1996-07-10 - Re: MSoft crypto API’s

Header Data

From: jim bell <jimbell@pacifier.com>
To: Enzo Michelangeli <enzo@ima.com>
Message Hash: de62cb98a6d7bf03b824774b269fc26cc3ffdcb8f9ee686b1438c57fa8674675
Message ID: <199607101639.JAA02677@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-07-10 21:44:12 UTC
Raw Date: Thu, 11 Jul 1996 05:44:12 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Thu, 11 Jul 1996 05:44:12 +0800
To: Enzo Michelangeli <enzo@ima.com>
Subject: Re: MSoft crypto API's
Message-ID: <199607101639.JAA02677@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:04 PM 7/10/96 +0800, Enzo Michelangeli wrote:

>> 
>> "  Microsoft's Crypto APIs will be available to third-party vendors
>> writing applications with embedded security. But the hardware or
>> software Crypto-engines for these applications will need to be
>> digitally signed by Microsoft before they will work with the APIs.
>> Under an unusual arrangement with the NSA, Microsoft will act as a
>> front man for the powerful U.S. spy agency, checking on whether the
>> vendors' products comply with U.S. export rules."


>More details are available from MS' web pages at:
>http://www.microsoft.com/win32dev/apiext/capi4.htm
>and:
>http://www.microsoft.com/intdev/security/cryptapi.htm
>
>I understand that NSA may have accepted the arrangement because only
>signed CSP's will be loaded under the CAPI, and MS will only sign them in
>Redmond. So, strong CSP modules developed outside the US will not be useable
>there because, once gone to Redmond, won't be re-exportable.

However, see my commentary to Mike Ingle.  If it's a foreign manufacturer 
we're talking about, then even though  the export of the signed package 
might arguably be illegal, ONLY ONE copy of it needs to be exported, 
possibly by some anonymous person who has nothing to do with either company. 
 The export will be illegal, but once exported any recipients would 
presumably be able to do anything they want with the program.


>The interesting part is that the basic, but crippled, CSP (PROV_RSA_FULL) 
>will be supplied for free by MS:

So they DIDN'T want their pieces of silver, huh?



Jim Bell
jimbell@pacifier.com





Thread