Keith, I think you're still missing the point I'm trying to make. You say:
Section 10.2, as it applies to RC2, basically means that IETF can't
reference RC2 in a standards-track protocol *if that reference* is
subject to confidentiality restrictions.
The point is that RSA has claimed that any such reference *is* subject to
confidentiality restrictions. And you yourself have asserted that the IETF
cannot judge the merit of such a claim. As such, you have no choice but to
treat it as valid.
So if an IETF WG wants to
use RC2, it has to find a specification for that algorithm which is
not subject to such restrictions.
RSA claims that this is flatly impossible to do.
Again I have to disagree. Publication is not the issue here, the
issue is RSA's claim to a confidentiality requirement that covers
RC2. As long as such a claim exists we cannot use RC2, period.
I think we do disagree here. But I for one won't object to use of RC2
as long as the S/MIME specification can reference a published
specification which is available to anyone.
Keith, I don't mean to be unfriendly, but this is an absolute showstopper as
far as I'm concerned. So let me be blunt. I believe that progressing a standard
with a RC2 reference in it is a formal violation of IETF rules as long the
status claimed by RSA doesn't change. And this is one rule I happen to believe
must be enforced for the good of the IETF. I also believe I have backed this up
with language from the applicable procedures in force today and that your
reading of the procedures is entirely specious.
As such, I will vociferously object to such a reference every step of the way
through the process, and if it the IESG sees fit to approve such a
specification in spite of my objections I will file a formal appeal with the
IAB, which I believe I will win.
Ned