From: geeman@best.com
To: Marc Horowitz <cypherpunks@toad.com
Message Hash: b32f68806aa118d05d48328a50e524d4d7ab612e691d5001e5b1e2d8d12d5750
Message ID: <3.0.32.19961218073206.006b691c@best.com>
Reply To: N/A
UTC Datetime: 1996-12-18 15:29:41 UTC
Raw Date: Wed, 18 Dec 1996 07:29:41 -0800 (PST)
From: geeman@best.com
Date: Wed, 18 Dec 1996 07:29:41 -0800 (PST)
To: Marc Horowitz <cypherpunks@toad.com
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <3.0.32.19961218073206.006b691c@best.com>
MIME-Version: 1.0
Content-Type: text/plain
Microsoft had to agree to validate crypto binaries against
a signature to make sure they weren't tampered with, in
exchange for shipping crypto-with-a-hole. They will
sign anything (theoretically) if it has the export
papers and all. Or without, if you affadavit it is not
for export.
They do not themselves impose any restrictions on crypto
strength.
I'm not expressing political position here, just conveying facts ....
At 01:13 AM 12/18/96 -0500, Marc Horowitz wrote:
>roy@sendai.scytale.com (Roy M. Silvernail) writes:
>
>>> I just got my copy of the Microsoft Cryptographic Service Provider
>>> Development Kit, Version 1.0. It appears to support only Windows NT. A
>>> first glance reveals no built-in GAK (but I haven't examined it closely
>>> yet!).
>
>You're right, you haven't looked at it closely. Although it doesn't
>have Key Escrow, new cryptosystems can only be added if they are
>signed by a private key held by Microsoft. Of course, Microsoft has
>agreed with the State Dept. to sign only export-"strength" crypto.
>
> Marc
>
>
Return to December 1996
Return to “geeman@best.com”
1996-12-18 (Wed, 18 Dec 1996 07:29:41 -0800 (PST)) - Re: [NOT NOISE] Microsoft Crypto Service Provider API - geeman@best.com