ietf-smime
[Top] [All Lists]

RE: The RC2 debate

1997-04-25 13:57:19
On Thursday, April 24, 1997 11:16 PM, Ned Freed
[SMTP:Ned(_dot_)Freed(_at_)innosoft(_dot_)com] wrote:
Yes. My position is that RC2 cannot even be an optional part of the
specification unless it is released from trade secret restrictions. As a
trade
secret the most it can be is an informational part of the specification, and
preferably in a separate, informational document.

I don't see the difference between my saying that the algorithm "can be
used, but not as a MUST" and you saying that it can be "an informational
part of the specification".  Both seem to refer to optional algorithms
that can be used with the protocol.

As far as a separate, informational document, Steve Dusse and the
original S/MIME vendors had originally drafted the S/MIME spec using
both a message specification (that talked about the MIME types and the
use of multipart/signed), and an interoperability profile (describing
the exact algorithms to be used in the specification).  The latest
S/MIME draft fused these two documents together, and I'm not sure if
that was the best idea.  I agree that algorithm specifics are best left
to a separate document -- that way, in the event that the algorithms
change for cryptographic or other reasons, the only document that needs
to change is the one that specifies the algorithms.  The other documents
(in this case, the overall MIME message format and the S/MIME
certificate handling) will be unchanged.

P.S. I am also somewhat offended by your dismissive term "cranky" here.
There
are sound technical and procedural reasons for the position I've taken here.

Yes, you've voiced them, and you've whipped yourself into a frenzy (the
"vociferous objection" paragraph from your last message.  I have trouble
spelling it).  The point that I was making by trivializing your position
as "being cranky" is to lighten the mood.  I'm sorry if it offended you,
but I think that you got much too fired up about this.

The only reason I stepped into this discussion was to clarify whether or
not the OPTIONAL use of RC2 is a violation of IETF guidelines, and as
far as I can tell it isn't.  Please let me know if I have misunderstood
your statement about its inclusion as an informational part of the
specification as being equivalent to the OPTIONAL use of RC2.

Maybe the difference we are having is related to the physical separation
of the S/MIME message specification from the interoperability /
algorithm profile.

Blake



<Prev in Thread] Current Thread [Next in Thread>