1996-10-17 - Re: exporting signatures only/CAPI (was Re: Why not PGP?)

Header Data

From: iang@cs.berkeley.edu (Ian Goldberg)
To: cypherpunks@toad.com
Message Hash: 4427ad29d5a1252995aa8ffe2e81c3320490e7f12a992b008f05c05d831e901b
Message ID: <5464re$n6d@abraham.cs.berkeley.edu>
Reply To: <199610121908.OAA19871@homeport.org>
UTC Datetime: 1996-10-17 20:27:55 UTC
Raw Date: Thu, 17 Oct 1996 13:27:55 -0700 (PDT)

Raw message

From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 17 Oct 1996 13:27:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <199610121908.OAA19871@homeport.org>
Message-ID: <5464re$n6d@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199610130802.JAA00335@server.test.net>,
Adam Back  <aba@dcs.ex.ac.uk> wrote:
>
>What exactly is microsoft certifying when they sign a CAPI module?
>
>That it is quality crypto?  Has no obvious bugs?  That it won't crash
>your system?

I remember hearing (if my memory is correct, from the mouth of a Microsoft
employee at Crypto '96) that when Microsoft signs a module, they are certifying
that they saw a signed sheet of paper swearing that either
(1) you won't export the software, or
(2) you have received an appropriate export license.

AFAIK, they don't even read the code.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmaWoEZRiTErSPb1AQEsrQP/V8fxGzqySpul2UKQLHDcNeY23UFVibvo
weLgaoEdTE40+A7iKfEUyQe6LUvDKKO+HPdxO2jfq9rdT+QUFpm0e0VI8j8kaUQS
6M05fRV/Q66YlmTspiz0jfyGOLauYAtlh8ow+fftAdfUGnb9vN4ODsT8z0Vd59xc
nsAFH9UihU8=
=QIJT
-----END PGP SIGNATURE-----





Thread