From: David K. Merriman It has been brought up on the Cypherpunks mailing list that Microsoft is proposing to include public-key escrow as a *built-in* "function" of future products - Chicago and Daytona have been specifically mentioned. ...................................................................... .......... No, this is not correct. It was speculation from Tim May on possible developments, based on his interpretation of recent events and on email which I sent to him. This email was referring to the fact that his concerns notwithstanding, it is not an easy thing to implement a privately-held key escrow system into a desktop operating system, that Microsoft is not talking about implementing a 'software Clipper', and is presently only *examining* the international ramifications of software key-escrow and non-escrowed strong encryption security. Please give it this question the benefit of the doubt and postpone your conclusions about this until I can get an official statement, thanks. Blanc
I've been in e-mail contact today and tonight with the MS paralegal I mentioned: I urged him to make his comments to the list. It remains clear to me, not denied by him, that MS is indeed in some process of evaluating SKE, studying legal and export issues, etc. His own comments, including our exchange today, shows him to have thought about these issues. (This doesn't make his conclusions, or Microsoft's, "right," but it sure does mean the idea wasn't a new one out of left field to them...thus confirming my point that it looks like MS has work going on.) Howver, all of these various points need to be verified, as I think I was pretty careful (some would say overly careful) to say in my posts. Blanc Weber answered David Merriman's questions, and I will provide my own gloss on her comments:
From: David K. Merriman
It has been brought up on the Cypherpunks mailing list that Microsoft is proposing to include public-key escrow as a *built-in* "function" of future products - Chicago and Daytona have been specifically mentioned. ...................................................................... ..........
No, this is not correct. It was speculation from Tim May on possible developments, based on his interpretation of recent events and on email which I sent to him. This email was referring to the fact that his concerns notwithstanding, it is not an easy thing to implement a privately-held key escrow system into a desktop operating system, that Microsoft is not talking about implementing a 'software Clipper', and is presently only *examining* the international ramifications of software key-escrow and non-escrowed strong encryption security.
I certainly agree that there is no evidence MS is ready to deploy code. But they appear to be evaluating plans, and possibly have been talking to NIST/NSA and the export people. I really hope the MS can comment on what they've been discussing. (As to the issue of a "software Clipper," SKE could actually be much worse than Clipper ever was likely to be. I knew of nobody planning to buy Clipjacked phones, but I know a _lot_ of OS customers. The MS person told me MS was planning to ensure a "voluntary" standard....you all know the arguments about deploying a widespread infrastructure that with the stroke of a pen could stop being voluntary. Talk about "legitimate needs of law enforcement" (not the MS guy's line, that I recall...call this paraphrasing) is pretty inconsistent with a voluntary key escrow system!
Please give it this question the benefit of the doubt and postpone your conclusions about this until I can get an official statement, thanks.
Blanc
My forte here on the list, I like to think, has always been to have "extremely long-range radar" that can pick up trends far in advance. Black Unicorn once told he this was my main strength, and even everybody's second-favorite nemesis, David Sternlight said much the same thing in sci.crypt. Coming from Sternlight, high praise indeed. Well, this thing has my whiskers twitching. I sense evidence that a whole sub-rosa series of negotiations has been going on, that the SKE developed by TIS with inputs from NIST/NSA is being pushed on the OS vendors. The talk about "exportability" is a smokescreen....why should the U.S. insist on voluntary key escrow for products shipped to repressive regimes? Since when is it the U.S.'s job to enforce the crypto laws of other nations? Unless, of course, a series of negotiations has been going on. Something's rotten in the state of Denmark. And it ain't the herring. By all means, give Microsoft the benefit of the doubt. But also insist that they explain their work on SKE, and repudiate it. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
As I've noted, according to a reliable source, Microsoft is a vendor of software for DMS, so although its not part of the products Merriman is mentioning, there are key escrow features in some software being delivered by Microsoft. Perry Blanc Weber says:
From: David K. Merriman
It has been brought up on the Cypherpunks mailing list that Microsoft is proposing to include public-key escrow as a *built-in* "function" of future products - Chicago and Daytona have been specifically mentioned. ...................................................................... ..........
No, this is not correct. It was speculation from Tim May on possible developments, based on his interpretation of recent events and on email which I sent to him. This email was referring to the fact that his concerns notwithstanding, it is not an easy thing to implement a privately-held key escrow system into a desktop operating system, that Microsoft is not talking about implementing a 'software Clipper', and is presently only *examining* the international ramifications of software key-escrow and non-escrowed strong encryption security.
Please give it this question the benefit of the doubt and postpone your conclusions about this until I can get an official statement, thanks.
Blanc
participants (3)
-
Blanc Weber -
Perry E. Metzger -
tcmay@netcom.com