and all.  Or without, if you affadavit it is not
for export.

They do not themselves impose any restrictions on crypto
strength.

I'm not expressing political position here, just conveying facts ....

At 01:13 AM 12/18/96 -0500, Marc Horowitz wrote:
>[email protected] (Roy M. Silvernail) writes:
>
>>> I just got my copy of the Microsoft Cryptographic Service Provider
>>> Development Kit, Version 1.0.  It appears to support only Windows NT.  A
>>> first glance reveals no built-in GAK (but I haven't examined it closely
>>> yet!).
>
>You're right, you haven't looked at it closely.  Although it doesn't
>have Key Escrow, new cryptosystems can only be added if they are
>signed by a private key held by Microsoft.  Of course, Microsoft has
>agreed with the State Dept. to sign only export-"strength" crypto.
>
>		Marc
>
>

Prev by Date: Re: WARNING: VIRUS: [Was: Re: Encryption to the poors]
Next by Date: Parolees Can't Possess Crypto
Prev by thread: Re: [NOT NOISE] Microsoft Crypto Service Provider API
Next by thread: Re: [NOT NOISE] Microsoft Crypto Service Provider API
Index(es):
- Date
- Thread