And it is totally irrelevant anyway. The stated position of RSA here,
which has in fact been posted to this list by RSA representatives, is
that they believe this algorithm is still covered by trade secret rules.
I for one don't really care whether RSA thinks that RC2 is a trade secret.
(or for that matter, what RSA's reasoning is)
Just because RSA has an opinion doesn't mean IETF is bound by it.
What IETF cares about is that the algorithm is a published standard
(either de facto or de jure), and that the technology is available
under reasonable and nondiscriminatory terms.
If RSA publishes the algorithm, fine; if the algorithm is published by
somebody else, fine. But it does have to be published. If this WG
can't find a RC2 specification to reference, it needs to use some
other symmetric encryption algorithm. (And IMHO it shouldn't waste any
more time waiting for RSA to make up its mind...RSA has had plenty of time
to publish RC2 if it wants to do that.)
The IETF does care: they require that the owners of any licensed,
patented, or otherwise restrictively controlled technologies release
those technologies for use by the IETF. Having one party publish an
informational RFC that allows others to implement a technology owned by
another party would be wildly irreponsible (as the owner could sue the
IETF in all probability, along with the RFC author), and would not allow
the IETF or anyone else to use the technology, as it would still be
owned by the owner.
When licensed technologies are involved, the IETF requires that the
owners of the technology make it available, somehow. Take a look at the
release in RFC 1319: License to use MD2 is granted for non-commerical
Internet Privacy-Enhanced Mail. On the other hand, MD4 (1320) and MD5
(1321) are placed in the public domain.
In this case, the IETF can only consider algorithms for which exist
appropriate informational RFCs documenting the algorithm and releasing
it for use within the IETF (or for broader use).
pww