Re: exporting signatures only/CAPI (was Re: Why not PGP?)
Jim Bell <jimbell@pacifier.com> writes:
At 08:49 AM 10/11/96 +0100, Adam Back wrote:
[...]. Microsoft's CAPI arrangement is that they will not sign non-US CAPI compliant crypto modules (Examples of enforcement of no-hooks interpretation).
Does that fix the "export only the signature" problem (for the government)/opportunity (for the rest of us)? You know, present Microsoft with the software, don't tell them it's already out of the US, and they sign it. Export the signature only (who cares if this is legal!) and edit the international software to contain the signature.
Export the lot, signature included :-)
(I doubt exporting only the signature once the story came out would offer you any more protection legally than exporting the software).
As you say who cares if it's illegal: things get exported all the time.
The problem however, is finding a non-US site to hold the hot potato once it has been exported. For example 128 bit Netscape beta was exported a while ago. I don't see it on any non-US sites. This is due to Netscape's licensing requirements, you need a license to be a netscape distribution site, the license doesn't include the right to mirror non-exportable versions on non-US sites.
That's one good application for remailers, and .warez newsgroups. at.
If the exported software is `PGP3.0 for CAPI' or whatever, I think it should be fair to conclude it will be cheerfully mirrored by all, and Phil Zimmermann won't be complaining. (PGPfone is on ftp.ox.ac.uk, plus other places, for example.) So yes, I agree, for software with appropriate distribution licenses.
Another approach, which has been discussed lately is the use of a patch to usurp Microsoft as the signatory for CAPI modules. I wonder what Microsoft would say about an unauthorised patch, to fix an ITAR induced `bug' in windows. Bill Gates doesn't sound pro-GAK. If they aren't going to complain, perhaps such patches could be distributed widely outside the US also.
The new owner of the CAPI signatory key would need a good reputation, and presumably a policy of signing any (non-GAKked) CAPI modules signed by microsoft, and anything else that anyone wants signed.
An excellent suggestion.
Steve Schear wrote: | (Adam Back wrote:) | >The new owner of the CAPI signatory key would need a good reputation, | >and presumably a policy of signing any (non-GAKked) CAPI modules | >signed by microsoft, and anything else that anyone wants signed. | An excellent suggestion. How does a signer maintain a reputation if it will sign anything anyone wants signed? I can see a business for a non-US company to certify a CSP and sign it, but thats not the same as anything MS signs, or anything anyone else wants signed. There may be room for compitition here. :) Adam -- "Every year the Republicans campaign like Libertarians, and then go to Wasthington and spend like Democrats." Vote Harry Browne for President. http://www.harrybrowne96.org
Adam Shostack <adam@homeport.org> writes:
| (Adam Back wrote:) | >The new owner of the CAPI signatory key would need a good reputation, | >and presumably a policy of signing any (non-GAKked) CAPI modules | >signed by microsoft, and anything else that anyone wants signed.
How does a signer maintain a reputation if it will sign anything anyone wants signed? I can see a business for a non-US company to certify a CSP and sign it, but thats not the same as anything MS signs, or anything anyone else wants signed.
There may be room for compitition here. :)
I wonder if MS would stand for competition on signing crypto modules. They say (I think?) currently that they will not charge for the service? (Do I have this right?) If they start charging for the service, they won't want competition. What about patches of windows, are there non-reverse engineering terms in the license? Lots of windows apps do modifications of windows, 3rd party memory managers, uninstall applications. Or are these all working within published microsoft APIs? What exactly is microsoft certifying when they sign a CAPI module? That it is quality crypto? Has no obvious bugs? That it won't crash your system? (I'm sure people have already exported signatures about the quality of crypto: PGP signed list traffic by (US) people that looked at PGP source, and found no flaws, etc). Adam -- #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
-----BEGIN PGP SIGNED MESSAGE----- In article <199610130802.JAA00335@server.test.net>, Adam Back <aba@dcs.ex.ac.uk> wrote:
What exactly is microsoft certifying when they sign a CAPI module?
