1996-07-10 - Re: MSoft crypto API’s
Header Data
From: jim bell <jimbell@pacifier.com>
To: “George Kuzmowycz” <cypherpunks@toad.com
Message Hash: 6cbd6e44696456d5855b57b8c438425e7eb925505c65f25e4c798039a761c00e
Message ID: <199607100335.UAA01215@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-07-10 07:37:38 UTC
Raw Date: Wed, 10 Jul 1996 15:37:38 +0800
Raw message
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Jul 1996 15:37:38 +0800
To: "George Kuzmowycz" <cypherpunks@toad.com
Subject: Re: MSoft crypto API's
Message-ID: <199607100335.UAA01215@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 07:19 PM 7/9/96 -0400, George Kuzmowycz wrote:
> The June 10, 1996 Network World carried a story on page 8 under the
>title "Microsoft breaks crypto barrier", which starts off as follows:
>
> " Microsoft Corp. last week said it will include cryptography-based
>security technology in its operating systems, messaging product and
>Web browser through a new set of APIs that will be available both in
>the U.S. and overseas.
>
> " The fact that the National Security Agency is allowing Microsoft
>to export the cryptographic APIs is somewhat of a coup for the
>software vendor, although the NSA did nothing to alter the current
>export ban on strong encryption."
>
> Later on, it says:
>
>" Microsoft's Crypto APIs will be available to third-party vendors
>writing applications with embedded security. But the hardware or
>software Crypto-engines for these applications will need to be
>digitally signed by Microsoft before they will work with the APIs.
>Under an unusual arrangement with the NSA, Microsoft will act as a
>front man for the powerful U.S. spy agency, checking on whether the
>vendors' products comply with U.S. export rules."
Unexplained: What if the program Microsoft is asked to sign is not
intended for export? Presumably, NSA has no authority, then, and thus
presumably Microsoft shouldn't be able to refuse to sign anything they're
asked.
Question: Doesn't this set up an action by Microsoft which would be
actionable under anti-trust laws (if it wasn't done at the behest of
government?)
Couldn't somebody IMPORT a piece of encryption software, have it signed by
Microsoft, then take the XOR of the signed and unsigned software and export
it? (It's not a tool capable of encryption...)
Or: Microsoft presumably has foreign branches, or at least it could easily
afford to set up one. What's to stop Microsoft from signing foreign
encryption software outside of the US? The software is never exported
(since it's already outside the country...), so there's no USA-law involv
ement.
Jim Bell
jimbell@pacifier.com
Thread
Return to July 1996
- Return to “jim bell <jimbell@pacifier.com>”
- Return to “Mike Ingle <inglem@adnetsol.com>”
Return to “The Deviant <deviant@pooh-corner.com>”
- 1996-07-10 (Wed, 10 Jul 1996 15:37:38 +0800) - Re: MSoft crypto API’s - jim bell <jimbell@pacifier.com>
- 1996-07-10 (Wed, 10 Jul 1996 17:42:18 +0800) - Re: MSoft crypto API’s - Mike Ingle <inglem@adnetsol.com>
- 1996-07-10 (Wed, 10 Jul 1996 19:23:34 +0800) - Re: MSoft crypto API’s - The Deviant <deviant@pooh-corner.com>