[3010] in WWW Security List Archive
Re: CryptoAPI 2
daemon@ATHENA.MIT.EDU (Adam Shostack)
Fri Sep 20 10:05:53 1996
From: Adam Shostack <adam@homeport.org>
To: tomj@microsoft.com (Tom Johnston)
Date: Fri, 20 Sep 1996 07:53:45 -0500 (EST)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <c=US%a=_%p=msft%l=RED-71-MSG-960919162345Z-30623@tide21.microsoft.com> from "Tom Johnston" at Sep 19, 96 09:23:45 am
Errors-To: owner-www-security@ns2.rutgers.edu
Tom Johnston wrote:
| Interested in including cryptography and certificates in your
| applications,
| but don't want to worry about writing code to implement PKCS 7, X.509,
| ASN.1, or actually write cryptographic routines yourself?
Interested in letting Microsoft decide if they'll let you
compete with them in the future?
CAPI involves having Microsoft issue certificates that let
your code run on their operating system. In keeping with good crypto
design, the certs expire. Giving up control of your computer &
software like this doesn't strike me as wise.
In addition, the CAPI controllers won't let you run strong
crypto on non-US English versions of the OS, even if those versions
are inside the US, say, for testing purposes. This was part of the
ITAR deal that MS made.
If you don't want to write crypto routines in C, C++, Perl,
Java or Python, check out my list of free crypto libraries, at
www.homeport.org/~adam/crypto/
No salesman will call. :)
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
