-----BEGIN PGP SIGNED MESSAGE----- Wierd News RSA Blows Standards Smoke James Glave james@wired.com" 6:16pm 31.Oct.97.PST http://www.wired.com/news/news/business/story/8196.html Today's announcement "http://www.rsa.com/smimelive/html/9710311.html" by RSA Data Security stating that the company has formally applied to the Internet Engineering Task Force to establish an email security standard is a blatant lie rooted in greed, allege sources close to the process. "RSA is lying, and I am really livid," said Paul Hoffman of the Internet Mail Coalition. "RSA has not submitted anything." The flap centers around the company's ongoing efforts to get its proprietary S/MIME email encryption technology endorsed as a standard by the task force. Such an endorsement would give the company credibility, and potentially, an increased market share over rival Pretty Good Privacy. PGP submitted a competing protocol for standards consideration last month. The Internet standards process is lengthy and complicated at best. The sticking point in RSA's efforts to date is that the task force will only consider non-proprietary technologies for the standards track. But S/MIME 2, the protocol at the heart of the effort, includes core RSA technologies that must be licensed. To be considered for standardization, RSA must relinquish "change control," or the ability to modify the technology, to the task force. And the portion the task force is most interested in altering is the portion that requires RSA technology. As a result, getting change control "has been like pulling teeth," claims Jeff Schiller, the organization's security director. "Their goal has always been get this into the IETF but don't really give up control," said Schiller. "[They want to] make sure that when the standard comes down, if an anyone wants to implement it then they have to be a licensee." Schiller says that until change control is secured, RSA has no hope of coming near a formal application - as they had claimed to have already done this morning. RSA, however, claims that it has granted change control. "They are trying to get more market share by claiming that the IETF is endorsing their commercial product," alleged Schiller. RSA, in fact, is only one of five groups that have worked on S/MIME 2, which is about to be submitted by the Internet Mail Coalition to the IETF as an informational request for comments. Now, in order to retain its hold on the S/MIME technology, RSA is taking sole credit for submitting it to the task force, some observers claim. "It's totally disacknowledging the work of a lot of other people," said Hoffman. A request for comments is one of the initial steps in the certification process, and Hoffman says that the Internet Mail Coalition has yet to put S/MIME 2 forward. Further, Schiller says, "When we do, it is not trying to get it as an Internet standard. It won't go - and therefore we are not going to try." Hoffman reiterated that S/MIME 2 won't be an Internet standard because it relies on proprietary security technology and weak encryption. The Internet Mail Coalition is about to begin work on S/MIME 3, which will use stronger encryption and true open standards. Tim Matthews, product manager for RSA, acknowledged that the announcement may be open to misinterpretation. "It's basically a summation of all the work we've been doing over the past month," he said. Instead of helping its own cause, and gaining public mindshare, RSA's announcement may end up flying back in its face. "If it fragments the S/MIME camp it could help PGP a bit," said Charles Breed, director of technology for competitor PGP. "I hope [the announcement] hasn't sunk their chances because there are still a lot of people who want to do S/MIME," said Hoffman. "RSA's greediness could sink this, but I really hope it doesn't." - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNFx0To9Co1n+aLhhAQHzQwQAwfbrjUYnFP2Q72Zbld6zDOeprNWV/9Lc fzGy7wiS0Jewx9dgMxMw1jHonlqLak469XzJzJVbSnGpvfpau1QJjWus1sKDbUeL YC87k71t7vTcnWumqnsndlItwbn8AVw5TRLqRxsF+cz4PaspIAx4hIY8V9jDBIk6 EY9J1FSeFkg= =SINu -----END PGP SIGNATURE-----