At the IETF, the S/MIME working group is about one month away from
completing its work on the specification. The OpenPGP group, however, has
not updated the draft of its specification since October, when group
members identified a number of problems. Both groups had agreed to submit
their final drafts next month, but it is unlikely the PGP group can
finish.
Fine. And if RSA places the necessary pieces into the public domain as promised,
S/MIME may win in which case PGP will just have to build a plug-in. Not
difficult.
If not, I strongly doubt that it will become a standard, an *open* standard
that is. And right now we need open standards. Besides there are sufficient
algorithms available that are Good Enough (C) so why bother with anything
proprietary ? That is the boring part anyway swap DH for RSA or IDEA for
RC4-128 and no one will really notice (other than needing new keys - if you
*could* use an RSA keypair with DH, then I would get concerned but just
points out the triviality.
The problem is politics as usual, not anything technical and the last time
I looked, the ietf wasn't for sale. (would like to know if it has changed)
Strong E-mail encryption is needed and will happen. Already exists for a few
people but is an individual thing today. What is needed is the universal
readers, the key management servers, and the directory services to support
a universal mechanism. Should have happened already but we have the US Patent
office to thank that it hasn't and Phil was the revolutionary who helped it
happen this fast (unfortunately, the first thing you do after a revolution
is to shoot the revolutionaries...)
For myself, I will *never* (never say never) advocate anything that is
based on proprietary algorithms, there are too many open ones to stifle
development that way. Fortunately some listen.
So what is the status of RSA and "open" ? Or are they waiting for Exchange 5.5
SP1 ?
Warmly,
Padgett