From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 10 Jul 1996 19:15:56 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: MSoft crypto API's
Message-ID: <199607100906.FAA27981@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  9 Jul 96 at 20:34, jim bell wrote:
[..]
> Unexplained:   What if the program Microsoft is asked to sign is not 
> intended for export?  Presumably, NSA has no authority, then, and thus 

They could insist on only signing exportable software, and in theory 
use that as ITAR-relaxing leverage.

Methinks it's a bad move to only have MS sign software... presumably 
they won't outright refuse to sign competitors software.  It would be 
a conflict of interest for them not to... very usable as evidence 
against MS in an anti-trust suit.  Independent CA's would be better.

IMO, it gives a false sense of sucurity to even require crypto apps 
to be signed.  A lot of folks would want a developer's kit (probably 
cost $$$) to get around that requirement... nice loophole, BTW, for 
those that can afford it.  Or until somebody patches the code to 
ignore bad signatures of lack of them and releases the patch.

Oh yeah... false sense of security in that if an app is signed, it 
must be secure.  Will the new Windows wipe all temporary files and 
the swap file?  Otherwise it makes a CryptoAPI meaningless.

There'll be a problem with PGPlib as well... what if people want to 
compile their own version?  Assuming MS will even sign it... that 
will be a quagmire.  It's likely that if strong crypto is not 
implemented in the MS API (or it is done so in an insecure fashion), 
hardly anyone will use it.

> presumably Microsoft shouldn't be able to refuse to sign anything they're 
> asked.

Why? Assuming there were no export restrictions... if it's signed by 
MS, people will take it to mean that MS is vouching for it.  If they 
sign a library that does 'naughty things' or is an incredibly 
incompetant implementation of an algorithm, it could turn out to be 
bad PR for them.  (Hm... they could use this as an excuse to read 
competitor's source code.)

[..]
> Couldn't somebody IMPORT a piece of encryption software, have it signed by 
> Microsoft, then take the XOR of the signed and unsigned software and export 
> it?  (It's not a tool capable of encryption...)

Under that logic, I could do the same to a PGP distribution.  I doubt 
the state department would look at it that way, or a jury for that 
matter.  If you want to risk a few years in Federal Prison, go 
ahead... though chances are crypto-apps seem to make it out of the 
country anyway...

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.