From: Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu>
And it is totally irrelevant anyway. The stated position of RSA here,
which has in fact been posted to this list by RSA representatives, is
that they believe this algorithm is still covered by trade secret rules.
I for one don't really care whether RSA thinks that RC2 is a trade secret.
(or for that matter, what RSA's reasoning is)
Just because RSA has an opinion doesn't mean IETF is bound by it.
What IETF cares about is that the algorithm is a published standard
(either de facto or de jure), and that the technology is available
under reasonable and nondiscriminatory terms.
What the IETF cares about is that proprietary algorithms not be
REQUIRED, or even mentioned, in Standards Track specifications when
suitable non-proprietary alternatives are available. Freely-available
symmetric algorithms exist in abundance, hence RC2 does not belong in the
Implementors of IETF-S/MIME software are always free to also implement RC2,
using either licensed or unlicensed code, over and above the requirements
of the IETF specification. Many of them probably will, for backward
Regardless of the legal standing of the clean-room implementation,
regardless of the existence of a published specification for RC2 (as an
Information RFC, for example), there will always be the the threat of
legal action unless RSA changes it's position. The IETF's agnosticism
on the validity of the claims is irrelevant - RSA's opinion, valid or
not, is what counts.
Ned Freed's superlative analysis should be the last word on this issue.
How could anyone read it and not be convinced?