From: abostick@netcom.com (Alan Bostick)
To: mab@research.att.com
Message Hash: 50a7533ce2d03e8e362ba00500af0f3731b270644a0b647c65bdd33e3f76d656
Message ID: <pxT/w8m9LAcF085yn@netcom.com>
Reply To: <199601171502.KAA16060@nsa.tempo.att.com>
UTC Datetime: 1996-01-18 00:08:00 UTC
Raw Date: Thu, 18 Jan 1996 08:08:00 +0800
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 18 Jan 1996 08:08:00 +0800
To: mab@research.att.com
Subject: Re: Microsoft's CAPI
In-Reply-To: <199601171502.KAA16060@nsa.tempo.att.com>
Message-ID: <pxT/w8m9LAcF085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
In article <199601171502.KAA16060@nsa.tempo.att.com>,
Matt Blaze <mab@research.att.com> wrote:
> The OS will not load just any old CSP. CSPs have to be signed by
> Microsoft. The kernel contains a (hardcoded?) 1024 RSA public key
> that it uses to check the signature when the user tries to load a CSP.
> If the signature check fails, the CSP won't load. Microsoft says it
> will sign any CSP from anyone AS LONG AS THEY CERTIFY THAT THEY WILL
> FOLLOW THE EXPORT RULES. So you can get your CSP signed if you use
> exportable cryptography or if you agree not to send it outside the US
> and Canada, etc. But an end user can't just compile crypto code and
> use it as a CSP, even for his or her own use, without getting it
> signed by Microsoft first (actually, the CSP development kit does
> allow this, but it uses a special version of the OS).
The next obvious question is: Will Microsoft sign strong-crypto CSPs
developed by foreign developers for out-of-USA use?
- --
Alan Bostick | He played the king as if afraid someone else
Seeking opportunity to | would play the ace.
develop multimedia content. | John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQB1AwUBMP09JuVevBgtmhnpAQHbyQMAw3yh1qhIrBD0RF2ppiiiJnwJkF45qMKm
vsjXXZY92dJPbdLcOebxBRPCBxpyRSVqVKsy6QPA0KsYdLIgFt+ziFYWRrv3PFjz
f3Jf2dg+rhJ6G4dhDhTqp4/pdUT0huzy
=78Il
-----END PGP SIGNATURE-----
Return to January 1996
Return to “scox@factset.com (Sean Cox)”