---------- From: George Kuzmowycz[SMTP:gkuzmo@ix.netcom.com] Sent: Tuesday, July 09, 1996 4:19 PM To: cypherpunks@toad.com Subject: MSoft crypto API's ...... The June 10, 1996 Network World carried a story on page 8 under the title "Microsoft breaks crypto barrier", which starts off as follows: " Microsoft Corp. last week said it will include cryptography-based security technology in its operating systems, messaging product and Web browser through a new set of APIs that will be available both in the U.S. and overseas. They said this quite some time ago! Later on, it says: " Microsoft's Crypto APIs will be available to third-party vendors writing applications with embedded security. But the hardware or software Crypto-engines for these applications will need to be digitally signed by Microsoft before they will work with the APIs. Under an unusual arrangement with the NSA, Microsoft will act as a front man for the powerful U.S. spy agency, checking on whether the vendors' products comply with U.S. export rules."
They got it wrong, no big surprise. MSFT explicitly says export compliance is the developer's responsibility, and any notion that MSFT is going to front for NSA in somehow validating crypto code is ludicrous. The signature function is so the OS can validate the code and make sure it's not been tampered with. Period. Excuse me, er, NW, how is MSFT going to sign hardware? heheheheh.
I was a bit surprised not to see any discussion of this here. Is it just old news? Or maybe people here don't read Network World?
Both.
An MS/NSA alliance?
Perhaps, but this ain't it.