> > It works
> > better to patch out NSA's key with your own -- then you can load both
> > your own crypto code and all the standard MS stuff.
I'm sorry, but my original followup apparently wasn't clear enough.
In a very important sense, it doesn't matter who actually "owns"
the NSAKEY. What matters is that there is a second key, that this
key can be used to verify CSP's, that it can be replaced without adversely
affecting the rest of the "operating system," and that no special
privileges are needed to do the replacement. A program that does
exactly this is already available.
I think the following would be a very "interesting experiment": generate
a keypair and cert. Wrap them into a PKCS12/PFX message. Modify the
Melissa virus so that it mails that message and a human-readable version
of the keypair. Have the modified virus also include and execute the
replacement program mentioned above. (This is a simplification; of course
you'd want a new single virus that did all of the above. The important
part is that all the parts have already been done.)
If the virus were "succesful," then in unde a week a noticeable
percentage of systems running the world's most popular platform would
now be able to use any strong cryptography that was signed by a key that
was distributed world-wide.
Don't you think many folks would be highly conflicted about whether or not
to help spread it?
*This* would be the closest thing to the true realization of Brunner's
_Shockwave Rider_ (information is free). A lot more than Morris did.
/r$
