From the TidBITS Mac newsletter: (I'd be more specific but don't have it from my source -- perhaps someone can post the info on how to retrieve the whole article.)
PowerTalk Arrives ----------------- by Wolfgang Naegeli -- wnn@ornl.gov
Powertalk is Apple's new `Collaborative Environment' client software, supposedly to be released next week. Its a sort of groupware-email package with some significant security & cryptography mechanisms. Sounds like its very intuitive and a very highly refined user interface. I suspect this whole platform could have a *major* effect in bringing seamless, invisible, secure cryptography to the masses -- at least, reading all the promotional hype, the *potential* is there.
Apple claims that PowerTalk is more secure than most other off- the-shelf software solutions since those use less secure algorithms to avoid export restrictions. Apple is the first company to receive an export license for a DES-based product.
1st? *WOW* Cypherpunks we need more intelligence on this ASAP! Does this represent a fundamental *breakthrough* in export policy? Why are they the first? Is it real live DES and not some strange crippled bit length version? What does this *mean*?! red warning flag:
RSA always is at the root of the issuing process and signatures expire after two years.
Not sure if this means what it seems to say -- that RSA is *generating* the private keys and passing them on? We just had that big discussion about this issue with some other software from Apple, didn't we? Here's some more from the article of interest to cypherpunks. ===cut=here=== Digital signatures, based on RSA Public Key Encryption, provide a secure way of ensuring data has not been altered and was signed by a particular person. The mechanism is similar to Kerberos [a security system developed at MIT -Adam], which was not mature enough at the critical point in PowerTalk development. Apple anticipates supporting Kerberos in a future PowerTalk release. To sign a document, simply drops it on a Signer icon. A prompt for the personal signer code then appears on the screen. If the content of the signed document later changes in any way, the signature becomes invalid. While being signed, a file automatically is locked to avoid inadvertent invalidation. The Get Info window of a signed file is used to uncheck the file lock, and it contains a Verify button with which the recipient can assert the integrity of the file and authenticity of its signature. Large companies can become trusted signature issuing agents for their employees by obtaining a titanium blackbox with key interlocks from RSA. The box contains a certain number oFrom owner-cypherpunks Sat Oct 2 03:18:43 1993 Received: by toad.com id AA25713; Sat, 2 Oct 93 03:14:17 PDT Received: by toad.com id AA25695; Sat, 2 Oct 93 03:13:54 PDT Return-Path: <sameer@soda.berkeley.edu> Received: from soda.berkeley.edu ([128.32.149.19]) by toad.com id AA25690; Sat, 2 Oct 93 03:13:51 PDT Received: by soda.berkeley.edu (5.65/KAOS-1) id AA09739; Sat, 2 Oct 93 03:13:44 -0700 Date: Sat, 2 Oct 93 03:13:44 -0700 Message-Id: <9310021013.AA09739@soda.berkeley.edu> To: cypherpunks@toad.com From: nobody@soda.berkeley.edu Subject: Sternlight's Key Remailed-By: Sameer Parekh <sameer@netcom.com> As an official Key Escrow Agent of the United States Gubberment, I have decided that David Sternlight, being a controversial public figure, needs cryptographic protection for his private communications. Accordingly, a key has been created for him. He has been provided with his public and secret keys via e-mail. A copy of the secret key will be held in escrow. In the event that Mr. Sternlight is ever served with a subpoena, the key will be released to appropriate authorities. Since Mr. Sternlight has been a vocal advocate of key escrow, I'm sure he will have no problems with his key being created by an unknown person. In the absence of a subpoena, Mr. Sternlight, your key is safe. Trust me. I'm from the gubberment and I'm here to help you. pub 1024/5C4E59 1993/10/02 David Sternlight <strnlght@netcom.com> Available from a keyserver near you.