> From: Rich Salz [mailto:[EMAIL PROTECTED]]
>
>
> > > how do you protect your CSP from being replaced
> >
> > Load it from a CD ROM, run tripware or something similar.
> This is a generic
> > system integrity issue and not especially significant.
>
> Well, it is in this particular case.
I meant significant in the context of the question at the start of this
thread.
> If you are really concerned about your CSP being replaced, then you
> should be concerned about things like the C run-time library or the
> core Win32 API libraries being replaced.
And we appear to agree.
____
Knowing my limits, I was hoping someone more informed might have said
something on this by now:
After a very quick survey of the patches I could find, all the ones for
various IEs up to version 5 include US-domestic versions of schannel. There
is a similar principle for Outlook which appears to have it's own CSP.
Things are apparently better abstracted with W2K; the patch upgrades the
crypto strength of SSL, IPEC, EFS amongst others and there's no schannel (to
inexpert eyes it's little more than the enhanced provider).
So it seems an open CSP is not so immediately useful. Perhaps when W2K takes
hold if the CSP verification can still be subverted without too much effort.
-Alan-
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
