[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: MSoft crypto API's



ok, last time:

the deal was that Microsoft got the permission to ship a generalized API if 
the crypto-engines
are signed to prevent code that conforms to export restrictions from being 
tampered with after the fact: hence the signing.  This prevents code that 
is conformant from being patched, e.g. to turn a 40-bit key parameter into 
a usable one.

Now I suppose it could be that there is a back-door deal that MSFT will 
provide to NSA info regarding the
originators of the engines, but let's have some evidence of it before yet 
another conspiracy rant, OK?



----------
From: 	Black Unicorn[SMTP:[email protected]]
Sent: 	Tuesday, July 09, 1996 8:27 PM
To: 	George Kuzmowycz
Cc: 	[email protected]
Subject: 	Re: MSoft crypto API's

On Tue, 9 Jul 1996, George Kuzmowycz wrote:

[...]

> "  Microsoft's Crypto APIs will be available to third-party vendors
> writing applications with embedded security. But the hardware or
> software Crypto-engines for these applications will need to be
> digitally signed by Microsoft before they will work with the APIs.
> Under an unusual arrangement with the NSA, Microsoft will act as a
> front man for the powerful U.S. spy agency, checking on whether the
> vendors' products comply with U.S. export rules."
>
>   I was a bit surprised not to see any discussion of this here. Is it
> just old news? Or maybe people here don't read Network World?

[...]

>   An MS/NSA alliance?
>
>         -gk-

This is a very deft and sly move, if it was indeed planned, by the NSA.

Clearly they have got the message.  Political efforts to curtail crypto
are doomed to failure.  Economic strangulation is the way to go.

Well here you are folks, months of bitching about how stupid the NSA must
be has paid off.  Not only is this clever, its insidious.

1. It's too difficult for Joe Sixpack to understand.
2. It preys on the market leader already, rather than attempting to
bootstrap (as with clipper).
3. It uses as its implementation a private, rather than a public entity.

Now this strikes me as something truely frightening.  The NSA has become
an intelligence agency which is effectively working in concert with
private interests to conduct internal security operations by proxy.