[2725] in cryptography@c2.net mail archive
Re: FYI: I believe Microsoft has knowingly violated the export rules
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Wed May 20 12:07:59 1998
To: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
Cc: Rich Salz <rsalz@shore.net>, cryptography@c2.net
From: Marc Horowitz <marc@cygnus.com>
Date: 20 May 1998 11:50:20 -0400
In-Reply-To: Mok-Kong Shen's message of Wed, 20 May 1998 10:42:31 +0100
Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de> writes:
>> Having just joined the present list, I can't understand the current
>> issue very well. A user can certainly encrypt his message using an
>> independent strong encryption program and then feed the result for
>> transmission. So whether there is SSPI at all doesn't matter much
>> in my view, if the user indeed needs very high level of security.
Because you are new, you didn't see a recent thread.
The existence of crypto in the OS (SSPI, MSRPC, whatever) matters very
much, because it affects whether or not communications between average
people (say, my mother and my sister) are secure. Neither of them is
going to run an "independent strong encryption program". It happens
automatically, for everyone, or it might as well not happen at all.
If you have to be paranoid to get security, we've already lost.
Marc
