>> > It works
>> > better to patch out NSA's key with your own -- then you can load both
>> > your own crypto code and all the standard MS stuff.
>I'm sorry, but my original followup apparently wasn't clear enough.
>In a very important sense, it doesn't matter who actually "owns"
>the NSAKEY. What matters is that there is a second key, that this
>key can be used to verify CSP's, that it can be replaced without adversely
>affecting the rest of the "operating system," and that no special
>privileges are needed to do the replacement. A program that does
>exactly this is already available.
Rich, that is simply not fair. If MSFT had created a complete operating
system in which every component was digitally signed (a damn good idea
BTW) and there was no other means of running a component than it was
signed a backdoor key would be a serious issue.
MSFT has not done anything remotely like that. They have merely created
a crypto system that passes the ludicrous crypto export rules.
If as MSFT claim they still have full control of both keys the fact
one is labelled NSA is pretty irrelevant.
The only relevant fact is that the second key can be easilly replaced
thus invalidating the whole export control concept.
The 128 bit patch is already circulating freely in Europe. The significant
fact of the second key is that it means that European software vendors can
distribute it with product - as US companies such as Quicken do today.
So if someone can persuade Eidos to distribute the patch with
Tombraider4 the optimim distribution path is probably realized.
Another interesting legal avenue would be for MSFT to request export
permission for the 128 bit patch then when it is refused take it to the
courts. The ITAR act quite clearly excludes technology which is freely
available outside the US. There would be a direct correspondence between
a European 128 bit patch and a US 128 bit patch. A victory on summary
judgement could well be possible.
Whether this is advisable for MSFT is another issue. Many in Congress
are still upset that MSFT took so long to start making significant
campaign contributions.
Phill
PS: I have long said that we will know that the US govt cannot be trusted
on Key escrow for as long as the police headquarters are named after J.
Edgar
Hoover. This brings up the question of who the building should be renamed
after. My personal choice would be to name the building after William
Jefferson Clinton since he was so closely attentive to the work of the FBI
for much of his presidential term.
