ActiveX uses code signing. It uses Authenticode to verify the origin of
a control and thus assess its reliability and safety. Independent
certificate authorities (CAs) like VeriSign issue the digital signatures
to mark the code. Developers have to pay for the certificates, and in
order to be considered for a certificate you must pass through a
screening process. The digital signature is 1024 bits and thus difficult
to reverse engineer.
Question: It is possible that Microsoft and Verisign may be in violation
of current cryptography export restrictions given that ActiveX controls
are signed with 1024 bits? Or did they get a special exemption?
--------------0B9C37E168F2629617727888
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
ActiveX uses code signing. It uses Authenticode to verify the origin of a control and thus assess its reliability and safety. Independent certificate authorities (CAs) like VeriSign issue the digital signatures to mark the code. Developers have to pay for the certificates, and in order to be considered for a certificate you must pass through a screening process. The digital signature is 1024 bits and thus difficult to reverse engineer.
Question: It is possible that Microsoft and Verisign may be in violation
of current cryptography export restrictions given that ActiveX controls
are signed with 1024 bits? Or did they get a special exemption?
--------------0B9C37E168F2629617727888--