1996-07-10 - Re: MSoft crypto API’s

Header Data

From: jim bell <jimbell@pacifier.com>
To: “George Kuzmowycz” <cypherpunks@toad.com
Message Hash: 6cbd6e44696456d5855b57b8c438425e7eb925505c65f25e4c798039a761c00e
Message ID: <199607100335.UAA01215@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-07-10 07:37:38 UTC
Raw Date: Wed, 10 Jul 1996 15:37:38 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Jul 1996 15:37:38 +0800
To: "George Kuzmowycz" <cypherpunks@toad.com
Subject: Re: MSoft crypto API's
Message-ID: <199607100335.UAA01215@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:19 PM 7/9/96 -0400, George Kuzmowycz wrote:
>  The June 10, 1996 Network World carried a story on page 8 under the 
>title "Microsoft breaks crypto barrier", which starts off as follows:
>
>  " Microsoft Corp. last week said it will include cryptography-based 
>security technology in its operating systems, messaging product and 
>Web browser through a new set of APIs that will be available both in 
>the U.S. and overseas.
>
> " The fact that the National Security Agency is allowing Microsoft 
>to export the cryptographic APIs is somewhat of a coup for the 
>software vendor, although the NSA did nothing to alter the current 
>export ban on strong encryption."
>
>  Later on, it says:
>
>"  Microsoft's Crypto APIs will be available to third-party vendors
>writing applications with embedded security. But the hardware or
>software Crypto-engines for these applications will need to be
>digitally signed by Microsoft before they will work with the APIs.
>Under an unusual arrangement with the NSA, Microsoft will act as a
>front man for the powerful U.S. spy agency, checking on whether the
>vendors' products comply with U.S. export rules."

Unexplained:   What if the program Microsoft is asked to sign is not 
intended for export?  Presumably, NSA has no authority, then, and thus 
presumably Microsoft shouldn't be able to refuse to sign anything they're 
asked.

Question:  Doesn't this set up an action by Microsoft which would be 
actionable under anti-trust laws (if it wasn't done at the behest of 
government?)


Couldn't somebody IMPORT a piece of encryption software, have it signed by 
Microsoft, then take the XOR of the signed and unsigned software and export 
it?  (It's not a tool capable of encryption...)

Or:  Microsoft presumably has foreign branches, or at least it could easily 
afford to set up one.  What's to stop Microsoft from signing foreign 
encryption software outside of the US?  The software is never exported 
(since it's already outside the country...), so there's no USA-law involv
ement.
Jim Bell
jimbell@pacifier.com





Thread