From: Ravi Pandya <rpandya@netcom.com>
Date: Wed, 9 Oct 1996 08:28:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Microsoft CAPI
Message-ID: <2.2.32.19961009152246.006be444@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>From today's HotWired Packet http://www.packet.com:

"Today Microsoft is using similar technology as part of its Cryptography
API: You can't load an encryption engine into Windows 95 or Windows NT
unless that engine has been specially signed by Microsoft's corporate key.
The reason for this restriction, says the company, is the Clinton
administration: Microsoft couldn't have gotten export permission for its
operating systems if users could easily plug in crypto engines that hadn't
been approved. "

This is disturbing, if true, though I suspect there is also a less ominous
reason: you certainly want your cryptography provider to be trusted, and you
want to be sure the code has not been altered. The implications really
depend on Microsoft's policy on signing cryptography engines, and whether
they allow a way to delegate signature authority.

Ravi