[Top] [All Lists]

Re: RSA Blows Smoke

1997-11-02 07:05:21

William Geiger <whgiii(_at_)invweb(_dot_)net> forwards article:
The Internet standards process is lengthy and complicated at
best. The sticking point in RSA's efforts to date is that the task
force will only consider non-proprietary technologies for the
standards track. But S/MIME 2, the protocol at the heart of the
effort, includes core RSA technologies that must be licensed.

No hope then, cool :-)

RSA, in fact, is only one of five groups that have worked on S/MIME 2,
which is about to be submitted by the Internet Mail Coalition to the IETF
as an informational request for comments. Now, in order to retain its hold
on the S/MIME technology, RSA is taking sole credit for submitting it to
the task force, some observers claim.

Who worked on S/MIME 2?  How comes it's the same "Internet Mail
Coalition" that is "submitting S/MIME 2 to the IETF" as the one which
Paul Hoffman is slagging off RSA and S/MIME 2?

What version of S/MIME does netscape support?

Hoffman reiterated that S/MIME 2 won't be an Internet standard
because it relies on proprietary security technology and weak
encryption. The Internet Mail Coalition is about to begin work on
S/MIME 3, which will use stronger encryption and true open

What's the point?  Why have two competing standards OpenPGP and S/MIME
3 -- does RSA hope that they will get some value from it?

Does S/MIME 3 have key escrow or CMR snooping support?

"I hope [the announcement] hasn't sunk their chances because there
are still a lot of people who want to do S/MIME," said
Hoffman. "RSA's greediness could sink this, but I really hope it

Before I heard about CMR additions to pgp5.x I would have said I do
sincerely hope RSA's greed sinks this.  (40 bit RC2/40 feh!)

I think I still do hope RSA's greed sinks S/MIME on average, but I
would be much more certain if this pgp5.x CMR thing could be resolved

Unfortunately PGP Inc have closed off dialogue on the topic --
apparent blanket ban on employee discussion of CMR.

So will the OpenPGP draft which Jon Callas dubbed "non political"
include CMR?

Now officially an EAR violation...
Have *you* exported RSA today? -->

print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>

<Prev in Thread] Current Thread [Next in Thread>