[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA Blows Smoke





William Geiger <[email protected]> forwards article:
> The Internet standards process is lengthy and complicated at
> best. The sticking point in RSA's efforts to date is that the task
> force will only consider non-proprietary technologies for the
> standards track. But S/MIME 2, the protocol at the heart of the
> effort, includes core RSA technologies that must be licensed.

No hope then, cool :-)

> RSA, in fact, is only one of five groups that have worked on S/MIME 2,
> which is about to be submitted by the Internet Mail Coalition to the IETF
> as an informational request for comments. Now, in order to retain its hold
> on the S/MIME technology, RSA is taking sole credit for submitting it to
> the task force, some observers claim.

Who worked on S/MIME 2?  How comes it's the same "Internet Mail
Coalition" that is "submitting S/MIME 2 to the IETF" as the one which
Paul Hoffman is slagging off RSA and S/MIME 2?

What version of S/MIME does netscape support?

> Hoffman reiterated that S/MIME 2 won't be an Internet standard
> because it relies on proprietary security technology and weak
> encryption. The Internet Mail Coalition is about to begin work on
> S/MIME 3, which will use stronger encryption and true open
> standards.

What's the point?  Why have two competing standards OpenPGP and S/MIME
3 -- does RSA hope that they will get some value from it?

Does S/MIME 3 have key escrow or CMR snooping support?

> "I hope [the announcement] hasn't sunk their chances because there
> are still a lot of people who want to do S/MIME," said
> Hoffman. "RSA's greediness could sink this, but I really hope it
> doesn't."

Before I heard about CMR additions to pgp5.x I would have said I do
sincerely hope RSA's greed sinks this.  (40 bit RC2/40 feh!)

I think I still do hope RSA's greed sinks S/MIME on average, but I
would be much more certain if this pgp5.x CMR thing could be resolved
satisfactorily.

Unfortunately PGP Inc have closed off dialogue on the topic --
apparent blanket ban on employee discussion of CMR.

So will the OpenPGP draft which Jon Callas dubbed "non political"
include CMR?

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`