[Top] [All Lists]

RE: I-D ACTION:draft-ietf-smime-idea-00.txt

1999-04-06 04:49:02
        Paul Hoffman wrote:

I have a few objections to this draft that I would like to see cleared up 
before any further discussion happens on the draft.

The draft does not have the mandatory notice about whether or not it 
complies with RFC 2026. Without this notice, the authors could claim that 
they do not release copyright on the draft to the IETF, and therefore we 
may not be able to use the discussions of the draft in the future.

The draft seems more like a marketing effort than a technical 
specification. All the talk about integration with S/MIME, the history of 
IDEA, and so on is pretty useless. A simple document saying "here's the 
OID, here are the parameters, here's our patent statement" would suffice. 
(I find it particularly galling that the sentence "S/MIME is constructed
an open system." is used near the beginning of the draft as a way to make 
nice before proposing an algorithm that is heavily protected by patents.)

The draft restates some of the MUSTs and SHOULDs from the -msg draft,
is completely inappropriate. All such restatements should be removed, 
leaving just the changes that this draft would make to the 

There is no Security Considerations section; I think one would be 
appropriate, given that this is proposing an algorithm that is not widely 

The statement "Commercial licenses can be obtained by contacting 
idea(_at_)ascom(_dot_)ch" is interesting, if true. I was told a few years ago 
that a 
company that applied for an IDEA license for PGP was flatly rejected 
without any talk of the cost (I have no verification of this). Perhaps the

authors of this draft should reword the sentence, or spell out what they 
mean in terms similar to those used in RFC 2026 and RFC 2028.


        We will definitely include the mandatory notice about the compliance
of our draft with
        RFC 2026. Of course, it is our intention to release copyright on the
draft to the IETF!

        Ascom Systec's policy about IDEA licensing has changed already some
years ago.
        Today, everybody can easily obtain IDEA licenses at low costs for
instance by using our online lincence order service at . We would also like to emphasize that IDEA is
free for non-commercial use. 

        The attached reference list of IDEA users should be proof enough
that IDEA is
        not only widely known but also widely accepted !

        We have written our draft with the intention to support developers
with important implementation and application information. Since not every
SW developer in IT-security is an expert in S/MIME, we believe it is
required to give more than just the OID and licensing information. However,
we are thankful for every helpful comment to make the draft clearer for a
better understanding.


|  Dr. Stephan Teiwes
|  Ascom Systec AG, CH-5506 Maegenwil
|  Phone: +41 (0)62 / 889 59 36 
|  Fax:   +41 (0)62 / 889 59 99
|  EMail: stephan(_dot_)teiwes(_at_)ascom(_dot_)ch 
|  Information Security with IDEA(_at_)corporate products

Attachment: referencesIDEA.doc
Description: MS-Word document

<Prev in Thread] Current Thread [Next in Thread>