- Original Message -
From: Lucky Green <[EMAIL PROTECTED]>
To: cypherpunks@Algebra. COM <[EMAIL PROTECTED]>
Cc: Cryptography@C2. Net <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, September 03, 1999 12:21 AM
Subject: NSA key in MSFT Crypto API
> Pe
Here's what I said about this on another list:
I must admit that this doesn't make much sense to me.
I was at Crypto, but I must have missed the rump session talk in question
(and it's entirely possible that the talk occurred anyway - I was out of the
room for a good deal of that session). In a
The actual funny story behind the presence of the NSA key has been
seriously misunderstood here. CSP verification keys have only one *real*
purpose: They are intended to enforce the US export restriction
requirement that Microsoft is not allowed to ship software abroad that
can easily be extended
It's not clear to me why being able to sign CSP modules is a risky thing
anyway; all it means is that Windows will load and execute your crypto. The
mechanism is designed to keep overseas end users from being able to build
and install strong crypto libraries. If the NSA has a key, all they can do
> >http://www.cryptonym.com/hottopics/msft-nsa.html
>
> Perhaps more interestingly, the program lets you replace the key, too.
Microsoft prevents third parties from installing un-authorized crypto
code under CAPI by checking the signature on the code. Under their
export deal, they refuse to sign