Maybe this is not so important, but I have to repeat that in W2K OS the
NSAKEY is still present but not used. All CSPs are verified only with the
primary key and if the verification process fails the CSP module is
discarded without any further verification.
Sergio Tabanelli
-----Original Message-----
From: John Young <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: venerd́ 26 maggio 2000 14.09
Subject: Re: NSA back doors in encryption products
>Duncan Campbell has provided his latest exchanges with
>Microsoft on the NSA_key, which Microsoft has now refused
>to continue (see letter below):
>
> http://cryptome.org/nsakey-ms-dc.htm
>
>I have mentioned this thread to him and he welcomes
>comments/critique on the Microsoft exchange:
>
> [EMAIL PROTECTED]
>
>-----
>
>12 May 2000
>
>Dear Richard [Purcell, Director of Corporate Privacy, Microsoft],
>
>You will recall talking to me at the Computers Freedom and Privacy
>2000 conference. You said then that you wished to resolve the questions
>that had been raised about the "NSA_key" in CAPI, and invited Mr Scott
>Culp to correspond with me and answer my questions.
>
>As will have seen, Mr Culp has now refused to continue the correspondence,
>after he was asked by me to provide specific, direct answers to questions
>I asked. He then offered as his reasons for so doing so a number of
>observations which simply did not stand up to scrutiny. When I pointed
>this out to him, he ceased to correspond entirely.
>
>This type of behaviour is not merely impolite, it is intellectually
>dishonest and evasive. It is bound to raise suspicion that Microsoft
>does have something serious to hide about its conduct. It further puts
>in question the integrity of MS systems offered for sale overseas. So
>far as I am concerned, if Microsoft now adopts a position of belligerent
>silence, I am more concerned about the security of its systems than I
>was when I spoke to you a month ago. Then, I was entirely open to the
>idea that Microsoft might be able to prove that its conduct could be
>innocently explained. I now observe that this, apparently, is not the
>case.
>
>If you confirm that that is the position, so be it. The issue will not
>die, even if you now wish to hide from it. Next month, it is expected
>that European Parliament will set up a temporary committee to look
>further issue into the information security and surveillance matters
>which have aroused much concern over the past 2 years. The subject of
>the security of US software including this issue, will be on its agenda.
>
>Yours sincerely,
>
>Duncan Campbell
>
