On Wed, 27 Oct 2004, Julian Mehnle wrote:
Paul Iadonisi [pri(_dot_)spf1(_at_)iadonisi(_dot_)to] wrote:
You *must* know this was coming: isn't S/MIME patent encumbered? I
don't know the whole story, but let's nip that in bud EARLY, instead of
building up to the spectacular crescendo that was MARID, okay?
I'd rather see OpenPGP pushed, if patents are going to be a problem
with S/MIME.
Well, search for the "smime" working group at
https://datatracker.ietf.org/public/ipr_search.cgi
There are at least three IPR disclosures for the S/MIME WG. Although
there are no IPR disclosures for the OpenPGP ("openpgp") WG, there may
still exist some IPR, and even some of the S/MIME IPR might apply to
OpenPGP (possibly the IBM ones).
There are some S/MIME patents but all of them have been such that you
don't even need to sign any license and pay any fees to use the technology.
That is of course other then original RSA patent, but that is now expired
and not something we need to worry about any longer.
That said, if S/MIME does *not* have patent issues, then
GO FOR IT. If it's technically feasible, of course, and it can solve
the...ugh...what problem is it supposed to solve again :-).
If users of online services (e.g. banking) consequently use the services'
crypto keys to verify e-mail messages that supposedly originate from those
services, cryptographic message signatures effectively prevent phishing.
I never understood why my bank does not just sign every email as a required
policy (but then against I don't quite remember the last time I received
email from my bank that was not a phish). I think banks are avoiding email
right now all together because they are so unsure about capabilities of
email authentication.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net