[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NOT NOISE] Microsoft Crypto Service Provider API




Microsoft had to agree to validate crypto binaries against
a signature to make sure they weren't tampered with, in 
exchange for shipping crypto-with-a-hole.  They will
sign anything (theoretically) if it has the export
papers and all.  Or without, if you affadavit it is not
for export.

They do not themselves impose any restrictions on crypto
strength.

I'm not expressing political position here, just conveying facts ....

At 01:13 AM 12/18/96 -0500, Marc Horowitz wrote:
>[email protected] (Roy M. Silvernail) writes:
>
>>> I just got my copy of the Microsoft Cryptographic Service Provider
>>> Development Kit, Version 1.0.  It appears to support only Windows NT.  A
>>> first glance reveals no built-in GAK (but I haven't examined it closely
>>> yet!).
>
>You're right, you haven't looked at it closely.  Although it doesn't
>have Key Escrow, new cryptosystems can only be added if they are
>signed by a private key held by Microsoft.  Of course, Microsoft has
>agreed with the State Dept. to sign only export-"strength" crypto.
>
>		Marc
>
>