From: geeman@best.com
Date: Wed, 18 Dec 1996 07:29:41 -0800 (PST)
To: Marc Horowitz <cypherpunks@toad.com
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <3.0.32.19961218073206.006b691c@best.com>
MIME-Version: 1.0
Content-Type: text/plain



Microsoft had to agree to validate crypto binaries against
a signature to make sure they weren't tampered with, in 
exchange for shipping crypto-with-a-hole.  They will
sign anything (theoretically) if it has the export
papers and all.  Or without, if you affadavit it is not
for export.

They do not themselves impose any restrictions on crypto
strength.

I'm not expressing political position here, just conveying facts ....

At 01:13 AM 12/18/96 -0500, Marc Horowitz wrote:
>roy@sendai.scytale.com (Roy M. Silvernail) writes:
>
>>> I just got my copy of the Microsoft Cryptographic Service Provider
>>> Development Kit, Version 1.0.  It appears to support only Windows NT.  A
>>> first glance reveals no built-in GAK (but I haven't examined it closely
>>> yet!).
>
>You're right, you haven't looked at it closely.  Although it doesn't
>have Key Escrow, new cryptosystems can only be added if they are
>signed by a private key held by Microsoft.  Of course, Microsoft has
>agreed with the State Dept. to sign only export-"strength" crypto.
>
>		Marc
>
>