1997-11-02 - Re: RSA Blows Smoke

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: whgiii@invweb.net
Message Hash: 8eb706c4644d14d8af730b4eda1b0b62fe55e5b3fdd18d343720103e750ed781
Message ID: <199711021353.NAA09099@server.test.net>
Reply To: <199711021240.HAA30685@users.invweb.net>
UTC Datetime: 1997-11-02 14:08:51 UTC
Raw Date: Sun, 2 Nov 1997 22:08:51 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 2 Nov 1997 22:08:51 +0800
To: whgiii@invweb.net
Subject: Re: RSA Blows Smoke
In-Reply-To: <199711021240.HAA30685@users.invweb.net>
Message-ID: <199711021353.NAA09099@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




William Geiger <whgiii@invweb.net> forwards article:
> The Internet standards process is lengthy and complicated at
> best. The sticking point in RSA's efforts to date is that the task
> force will only consider non-proprietary technologies for the
> standards track. But S/MIME 2, the protocol at the heart of the
> effort, includes core RSA technologies that must be licensed.

No hope then, cool :-)

> RSA, in fact, is only one of five groups that have worked on S/MIME 2,
> which is about to be submitted by the Internet Mail Coalition to the IETF
> as an informational request for comments. Now, in order to retain its hold
> on the S/MIME technology, RSA is taking sole credit for submitting it to
> the task force, some observers claim.

Who worked on S/MIME 2?  How comes it's the same "Internet Mail
Coalition" that is "submitting S/MIME 2 to the IETF" as the one which
Paul Hoffman is slagging off RSA and S/MIME 2?

What version of S/MIME does netscape support?

> Hoffman reiterated that S/MIME 2 won't be an Internet standard
> because it relies on proprietary security technology and weak
> encryption. The Internet Mail Coalition is about to begin work on
> S/MIME 3, which will use stronger encryption and true open
> standards.

What's the point?  Why have two competing standards OpenPGP and S/MIME
3 -- does RSA hope that they will get some value from it?

Does S/MIME 3 have key escrow or CMR snooping support?

> "I hope [the announcement] hasn't sunk their chances because there
> are still a lot of people who want to do S/MIME," said
> Hoffman. "RSA's greediness could sink this, but I really hope it
> doesn't."

Before I heard about CMR additions to pgp5.x I would have said I do
sincerely hope RSA's greed sinks this.  (40 bit RC2/40 feh!)

I think I still do hope RSA's greed sinks S/MIME on average, but I
would be much more certain if this pgp5.x CMR thing could be resolved
satisfactorily.

Unfortunately PGP Inc have closed off dialogue on the topic --
apparent blanket ban on employee discussion of CMR.

So will the OpenPGP draft which Jon Callas dubbed "non political"
include CMR?

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread