Microsoft社のNSAキーに関する発表

Synopsis: NSA has a backdoor into Windows NT by means of CryptoAPI, discovered by decompilation of software. Bug only discovered because symbol information in CryptoAPI was not removed in Windows NT Service Pack 5.というコメントに対し、Microsoft社はURL(http://www.microsoft.com/presspass/press/1999/sept99/rsapr.htm)で、NSAやほかの政府機関とNSA(US National Security Agency/米国家安全保障局)キーを共有していないと表明した。その全文がnettimeに掲載され、nettimeは営利目的でない場合は転載自由ということであるから、ここに全文を掲載する。ただし、データベース管理上問題になる文字は近い文字に変換した。また、この論文をどのように読むかは読者自身で判断して欲しい。

[Microsoft社の全文]
To: 'nettime's_digestive_system' (nettime-l@bbs.thing.net), thing.net@bbs.thing.net
Subject: Microsoft's statement.

＞Synopsis: NSA has a backdoor into Windows NT by means of CryptoAPI, discovered by decompilation of software. Bug only discovered because symbol information in CryptoAPI was not removed in Windows NT Service Pack 5.

[Basing all those 'facts' on the name of only one identifier in code seems a little presumptious to me. We don't have to buy everything that Microsoft says, but do we have to believe everything that has a paranoid anti-Microsoft attitude? Besides, if the NSA needs access, why should they need a key of their own? I think they could do everything they wanted using the other key from Microsoft anyway. If they wanted, they'd probably find a way to force Microsoft to share it with them anyway. Anyway, here's the official reply from MS...]

From: URL(http://microsoft.com/security/bulletins/backdoor.asp)

Microsoft Security Bulletin

There is no 'Back Door' in Windows

Originally Posted: September 03, 1999

Summary
A report alleges that Microsoft 'may have installed a 'back door' for the
National Security Agency... making it orders of magnitude easier for the US government to access their computers'. This allegation is false.

What's the allegation?
The report alleges that a cryptographic key that ships as part of the CryptoAPI architecture is labeled 'NSA key' and constitutes a 'back door'
that could be used by government agencies to start or stop system security services on user's computers.

Is the allegation true?
No. Microsoft does not leave 'back doors' in our products. This is in keeping with our historical stance on this issue. For instance, we have opposed the various key escrow proposals that have been suggested by the government, because we because we don't believe they are in the best interests of consumers or the industry.

Are there two keys?
Yes. However, both are Microsoft keys. We do not share them with any third party, including the National Security Agency or any other government agency.

What's CryptoAPI?
CryptoAPI is a Microsoft technology for providing cryptographic services.
Vendors can develop stand-alone cryptographic modules called Cryptographic Service Providers (CSPs), which can then be called by any program via the CryptoAPI interface. For more information on CryptoAPI, see http://www.microsoft.com/security/tech/cryptoapi/default.asp.

What are the keys in question?
The keys are used to verify the digital signatures on CSPs.

Why do CSPs have to be signed? And why by Microsoft? CryptoAPI is subject US export laws regarding cryptography. One element of this requires Microsoft to ensure that CryptoAPI will only load CSPs that meet US cryptographic export laws. This is done by digitally signing all CSPs. Before it loads a CSP, CryptoAPI verifies that the CSP has been digitally signed. Part of Microsoft's responsibility as the vendor for CryptoAPI is to sign the CSPs.

When a vendor has a new CSP that they want to release, they submit it for signing and show that all export licensing has been received. Microsoft then digitally signs the CSP, and it can thereafter be used by CryptoAPI.

Why are there two keys?
There is a primary and a backup key.

Why is a backup key needed?
The backup key is needed for disaster recovery. To see why, suppose we had only one signing key. If a natural disaster destroyed the building in which it were kept, all of the previously-signed CSPs would continue to function normally, because the key used for verification exists in every copy of Windows. However, Microsoft would need to sign future CSPs using a new key. In order for these CSPs to be verified, matching key material would need to be provided to all of the millions of customers using Windows 95, 98 and Windows NT. Clearly, this would be a massive undertaking.

This is why there are two keys. If something befell the primary key, Microsoft could thereafter sign CSPs using the backup key. Because the backup is already in every copy of Windows, there would be no disruption to customers.

Why the backup key labeled 'NSA key'?
This is simply an unfortunate name. The NSA performs the technical review for all US cryptographic export requests. The keys in question are the ones that allow us to ensure compliance with the NSA's technical review. Therefore, they came to known within Microsoft as 'the NSA keys', and this name was included in the symbol information for one of the keys. However, Microsoft holds these keys and does not share them with anyone, including the NSA.

I heard that there is a third key in Windows 2000. Is this true? There is a third key present in the beta versions of Windows 2000, but it does not provide a 'back door'. It is simply a test key that allows the developers to sign test CSPs while Windows 2000 is under development. It will not be present in the production version of Windows 2000.

Does this have any effect on CryptoAPI's compliance with US export law? No. The CryptoAPI architecture is fully compliant with US export law.