It will be interesting to see the minutes from today's S/MIME workshop,
particularly regarding agenda item 3: "progressing S/MIME within the IETF".
Until now, I held out some hope that that might actually happen.
But an article in Computer Reseller News entitled "RSA's Bidzos takes issue
with the IETF" (http://techweb.cmp.com/crn, search on bidzos) says that
RSA has no intention of being "bullied" by the IETF, implying that there
is little chance of resolving the licensing issues.
Assuming that the article accurately reflects RSA's position, I fully
support the IETF's decision not to form an S/MIME working group.
At the Memhis BOF, Jeff Schiller stated that the two primary obstacles
were the trade secret status claimed for the RC2 algorithm, and
licensing of the S/MIME trademark. The first issue was addressed by
publication of draft-rivest-rc2desc-00.txt on June 23, so it is apparently
the second issue which is gumming up the works.
As a way out of this impasse, I propose the formation of an IETF working
group to standardize the Message Security Protocol (MSP) version 5.
The working drafts for MSP v5 would be identical in content to
draft-dusse-smime-msg and draft-dusse-smime-cert except that all
references to the trademarked term "S/MIME" would be replaced with
the term "MSP". The development of MSP v5 (including the message
encoding format and the choice of mandatory algorithms) would be in
accordance with standard IETF procedures, only faster :-).
Any S/MIME(tm) developers interested in pursuing this course, as a way
to move forward?
Any interest in an MSP BOF this December in DC?