On Sat, Sep 04, 1999 at 01:59:01AM +0200, Lucky Green wrote:
> On Fri, 3 Sep 1999, Tim Dierks wrote:
>
> > Even if the key belongs to the NSA, I suspect that the NSA just wanted to be
> > able to load classified Crypto Service Providers into Windows and didn't
> > want to have to send said classified software to Microsoft for approval, so
> > they got the key installed so they could approve software in house.
>
> Classified crypto is done in secure hardware. Any hypothetical CSP's the
> NSA needs to install on their own machines would not contain classified
> algorithms. Hence the NSA could submit them to Microsoft for signing.
I'm not a CAPI expert, but my understanding is that there is a CSP
required even for hardware crypto. A hardware CSP would send
data and keys etc as appropriate to the crypto hardware.
This is how PKCS#11 and CDSA work.
--
Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5
