-----BEGIN PGP SIGNED MESSAGE-----
RSA Blows Standards Smoke
James Glave james(_at_)wired(_dot_)com"
Today's announcement "http://www.rsa.com/smimelive/html/9710311.html" by
RSA Data Security stating that the company has formally applied to the
Internet Engineering Task Force to establish an email security standard is
a blatant lie rooted in greed, allege sources close to the process.
"RSA is lying, and I am really livid," said Paul Hoffman of the Internet
Mail Coalition. "RSA has not submitted anything."
The flap centers around the company's ongoing efforts to get its
proprietary S/MIME email encryption technology endorsed as a standard by
the task force. Such an endorsement would give the company credibility,
and potentially, an increased market share over rival Pretty Good Privacy.
PGP submitted a competing protocol for standards consideration last month.
The Internet standards process is lengthy and complicated at best. The
sticking point in RSA's efforts to date is that the task force will only
consider non-proprietary technologies for the standards track. But S/MIME
2, the protocol at the heart of the effort, includes core RSA technologies
that must be licensed.
To be considered for standardization, RSA must relinquish "change
control," or the ability to modify the technology, to the task force. And
the portion the task force is most interested in altering is the portion
that requires RSA technology. As a result, getting change control "has
been like pulling teeth," claims Jeff Schiller, the organization's
"Their goal has always been get this into the IETF but don't really give
up control," said Schiller. "[They want to] make sure that when the
standard comes down, if an anyone wants to implement it then they have to
be a licensee."
Schiller says that until change control is secured, RSA has no hope of
coming near a formal application - as they had claimed to have already
done this morning. RSA, however, claims that it has granted change
"They are trying to get more market share by claiming that the IETF is
endorsing their commercial product," alleged Schiller.
RSA, in fact, is only one of five groups that have worked on S/MIME 2,
which is about to be submitted by the Internet Mail Coalition to the IETF
as an informational request for comments. Now, in order to retain its hold
on the S/MIME technology, RSA is taking sole credit for submitting it to
the task force, some observers claim.
"It's totally disacknowledging the work of a lot of other people," said
Hoffman. A request for comments is one of the initial steps in the
certification process, and Hoffman says that the Internet Mail Coalition
has yet to put S/MIME 2 forward.
Further, Schiller says, "When we do, it is not trying to get it as an
Internet standard. It won't go - and therefore we are not going to try."
Hoffman reiterated that S/MIME 2 won't be an Internet standard because it
relies on proprietary security technology and weak encryption. The
Internet Mail Coalition is about to begin work on S/MIME 3, which will use
stronger encryption and true open standards.
Tim Matthews, product manager for RSA, acknowledged that the announcement
may be open to misinterpretation. "It's basically a summation of all the
work we've been doing over the past month," he said.
Instead of helping its own cause, and gaining public mindshare, RSA's
announcement may end up flying back in its face.
"If it fragments the S/MIME camp it could help PGP a bit," said Charles
Breed, director of technology for competitor PGP.
"I hope [the announcement] hasn't sunk their chances because there are
still a lot of people who want to do S/MIME," said Hoffman. "RSA's
greediness could sink this, but I really hope it doesn't."
William H. Geiger III http://www.amaranth.com/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----