J._Andr�s_Hall wrote:
> Not really, because (in theory at least!) CryptoAPI CSPs
> (Crypto Service Provider modules that implement the algos
> offered by CryptoAPI) need to be digitally signed by Microsoft
> in Redmond for your security and to keep the NSA from labelling
> CryptoAPI as CWAH. Microsoft, in compliance with the NSA,
> will only sign US CSP modules.
Yeap. BUGTRAQ reported last month, that it's easy
for a user to replace NSA key with his own key.
This way anyone can sign a module.
Regards,
Mike
----
Michal Trojnara * +48 501 00 12 43
IT Security Officer * PTK Centertel
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
