RSA Blows Smoke

William H. Geiger III whgiii at invweb.net
Sun Nov 2 04:47:15 PST 1997



-----BEGIN PGP SIGNED MESSAGE-----


Wierd News
RSA Blows Standards Smoke
James Glave james at wired.com"
6:16pm 31.Oct.97.PST
http://www.wired.com/news/news/business/story/8196.html


Today's announcement "http://www.rsa.com/smimelive/html/9710311.html" by
RSA Data Security stating that the company has formally applied to the
Internet Engineering Task Force to establish an email security standard is
a blatant lie rooted in greed, allege sources close to the process.

"RSA is lying, and I am really livid," said Paul Hoffman of the Internet
Mail Coalition. "RSA has not submitted anything."

The flap centers around the company's ongoing efforts to get its
proprietary S/MIME email encryption technology endorsed as a standard by
the task force. Such an endorsement would give the company credibility,
and potentially, an increased market share over rival Pretty Good Privacy.
PGP submitted a competing protocol for standards consideration last month.

The Internet standards process is lengthy and complicated at best. The
sticking point in RSA's efforts to date is that the task force will only
consider non-proprietary technologies for the standards track. But S/MIME
2, the protocol at the heart of the effort, includes core RSA technologies
that must be licensed.

To be considered for standardization, RSA must relinquish "change
control," or the ability to modify the technology, to the task force. And
the portion the task force is most interested in altering is the portion
that requires RSA technology. As a result, getting change control "has
been like pulling teeth," claims Jeff Schiller, the organization's
security director. 

"Their goal has always been get this into the IETF but don't really give
up control," said Schiller. "[They want to] make sure that when the
standard comes down, if an anyone wants to implement it then they have to
be a licensee."

Schiller says that until change control is secured, RSA has no hope of
coming near a formal application - as they had claimed to have already
done this morning. RSA, however, claims that it has granted change
control.

"They are trying to get more market share by claiming that the IETF is
endorsing their commercial product," alleged Schiller.

RSA, in fact, is only one of five groups that have worked on S/MIME 2,
which is about to be submitted by the Internet Mail Coalition to the IETF
as an informational request for comments. Now, in order to retain its hold
on the S/MIME technology, RSA is taking sole credit for submitting it to
the task force, some observers claim.

"It's totally disacknowledging the work of a lot of other people," said
Hoffman. A request for comments is one of the initial steps in the
certification process, and Hoffman says that the Internet Mail Coalition
has yet to put S/MIME 2 forward.

Further, Schiller says, "When we do, it is not trying to get it as an
Internet standard. It won't go - and therefore we are not going to try."

Hoffman reiterated that S/MIME 2 won't be an Internet standard because it
relies on proprietary security technology and weak encryption. The
Internet Mail Coalition is about to begin work on S/MIME 3, which will use
stronger encryption and true open standards.

Tim Matthews, product manager for RSA, acknowledged that the announcement
may be open to misinterpretation. "It's basically a summation of all the
work we've been doing over the past month," he said.

Instead of helping its own cause, and gaining public mindshare, RSA's
announcement may end up flying back in its face.

"If it fragments the S/MIME camp it could help PGP a bit," said Charles
Breed, director of technology for competitor PGP.

"I hope [the announcement] hasn't sunk their chances because there are
still a lot of people who want to do S/MIME," said Hoffman. "RSA's
greediness could sink this, but I really hope it doesn't."

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNFx0To9Co1n+aLhhAQHzQwQAwfbrjUYnFP2Q72Zbld6zDOeprNWV/9Lc
fzGy7wiS0Jewx9dgMxMw1jHonlqLak469XzJzJVbSnGpvfpau1QJjWus1sKDbUeL
YC87k71t7vTcnWumqnsndlItwbn8AVw5TRLqRxsF+cz4PaspIAx4hIY8V9jDBIk6
EY9J1FSeFkg=
=SINu
-----END PGP SIGNATURE-----







More information about the cypherpunks-legacy mailing list