FW: MSoft crypto API's

["geeman@best.com" <geeman@best.com>]

----------
From: 	George Kuzmowycz[SMTP:gkuzmo@ix.netcom.com]
Sent: 	Tuesday, July 09, 1996 4:19 PM
To: 	cypherpunks@toad.com
Subject: 	MSoft crypto API's


......

  The June 10, 1996 Network World carried a story on page 8 under the
title "Microsoft breaks crypto barrier", which starts off as follows:

  " Microsoft Corp. last week said it will include cryptography-based
security technology in its operating systems, messaging product and
Web browser through a new set of APIs that will be available both in
the U.S. and overseas.

They said this quite some time ago!

  Later on, it says:

"  Microsoft's Crypto APIs will be available to third-party vendors
writing applications with embedded security. But the hardware or
software Crypto-engines for these applications will need to be
digitally signed by Microsoft before they will work with the APIs.
Under an unusual arrangement with the NSA, Microsoft will act as a
front man for the powerful U.S. spy agency, checking on whether the
vendors' products comply with U.S. export rules."

> They got it wrong, no big surprise.  MSFT explicitly says export 
compliance is the developer's responsibility, and any notion that MSFT is 
going to front for NSA in somehow validating crypto code is ludicrous.  The 
signature function is so the OS can validate the code and make sure it's 
not been tampered with.  Period.  Excuse me, er, NW, how is MSFT going to 
sign hardware?  heheheheh.

  I was a bit surprised not to see any discussion of this here. Is it
just old news? Or maybe people here don't read Network World?

> Both.

  An MS/NSA alliance?

> Perhaps, but this ain't it.