That it is quality crypto? Has no obvious bugs? That it won't crash your system?
I remember hearing (if my memory is correct, from the mouth of a Microsoft employee at Crypto '96) that when Microsoft signs a module, they are certifying that they saw a signed sheet of paper swearing that either (1) you won't export the software, or (2) you have received an appropriate export license. AFAIK, they don't even read the code. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMmaWoEZRiTErSPb1AQEsrQP/V8fxGzqySpul2UKQLHDcNeY23UFVibvo weLgaoEdTE40+A7iKfEUyQe6LUvDKKO+HPdxO2jfq9rdT+QUFpm0e0VI8j8kaUQS 6M05fRV/Q66YlmTspiz0jfyGOLauYAtlh8ow+fftAdfUGnb9vN4ODsT8z0Vd59xc nsAFH9UihU8= =QIJT -----END PGP SIGNATURE-----
Ian Goldberg wrote:
I remember hearing (if my memory is correct, from the mouth of a Microsoft employee at Crypto '96) that when Microsoft signs a module, they are certifying that they saw a signed sheet of paper swearing that either (1) you won't export the software, or (2) you have received an appropriate export license.
AFAIK, they don't even read the code.
Really? This implies they would have no objections to signing freely available code, which as we all know will eventually make its way overseas (indeed, it may have originated there). Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland <gary@systemics.com> Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06
<Infomation provided does not imply expression of a political opinion> <Infomation provided does not imply expression of a political opinion> <Infomation provided does not imply expression of a political opinion> That means you would have to take your CAPI implementation and documentation of it, and distribute it freely in some form (source?) presumably on the 'net. Which could be a violation of the terms you get the signature under. <Infomation provided does not imply expression of a political opinion> <Infomation provided does not imply expression of a political opinion> <Infomation provided does not imply expression of a political opinion> <Infomation provided does not imply expression of a political opinion> Gary Howland wrote:
Ian Goldberg wrote:
I remember hearing (if my memory is correct, from the mouth of a Microsoft employee at Crypto '96) that when Microsoft signs a module, they are certifying that they saw a signed sheet of paper swearing that either (1) you won't export the software, or (2) you have received an appropriate export license.
AFAIK, they don't even read the code.
Really? This implies they would have no objections to signing freely available code, which as we all know will eventually make its way overseas (indeed, it may have originated there).
Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown.
Steve Shear <azur@netcom.com> writes:
The problem however, is finding a non-US site to hold the hot potato once it has been exported. For example 128 bit Netscape beta was exported a while ago. I don't see it on any non-US sites. This is due to Netscape's licensing requirements, you need a license to be a netscape distribution site, the license doesn't include the right to mirror non-exportable versions on non-US sites.
That's one good application for remailers, and .warez newsgroups. at.
I don't know of any advertised files by email services using nym servers, where the file request, and the files are both sent via remailers. The problem with this is currently is that the nym servers couldn't stand up to the scrutiny if SPA or whoever got interested. The message flood attack on the nym would reveal the services host. The BlackNet architecture solves this problem by posting requests encrypted with the services key to a newsgroup, but USENET newsgroup disitribution time is slow (*), and people are spoilt these days with WWW, and expect results now, not days later. The requested file can be posted via mixmaster. You would want to use a different, random chain of remailers each time. A reverse message flood could reveal the host also, as you can request lots of copies, and the service will blindly serve the files. (If someone wants to discover the service host, they send 1000s of requests, then sit back and watch which user sends most data into the remailer net.) To combat this the service could impose a limit on the number of copies it would serve per day. This allows a denial of service attack, if someone wants to stop anyone else getting a copy, they just saturate the service. Still an improvement over no limit. Of course Ross Anderson's `eternity service' provides the general case solution for distribution of such data. It is complex to implement well though. Adam -- #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
participants (6)
-
Adam Back -
Adam Shostack -
azur@netcom.com -
Gary Howland -
geeman@best.com -
iang@cs.berkeley.edu