1997-03-05 - Re: Microsoft Authenticode key security

Header Data

From: Toto <toto@sk.sympatico.ca>
To: gbroiles-nospam@netbox.com
Message Hash: 107a7e84574d088ad8968a3d7bb97183dd1a81b00386ff131799f2e0f1efb620
Message ID: <331DAAC8.D2E@sk.sympatico.ca>
Reply To: <331e62b2.3884779@library.airnews.net>
UTC Datetime: 1997-03-05 17:32:14 UTC
Raw Date: Wed, 5 Mar 1997 09:32:14 -0800 (PST)

Raw message

From: Toto <toto@sk.sympatico.ca>
Date: Wed, 5 Mar 1997 09:32:14 -0800 (PST)
To: gbroiles-nospam@netbox.com
Subject: Re: Microsoft Authenticode key security
In-Reply-To: <331e62b2.3884779@library.airnews.net>
Message-ID: <331DAAC8.D2E@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain

Greg Broiles wrote:
> >From: "Bob Atkinson (Exchange)" <bobatk@EXCHANGE.MICROSOFT.com>
> >Subject: Comments and corrections regarding Authenticode
> >
> >For those curious: at the present time, the private keys with which
> >Microsoft signs code that it publishes are managed inside BBN SafeKeyper
> >boxes housed in a guarded steel and concrete bunker. Even were a SafeKeyper
> >to somehow be physically stolen, these cool little boxes have several
> >elaborate internal defenses designed to have the box destroy itself rather
> >than compromise its keys.

  Bob fails to mention, however, that, as a backup system, the keys are 
also written on pieces of masking tape attached to the underside of
his keyboard.