[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: CrytoAPI on Cypherpunks



General comments:  please take a look at our web page:
http://www.microsoft.com/intdev/inttech/cryptapi.htm, and
 e-mail cryptapi.com with questions.

Comments in-line >>> below.

>From: Matt Blaze <[email protected]>
To: [email protected]
Subject: Microsoft's CAPI
Date: Wed, 17 Jan 1996 10:02:27 -0500

I attended a meeting at Microsoft the other day at which they
described their Crypto API project.  As CAPIs go, it's reasonable
enough; nothing particularly exciting about it or especially wrong
with it (though they don't yet support nonblocking calls to crypto
modules).

>>> We received several requests at the design review to add
>>> non-blocking calls.  We're looking to add this.

					... They have
(or will have soon) an application development kit to allow you to
write code that uses the API, and a CSP development kit to let you
write the crypto functions.

>>> Doc's and sample code from the SDK are available now on
>>> our web page:  http://www.microsoft.com/intdev/inttech/cryptapi.htm.
>>> Please e-mail [email protected] if you're interested in a
>>> CSP development kit.

					...One important
issue is whether MS will really sign anyone's CSP or whether they will
start charging high fees or making business-based decisions on who's
CSPs they will allow (with they sign Netscape's CSP, for example).
They say they won't even look or keep a copy of your CSP (at my
suggestion, they are probably going to change the process so that you
send them a hash of your CSP instead of your CSP code when you get the
signature).  For now they promise to sign CSPs for anyone who returns
the export certificate, at no charge.

>>> We won't charge high fees (right now, it's free!).  Our policy is
>>> simple:  we'll sign the CSP of anyone who follows the rules.
>>> Yes, we would sign a CSP from Netscape if they follow the rules.
>>>We won't look at or keep a copy of the CSP, and
>>> we won't tell your competitors about it (unless you ask us to).

						... They
say that the API kit will not be export-controlled but the CSP kit
will be.

>>> The SDK is not export-controlled.  The CSP development
>>> kit is export-controlled.