[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MSoft crypto API's
At 07:19 PM 7/9/96 -0400, George Kuzmowycz wrote:
> The June 10, 1996 Network World carried a story on page 8 under the
>title "Microsoft breaks crypto barrier", which starts off as follows:
>
> " Microsoft Corp. last week said it will include cryptography-based
>security technology in its operating systems, messaging product and
>Web browser through a new set of APIs that will be available both in
>the U.S. and overseas.
>
> " The fact that the National Security Agency is allowing Microsoft
>to export the cryptographic APIs is somewhat of a coup for the
>software vendor, although the NSA did nothing to alter the current
>export ban on strong encryption."
>
> Later on, it says:
>
>" Microsoft's Crypto APIs will be available to third-party vendors
>writing applications with embedded security. But the hardware or
>software Crypto-engines for these applications will need to be
>digitally signed by Microsoft before they will work with the APIs.
>Under an unusual arrangement with the NSA, Microsoft will act as a
>front man for the powerful U.S. spy agency, checking on whether the
>vendors' products comply with U.S. export rules."
Unexplained: What if the program Microsoft is asked to sign is not
intended for export? Presumably, NSA has no authority, then, and thus
presumably Microsoft shouldn't be able to refuse to sign anything they're
asked.
Question: Doesn't this set up an action by Microsoft which would be
actionable under anti-trust laws (if it wasn't done at the behest of
government?)
Couldn't somebody IMPORT a piece of encryption software, have it signed by
Microsoft, then take the XOR of the signed and unsigned software and export
it? (It's not a tool capable of encryption...)
Or: Microsoft presumably has foreign branches, or at least it could easily
afford to set up one. What's to stop Microsoft from signing foreign
encryption software outside of the US? The software is never exported
(since it's already outside the country...), so there's no USA-law involv
ement.
Jim Bell
[email protected]