William Geiger
The Internet standards process is lengthy and complicated at best. The sticking point in RSA's efforts to date is that the task force will only consider non-proprietary technologies for the standards track. But S/MIME 2, the protocol at the heart of the effort, includes core RSA technologies that must be licensed.
No hope then, cool :-)
RSA, in fact, is only one of five groups that have worked on S/MIME 2, which is about to be submitted by the Internet Mail Coalition to the IETF as an informational request for comments. Now, in order to retain its hold on the S/MIME technology, RSA is taking sole credit for submitting it to the task force, some observers claim.
Who worked on S/MIME 2? How comes it's the same "Internet Mail Coalition" that is "submitting S/MIME 2 to the IETF" as the one which Paul Hoffman is slagging off RSA and S/MIME 2? What version of S/MIME does netscape support?
Hoffman reiterated that S/MIME 2 won't be an Internet standard because it relies on proprietary security technology and weak encryption. The Internet Mail Coalition is about to begin work on S/MIME 3, which will use stronger encryption and true open standards.
What's the point? Why have two competing standards OpenPGP and S/MIME 3 -- does RSA hope that they will get some value from it? Does S/MIME 3 have key escrow or CMR snooping support?
"I hope [the announcement] hasn't sunk their chances because there are still a lot of people who want to do S/MIME," said Hoffman. "RSA's greediness could sink this, but I really hope it doesn't."
Before I heard about CMR additions to pgp5.x I would have said I do
sincerely hope RSA's greed sinks this. (40 bit RC2/40 feh!)
I think I still do hope RSA's greed sinks S/MIME on average, but I
would be much more certain if this pgp5.x CMR thing could be resolved
satisfactorily.
Unfortunately PGP Inc have closed off dialogue on the topic --
apparent blanket ban on employee discussion of CMR.
So will the OpenPGP draft which Jon Callas dubbed "non political"
include CMR?
Adam
--
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0