At 9:00 AM -0800 12/5/07, Turner, Sean P. wrote:
At the meeting we had some comments on the S/MIME v3.2 specs
(draft-ietf-smime-3850bis-00.txt and
draft-ietf-smime-3851bis-00.txt):
1. Define SHOULD+, SHOULD-, and MUST-.
2. Update key size requirements and make sure you differentiate
between RSA/DSA and EC key sizes.
3. Check that there's no IPR wrt to ECDSA signed certificates and
using them with S/MIME.
Certicom has indeed asserted intellectual property rights for ECDSA.
See <http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf>. The
last two sentences on the first page are particularly relevant.
As mentioned earlier on this thread, Certicom has also issued an IPR
statement directly relating to S/MIME:
<http://www.ietf.org/ietf/IPR/CERTICOM-SMIME>, and has also issued
another relating directly to ECDSA:
<http://www.ietf.org/ietf/IPR/CERTICOM-ECDSA>.
Given these, particularly the most recent one pointing out the lack
of licensing for being able to sign with ECDSA, it seems prudent to
*not* mention ECDSA anywhere in draft-ietf-smime-3850bis-00.txt and
draft-ietf-smime-3851bis-00.txt. If someone wants to give any
specification for ECDSA (such as allocating OIDs or saying how to use
ECDSA with S/MIME), they can write an individual submission and ask
for it to become an Informational RFC.