Michal Trojnara schrieb: > > J._Andrés_Hall wrote: > > Not really, because (in theory at least!) CryptoAPI CSPs > > (Crypto Service Provider modules that implement the algos > > offered by CryptoAPI) need to be digitally signed by Microsoft > > in Redmond for your security and to keep the NSA from labelling > > CryptoAPI as CWAH. Microsoft, in compliance with the NSA, > > will only sign US CSP modules. > > Yeap. BUGTRAQ reported last month, that it's easy > for a user to replace NSA key with his own key. > This way anyone can sign a module. BUT: only one CSP signed by everybody and his dog can be loaded at any given time since the replacement NSAKEY is different for every provider. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
