ok, last time: the deal was that Microsoft got the permission to ship a generalized API if the crypto-engines are signed to prevent code that conforms to export restrictions from being tampered with after the fact: hence the signing. This prevents code that is conformant from being patched, e.g. to turn a 40-bit key parameter into a usable one. Now I suppose it could be that there is a back-door deal that MSFT will provide to NSA info regarding the originators of the engines, but let's have some evidence of it before yet another conspiracy rant, OK? ---------- From: Black Unicorn[SMTP:unicorn@schloss.li] Sent: Tuesday, July 09, 1996 8:27 PM To: George Kuzmowycz Cc: cypherpunks@toad.com Subject: Re: MSoft crypto API's On Tue, 9 Jul 1996, George Kuzmowycz wrote: [...]

" Microsoft's Crypto APIs will be available to third-party vendors writing applications with embedded security. But the hardware or software Crypto-engines for these applications will need to be digitally signed by Microsoft before they will work with the APIs. Under an unusual arrangement with the NSA, Microsoft will act as a front man for the powerful U.S. spy agency, checking on whether the vendors' products comply with U.S. export rules."

I was a bit surprised not to see any discussion of this here. Is it just old news? Or maybe people here don't read Network World?

[...]

An MS/NSA alliance?

-gk-

This is a very deft and sly move, if it was indeed planned, by the NSA. Clearly they have got the message. Political efforts to curtail crypto are doomed to failure. Economic strangulation is the way to go. Well here you are folks, months of bitching about how stupid the NSA must be has paid off. Not only is this clever, its insidious. 1. It's too difficult for Joe Sixpack to understand. 2. It preys on the market leader already, rather than attempting to bootstrap (as with clipper). 3. It uses as its implementation a private, rather than a public entity. Now this strikes me as something truely frightening. The NSA has become an intelligence agency which is effectively working in concert with private interests to conduct internal security operations by proxy.