There are a few things in this document that should raise concern.
Appendix C states clearly that this is a patented algorithm for which
licensing is available. However, it appears that no one has let the IETF
Secretariat know that. Nothing about IDEA is listed on
<http://www.ietf.org/ipr.html>. This draft should not be considered until
there is a formal statement to the IETF.
Parts of the document sounds like a marketing brochure. "Today, IDEA is
widely applied in electronic business applications." "Especially for those
organization who make already use of IDEA on a wide scale it is of high
interest that IDEA is also available in S/MIME." "Experts in cryptography
consider IDEA to be a highly secure symmetric cipher [IDEA]." And so on.
These seem particularly inappropriate for an RFC. To be frank, I've never
heard of anyone wanting to use IDEA for anything other than old PGP. The
folks who wrote PGP had their reasons for choosing IDEA when they did, but
they dropped IDEA as a required algorithm for OpenPGP and that doesn't
appear to have negatively affected them. The IETF shouldn't codify this
kind of marketing hype, even in an Informational RFC. To move forwards with
this, it would be nice if the authors went through the draft and took out
the marketing fluff.
--Paul Hoffman, Director
--Internet Mail Consortium