The key in question allows the holder of the corresponding private key to sign a cryptographic package and have it be installable and accessible via the Windows Crypto API. Big deal.
How is such a package going to get on your machine? Either it is distributed on the NT CD, or it is installed on a machine some time after NT is installed.
If it is being distributed on the CD, this implies complete MS cooperation, what would be the point of signing a backdoored package with an NSA key? Just get MS to go ahead and sign it.
If it is installed somehow after NT is installed then ANY means used to distribute such a package could also be used to defeat the whole code signing check, by simply replacing or patching ADVAPI32.DLL or any other files involved. So to coerce MS to install the code authentication key is not necessary, and it merely risks drawing unwelcome attention like that given here.
Slashdot Mirror
The key in question allows the holder of the corresponding private key to sign a cryptographic package and have it be installable and accessible via the Windows Crypto API. Big deal.
How is such a package going to get on your machine? Either it is distributed on the NT CD, or it is installed on a machine some time after NT is installed.
If it is being distributed on the CD, this implies complete MS cooperation, what would be the point of signing a backdoored package with an NSA key? Just get MS to go ahead and sign it.
If it is installed somehow after NT is installed then ANY means used to distribute such a package could also be used to defeat the whole code signing check, by simply replacing or patching ADVAPI32.DLL or any other files involved. So to coerce MS to install the code authentication key is not necessary, and it merely risks drawing unwelcome attention like that given here.
Ben Lawrence