I'm not sure re: the 'trusted download applications' scenario. I have not stepped-through the microsoft capi code material, but I believe a more reasonable assumption is that law enforcement is more interested in "dummying-down" the strength of ssl (and e-mail, and .pst file key) sessions rather than trying to mask a trojan. Here's why I think this: your isp is capable of delivering a trojan, already provides updates to dialer apps, etc. and isp downloads are generally unchecked by end users. And, your isp is very likely to respond to a warrant to download a trojan to a user machine (this happens every day.) In contrast, Microsoft is unable to comply with a warrant to enable such a download on demand...the alternative is to purposefully lie to the entire world about pre-weakend 128-bit key strength, easily attracting lawsuits...I seriously doubt any rational us company would accept this level of exposure just to comply with a warrant (don't forget the #1 opponents of us crypto export laws are us companies, not individuals...shows us companies are more money driven than 'gee lets help law enforcement at the expense of our business' driven). Plus, microsoft doesn't have a huge session-tracking system which enables them to detect when a particular user logs into the net, etc....an isp does have this kind of info though and could target specific users in response to a warrant. I think the scenario I've outlined above is probably a legal and reasonable explanation (though I'm not a lawyer). As for multiple keys in the microsoft crypto stuff, don't forget about server-gated crypto. that particular technology, created by microsoft, relies on a different set of key generation/management rules than normal ssl. this is probably where the 'extra keys' come from. Phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Ray Dillinger Sent: Tuesday, January 30, 2001 8:56 PM To: Declan McCullagh Cc: Me; cypherpunks@einstein.ssz.com Subject: Re: Absolutely not a joke. On Tue, 30 Jan 2001, Declan McCullagh wrote:
On Tue, Jan 30, 2001 at 11:45:43AM -0800, Ray Dillinger wrote:
Windows is also built to be insecure; there are backdoor keys for law-enforcement types to stick "trusted" trojans on the system,
Everything else is true, but I'm not sure about the above. You're talking about the NSA key, I assume.
Yes: Windows has one documented public key that it uses to check software that gets, eg, mailed to it via outlook, or downloads in a webpage via Explorer, or etc, to decide whether it is "trusted" software or not. If it is trusted software (presumably from Microsoft) then it can be run without popping up a dialog box and getting the user's attention/ permission. Otherwise, "normal" security methods apply. People with debuggers long since discovered that there is more than one key ( though there are conflicting reports about whether there are two or three), but had no idea why there would be more than one unless Microsoft wanted to enable some third party to create "trusted" applications without Microsoft's knowledge or review. Recently when a windows system was made available in a debug build (ie, with the symbolic names etc still in the code), it was discovered that one of the "extra" keys was named NSA_key, which gives at least a strong hint as to who else is allowed to create "trusted" downloadable software. Bear