[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Speculations on Espionage-Enabled Encryption
Jim Bell writes:
>
>Has it been established that Microsoft (is only/can only) sign crypto
>add-ons which are approved for export? Since there are no restrictions
>domestically, presumably Microsoft can sign anything it wants. If those
>versions ever manage to "sneak out" of the country, well that's too bad!
>
Here are some speculations based, in part, on my interpretation (repeat,
MY INTERPRETATION) of discussion on code signing at last year's
Java One conference:
-- Only the vendor, physically located in the USA, will sign crypto add-ons.
-- Since the add-ons are physically signed in the USA, the signed
add-on must comply with all export regulations. I.e., no
restriction on domestic use, various export control restrictions
as appropriate to the crypto add-on.
I would presume that the add-on would be distributed public-key
encrypted, and could only be created by the holder of the corresponding
private key (i.e. the operating-system vendor) and, furthermore, could
only be run by an operating system that could decrypt the add-on package.
A vendor could presumably export operating system variants that
could not execute some subset of crypto add-ons because the variant
lacks the ability to decrypt the package.
In the long-term (3-5 years), I wouldn't be suprised to find the
decryption capability moved onto the processor chip, making the
problem of distribution strong crypto more difficult.
Martin Minow
[email protected]