From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 27 Jan 1996 14:12:32 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Microsoft's CryptoAPI - thoughts?
Message-ID: <199601270550.VAA23195@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


For those allergic to Microsoft word, I have htmlized the crypto api

You can find it at

http://www.jim.com/jamesd/mscryptoapi.html


I hope that microsoft will soon have an official html version.

A notable misfeature of the API is that it assumes that in general 
you will have two key pairs.  One for signing and one for encrypting.

Since in the most common case you are encrypting something related to a
signed message by the person you are encrypting to this is a
bad idea, and protocols that require two key pairs to avoid protocol
failure are hazardous and inconvenient.  I think Microsoft should 
not have chosen to support such protocols.

The Crypto engine that Microsoft will soon distribute in every copy of
NT and windows will of course be crippled -- 512 bit RSA keys and
40 bit RC4 keys, but of course we should not do anything about this 
until we have some crypto enable applications floating around.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com