"The IETF has to get out of two businesses: (1) worrying about the market
share of a few U.S. software companies and (2) interpreting U.S. export
control laws.
Hear hear! Charles, I am in complete agreement with this, and moreover I
would go so far as to recommend that any charter developed for an S/MIME
working group place these concerns out of scope.
As it happens I'm also a principal in a US software company that would very
much like to be able to sell strong encryption to the 45% of our customer base
that happens to be outside the US. And mandating strong encryption in S/MIME
absolutely does hurt us in this regard. However, I am also able to separate
what's good for the IETF as a whole from what is good for us as a business, and
in my judgement what's good for the IETF isn't what's good for us, at least not
in the short term, so mandatory strong encryption is what I think the IETF
should mandate in S/MIME.
This issue is entirely separate from the RC* issue, BTW. RC* with 256 bits
of key is every bit as unacceptable as 40 bits is when it comes to IETF
confidentiality rules.
Ned