From: Martin Minow <minow@apple.com>
Date: Sun, 23 Feb 1997 18:14:39 -0800 (PST)
To: jim bell <cypherpunks@toad.com
Subject: Re: Speculations on Espionage-Enabled Encryption
In-Reply-To: <199702232031.MAA11004@mail.pacifier.com>
Message-ID: <v03010d00af36a7c016f5@[17.219.103.242]>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell writes:
>
>Has it been established that Microsoft (is only/can only) sign crypto
>add-ons which are approved for export?  Since there are no restrictions
>domestically, presumably Microsoft can sign anything it wants.  If those
>versions ever manage to "sneak out" of the country, well that's too bad!
>

Here are some speculations based, in part, on my interpretation (repeat,
MY INTERPRETATION) of discussion on code signing at last year's
Java One conference:

-- Only the vendor, physically located in the USA, will sign crypto add-ons.
-- Since the add-ons are physically signed in the USA, the signed
   add-on must comply with all export regulations. I.e., no
   restriction on domestic use, various export control restrictions
   as appropriate to the crypto add-on.

I would presume that the add-on would be distributed public-key
encrypted, and could only be created by the holder of the corresponding
private key (i.e. the operating-system vendor) and, furthermore, could
only be run by an operating system that could decrypt the add-on package.
A vendor could presumably export operating system variants that
could not execute some subset of crypto add-ons because the variant
lacks the ability to decrypt the package.

In the long-term (3-5 years), I wouldn't be suprised to find the
decryption capability moved onto the processor chip, making the
problem of distribution strong crypto more difficult.

Martin Minow
minow@apple.com