from http://www.nwfusion.com/news/0111ntcrypt.html and
[EMAIL PROTECTED]
===
Products must pass the Federal Information Processing Standard (FIPS) 140-1
certification test before they can be sold to the U.S. and Canadian
governments <to be used to store sensitive information>.
Not only did the Redmond, Wash., giant fail the cryptography tests, but
Microsoft officials now acknowledge that the lab scrutiny exposed
shortcomings in NT's cryptographic processing that will force Microsoft to
redesign the operating system.
Microsoft expects to issue a service-pack upgrade later this year - once NT
finally makes it through FIPS 140-1 testing.
"We expect this to happen early in the first quarter, but we have to allow
for additional delays," says Patrick Arnold, program manager at Microsoft
Federal Systems.
The Microsoft code fix, however, will prevent users who apply it from using
Internet Explorer 4.0, Outlook 98 and perhaps other applications, such as
the Microsoft Internet Information Server.
"Only Internet Explorer 5.0 will know how to work in FIPS mode," Arnold
explains, adding Microsoft is still assessing the application
interoperability problems that will result from the fix.
Microsoft has already released NT Service Pack 4, which was supposed to be
the last upgrade for NT 4.0. The company has not yet announced the FIPS
upgrade and has not explained whether all users - or just the ones that
need the FIPS compliance - will be urged to upgrade.
The problems, which were uncovered at CygnaCom Solutions, a
government-certified testing lab, are related to NT 4.0's CryptoAPIs.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
