In <000f01bef6e8$bfdc8b60$bf011712@bananas>, on 09/04/99
at 11:18 AM, "Phill Hallam-Baker" <[EMAIL PROTECTED]> said:
>>> > It works
>>> > better to patch out NSA's key with your own -- then you can load both
>>> > your own crypto code and all the standard MS stuff.
>>I'm sorry, but my original followup apparently wasn't clear enough.
>>In a very important sense, it doesn't matter who actually "owns"
>>the NSAKEY. What matters is that there is a second key, that this
>>key can be used to verify CSP's, that it can be replaced without adversely
>>affecting the rest of the "operating system," and that no special
>>privileges are needed to do the replacement. A program that does
>>exactly this is already available.
>Rich, that is simply not fair. If MSFT had created a complete operating
>system in which every component was digitally signed (a damn good idea
>BTW) and there was no other means of running a component than it was
>signed a backdoor key would be a serious issue.
>MSFT has not done anything remotely like that. They have merely created a
>crypto system that passes the ludicrous crypto export rules.
So they say.
>If as MSFT claim they still have full control of both keys the fact one
>is labelled NSA is pretty irrelevant.
Again lets stress "If as MSFT claim" they have yet to provide any proof
one way or the other as to what is going on. I wouldn't believe the M$
spin doctors any more than I believe Bill Clinton didn't inhale.
>The only relevant fact is that the second key can be easilly replaced
>thus invalidating the whole export control concept.
No, the relevant fact is regardless of what M$ is doning or not doing with
these keys their software is insecure. It hardly matters to the end user,
who's security has been compromised, wether the flaw was a malicious act
or just plain incompetence.
>The 128 bit patch is already circulating freely in Europe. The
>significant fact of the second key is that it means that European
>software vendors can distribute it with product - as US companies such as
>Quicken do today.
What 128 bit patch? All I have seen is a patch to replace the NSAKEY with
a different key.
>So if someone can persuade Eidos to distribute the patch with Tombraider4
>the optimim distribution path is probably realized.
>Another interesting legal avenue would be for MSFT to request export
>permission for the 128 bit patch then when it is refused take it to the
>courts. The ITAR act quite clearly excludes technology which is freely
>available outside the US. There would be a direct correspondence between
>a European 128 bit patch and a US 128 bit patch. A victory on summary
>judgement could well be possible.
LOL!!! I think you need to re-read the export regulations. Not only is the
above false there is explicit restrictions against the re-export of
cryptology.
BTW it is no longer ITAR but EAR, the change was back in '96.
>Whether this is advisable for MSFT is another issue. Many in Congress are
>still upset that MSFT took so long to start making significant campaign
>contributions.
> Phill
>PS: I have long said that we will know that the US govt cannot be trusted
>on Key escrow for as long as the police headquarters are named after J.
>Edgar
>Hoover. This brings up the question of who the building should be renamed
>after. My personal choice would be to name the building after William
>Jefferson Clinton since he was so closely attentive to the work of the
>FBI for much of his presidential term.
Hey why not, replace the name of one statist with another.
Phil you really should stick to socialist advocacy.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
---------------------------------------------------------------
