Microsoft's interest in the CSP signing process is to maintain the integrity of system security and the exportability of CryptoAPI-enabled systems and applications, and to exercise due diligence under prevailing U.S. export controls. The CSP signing policy makes several major distinctions based on Microsoft's obligations under U.S. export law. First, it distinguishes between CSPs developed in North America from those developed elsewhere. Second, it distinguishes between CSPs intended for sale or distribution within North America only from those intended for export or sale outside North America. Generally the signing policy requirements for CSPs intended for use only within North America are fewer than for CSPs intended for export; and because U.S. export law restricts the export of any encryption technology or services, the requirements and restrictions on CSPs from vendors outside North America intended for use outside North America are greater still. Each of these scenarios is described in greater detail in the following sections.
Microsoft will sign CSPs subject only to the limitations of U.S. export controls. We will sign CSPs from competitors. At present we will sign CSPs at our facilities in Redmond, Washington, USA.