From: Ravi Pandya <rpandya@netcom.com>
To: cypherpunks@toad.com
Message Hash: 3ac07164fc83b95029ff83f5228ff1fd9fc4b3db1da5d6db2f0313d6361ded4f
Message ID: <2.2.32.19961009152246.006be444@netcom8.netcom.com>
Reply To: N/A
UTC Datetime: 1996-10-09 15:28:43 UTC
Raw Date: Wed, 9 Oct 1996 08:28:43 -0700 (PDT)
From: Ravi Pandya <rpandya@netcom.com>
Date: Wed, 9 Oct 1996 08:28:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Microsoft CAPI
Message-ID: <2.2.32.19961009152246.006be444@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
>From today's HotWired Packet http://www.packet.com:
"Today Microsoft is using similar technology as part of its Cryptography
API: You can't load an encryption engine into Windows 95 or Windows NT
unless that engine has been specially signed by Microsoft's corporate key.
The reason for this restriction, says the company, is the Clinton
administration: Microsoft couldn't have gotten export permission for its
operating systems if users could easily plug in crypto engines that hadn't
been approved. "
This is disturbing, if true, though I suspect there is also a less ominous
reason: you certainly want your cryptography provider to be trusted, and you
want to be sure the code has not been altered. The implications really
depend on Microsoft's policy on signing cryptography engines, and whether
they allow a way to delegate signature authority.
Ravi
Return to October 1996
Return to ““Timothy C. May” <tcmay@got.net>”