Recent discussion on the cypherpunks list(s) talked about the feasibility of subverting Microsoft's security model by stealing their private key(s). The following snippet (originally sent to RISKS digest) might be of interest:
Date: Mon, 3 Mar 1997 19:23:15 -0800 From: "Bob Atkinson (Exchange)" <bobatk@EXCHANGE.MICROSOFT.com> Subject: Comments and corrections regarding Authenticode
As the architect and primary implementor of the Authenticode code-signing technology (boy, that'll get me mail :-) found in Internet Explorer 3 and in Windows NT 4, I think my perhaps somewhat lengthy and clearly very biased perspective on some recent articles might be of interest to others. Bob Atkinson [...] For those curious: at the present time, the private keys with which Microsoft signs code that it publishes are managed inside BBN SafeKeyper boxes housed in a guarded steel and concrete bunker. Even were a SafeKeyper to somehow be physically stolen, these cool little boxes have several elaborate internal defenses designed to have the box destroy itself rather than compromise its keys. As I understand things, a military variation on the SafeKeyper technology is used as an integral part of launch control of nuclear missiles on submarines in the US Navy.
-- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |