Forwarded From: "Jay D. Dyson" <jdysonat_private> Courtesy of the Cryptography List. (This looks intense...and couldn't come at a worse time for M$.) (BTW: I'm not signing this note -- instead leaving Mr. Salz's PGP sig intact.) ---------- Forwarded message ---------- Date: Tue, 19 May 1998 09:12:22 -0400 (EDT) From: Rich Salz <rsalzat_private> Subject: FYI: I believe Microsoft has knowingly violated the export rules I am sending this to people and mailing lists that I think may be interested. I hope you find it useful and interesting. -----BEGIN PGP SIGNED MESSAGE----- The following information is not covered by any confidentiality agreements. This documented is copyrighted; see details below. Summary ======= This note explains and asks a number of pointed questions, including "MSRPC, part of NT and Windows95, is crypto-with-a-hole and therefore not exportable. So how come those operating systems can be exported?" Answers should probably be provided by the US Government. Content ======= The export of cryptography is controlled by a set of regulations defined by the Executive Branch of the US Government. Regulations often have the force of law, but do not undergo the same public scrutiny that laws created by Congress do. The regulations involved here are known as the Export Administration Regulations (EAR). The EAR is currently facing some court challenges to its constitutionality. The regulations say that hardware or software that does cryptography is a munition, to be treated in the same manner (although not the same degree) as rocket launchers, fighter jet spare parts, and nuclear weapons. Unlike these other items, cryptography is math, and any individual in the world can do math, and many can create new mathematical techniques. In addition, many cryptographic processes, or algorithms, are published in the open literature for peer review. (The public-key cryptographic method known as RSA, one of the strongest encryption techniques in the world, was described in "Scientific American.") The EAR says that the Department of Defense (DoD) determines whether or not a product is exportable. DoD has delegated this authority to one of its subsidiary organizations, the National Security Agency (NSA). There is a special group within the NSA assigned to this task. They decide on a case-by-case basis, and their determinations are not part of the public record. The criteria by which they decide do not seem to be known to anyone outside of the Agency. Part of the NSA's mission is to intercept and interpret messages that could affect our national security. It is a widespread assumption within the technical community that they will deny general export to anything that they cannot easily decode. Microsoft likes to write their system software as "components" -- pluggable pieces that can be replaced with better versions later on. Their method, and standard, for doing this is called COM, the Component Object Model. One such component is their Remote Procedure Call (RPC) system. RPC is a technique that allows two different programs to communicate. When two, or more, programs communicate over the network, RPC is the part of the program on each host that packages up the request, sends it over the network to the server, and then on the server side packs up the reply and ships it over the network back to the client. A browser fetching a web page can be considered a simple form of RPC RPC is a backbone technology in the "client-server" programming model dominant in today's multi-billion-dollar Information Technology field. MSRPC is integral to the "distributed" part of COM. It is probably most known to end-users under the terms ActiveX, ActiveXControls, and to the technically savvy as DCOM. MSRPC itself uses a Microsoft component known as the Security Support Provider Interface, or SSPI. Third-party vendors are encouraged to write their own SSPI -- there is a section on "Writing a Security Provider" in Microsoft's on-line documentation. Digital Equipment Corporation is one company that has done so. MSRPC will use whatever SSPI's are available to protect data as it is passed between machines. Microsoft's SSPI is provided in the "secsspi.dll" and "ntlmssps.dll" files. MSRPC provides a number of levels to protect data: - None -- useful for demos or single-user applications, for example - Authenticated -- the client and/or server can know the identity of the party at the "other end of the line" - Tamper-proof -- nobody can intercept the data and edit it, such as to add an extra $1000 to an electronic invoice - Full privacy -- only the intended recipient can decrypt and read the data. This last one -- full privacy -- is the item of interest. The EAR allows cryptography to be exported when used for authentication (the second, and perhaps the third, case above), but not when it can be used to protect whatever data a user wishes to keep private. When a user wants full privacy, the MSRPC component requests the SSPI to encrypt the data. In export versions, the SSPI returns an error code, and MSRPC returns the status back to the user's program indicating that this level of protection is not supported. In the domestic US versions, the SSPI actually does encrypt the data. The problem is that the NSA ordinarily calls the technique used by Microsoft "crypto with a hole," and they routinely deny export approval for such products. Their reasoning is that it would be fairly straightforward to "add in" the cryptography. Their reasoning is accurate: It is much easier to write a "plug in" -- a small bit of crypto code based on a published paper -- than it would be to write an entire RPC component. For this particular situation, the NSA's concerns are demonstrably well-placed. All of the above has been independently discovered by one person who turned an export version of Windows into a full-strength cryptographic device in one night of "poking around" with a programmer's toolbox. If only to avaoid the nuisance of putting this note itself under export control, I won't provide more information. All of the above brings to mind the following questions. At least. - Why is Microsoft allowed to do this when other companies are not? - Did Microsoft ask for approval before or after the fact? - If before, how come the NSA gave them permission -- particularly when the user base is probably orders of magnitude greater than any other system? - If after, how come the world's largest software company didn't know about this basic fact of life for security software? - If after, when did they know, and what steps did they take to make changes, or why not? - Do NT5 and Windows98 work the same way? - If so, should Microsoft be allowed to export them? There is another part of the story. Microsoft has licensed much of its ActiveX technology (including MSRPC and SSPI) to SoftwareAG, a German software company that has modified it to run it to a number of non-Microsoft systems. SoftwareAG calls their version EntireX. According to "Essential Com" [ISBN 0201634465], this work was done in Germany by German citizens. According to their Web pages (at www.sagus.com), EntireX -- including the security facility -- is available on OS/390, an IBM mainframe operating system. More questions: - Did Microsoft give actual cryptographic source, not just the harder-to-modify executables, to foreign nationals? - Does this mean that Microsoft gave technology to a foreign company that lets them sell full-privacy security software overseas, where IBM itself cannot? Software that competes with products offered by IBM and others? - Has Microsoft licensed this technology to anyone else? Author ====== Rich Salz Georgetown, Massachusetts http://www.shore.net/~rsalz History ======= This is Draft 2, dated May 18, 1998. Draft 1 (May 14, 1998) received limited circulation (including to the United States Bureau of Export Administration, the agency responsible for enforcing the EAR). Copyright ========= Copyright 1998, Rich Salz. All Rights Reserved. Permission is given to redistribute any tamper-evident version of this document that has been signed with the following PGP key: bits/keyID Date User ID 1024/462D47D1 1998/05/15 Rich Salz <rsalzat_private> Fingerprint = 7D 7C C1 57 EE 49 49 D1 6F F4 FA 27 E1 4F 86 E5 All trademarks are property of their respective owners and are hereby respectfully acknowledged. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNWGCcJANqsNGLUfRAQE+GQP/bHy0JB9Te8H5vlJKjIGHEWEvnkEZVFuB ba/L6LTZ+/zQ/luCRSHP9vX6GQj8EDThiX+YO17URUTDBp/BoV0vmwVGjXJWSIgE bIjS7znFutbufm7BEVDbg/jysRhn32eisuOXOcvGOFtowA4eY6Tz7BYXZ1gbSpyC U/Efxez7qTk= =T+M2 -----END PGP SIGNATURE----- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:43 PDT