[NOT NOISE] Microsoft Crypto Service Provider API
geeman at best.com
geeman at best.com
Sun Dec 22 23:09:44 PST 1996
Software that is imported becomes subject to ITAR with respect to
re-exportation, of course (but of course IANALetc.)
If you can't demonstrate to MSFT that you are
playing by the rules --such that you have the proper export papers
for your code if you plan to export it, for example-- they won't sign,
even if developed outside US.
So: you develop a CSP outside US ... you have to IMPORT it to get it signed.
It becomes subject at that point to ITAR export regs. Unless you demonstrate
that you fulfull those requirements, no signature. So there's no relief by
looking at just exporting the signature.
?
At 07:21 PM 12/22/96 -0800, you wrote:
>At 07:36 AM 12/18/96 -0800, geeman at best.com wrote:
>>
>>Microsoft had to agree to validate crypto binaries against
>>a signature to make sure they weren't tampered with, in
>>exchange for shipping crypto-with-a-hole. They will
>>sign anything (theoretically) if it has the export
>>papers and all. Or without, if you affadavit it is not
>>for export.
>>
>>They do not themselves impose any restrictions on crypto
>>strength.
>>I'm not expressing political position here, just conveying facts ....
>
>What if the software involved was IMPORTED? Moreover, is legal to export
>just the signature?
>
>Jim Bell
>jimbell at pacifier.com
>
>
More information about the cypherpunks-legacy
mailing list