[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Apple's PowerTalk: *breakthrough* in crypto export?



From the TidBITS Mac newsletter: (I'd be more specific but don't have
it from my source -- perhaps someone can post the info on how to
retrieve the whole article.)

>PowerTalk Arrives
>-----------------
>  by Wolfgang Naegeli -- [email protected]

Powertalk is Apple's new `Collaborative Environment' client software,
supposedly to be released next week. Its a sort of groupware-email
package with some significant security & cryptography mechanisms.
Sounds like its very intuitive and a very highly refined user
interface. I suspect this whole platform could have a *major* effect in
bringing seamless, invisible, secure cryptography to the masses -- at
least, reading all the promotional hype, the *potential* is there.

>  Apple claims that PowerTalk is more secure than most other off-
>  the-shelf software solutions since those use less secure
>  algorithms to avoid export restrictions. Apple is the first
>  company to receive an export license for a DES-based product.

1st? *WOW*

Cypherpunks we need more intelligence on this ASAP! Does this represent
a fundamental *breakthrough* in export policy? Why are they the first?
Is it real live DES and not some strange crippled bit length version?
What does this *mean*?!

red warning flag:

>RSA always is at the
>  root of the issuing process and signatures expire after two years.

Not sure if this means what it seems to say -- that RSA is *generating*
the private keys and passing them on? We just had that big discussion
about this issue with some other software from Apple, didn't we?

Here's some more from the article of interest to cypherpunks.

===cut=here===

  Digital signatures, based on RSA Public Key Encryption, provide a
  secure way of ensuring data has not been altered and was signed by
  a particular person. The mechanism is similar to Kerberos [a
  security system developed at MIT -Adam], which was not mature
  enough at the critical point in PowerTalk development. Apple
  anticipates supporting Kerberos in a future PowerTalk release.
 
  To sign a document, simply drops it on a Signer icon. A prompt for
  the personal signer code then appears on the screen. If the
  content of the signed document later changes in any way, the
  signature becomes invalid. While being signed, a file
  automatically is locked to avoid inadvertent invalidation. The Get
  Info window of a signed file is used to uncheck the file lock, and
  it contains a Verify button with which the recipient can assert
  the integrity of the file and authenticity of its signature.

  Large companies can become trusted signature issuing agents for
  their employees by obtaining a titanium blackbox with key
  interlocks from RSA. The box contains a certain number oFrom owner-cypherpunks  Sat Oct  2 03:18:43 1993
Received: by toad.com id AA25713; Sat, 2 Oct 93 03:14:17 PDT
Received: by toad.com id AA25695; Sat, 2 Oct 93 03:13:54 PDT
Return-Path: <[email protected]>
Received: from soda.berkeley.edu ([128.32.149.19]) by toad.com id AA25690; Sat, 2 Oct 93 03:13:51 PDT
Received: by soda.berkeley.edu (5.65/KAOS-1)
	id AA09739; Sat, 2 Oct 93 03:13:44 -0700
Date: Sat, 2 Oct 93 03:13:44 -0700
Message-Id: <[email protected]>
To: [email protected]
From: [email protected]
Subject: Sternlight's Key
Remailed-By: Sameer Parekh <[email protected]>

As an official Key Escrow Agent of the United States Gubberment, I have
decided that David Sternlight, being a controversial public figure, needs 
cryptographic protection for his private communications.

Accordingly, a key has been created for him. He has been provided with his
public and secret keys via e-mail. A copy of the secret key will be held
in escrow. In the event that Mr. Sternlight is ever served with a subpoena,
the key will be released to appropriate authorities.

Since Mr. Sternlight has been a vocal advocate of key escrow, I'm sure he
will have no problems with his key being created by an unknown person.
In the absence of a subpoena, Mr. Sternlight, your key is safe.

Trust me. I'm from the gubberment and I'm here to help you.

pub  1024/5C4E59 1993/10/02  David Sternlight <[email protected]>
Available from a keyserver near you.