S/MIME out of running as IETF standard

This message came form the cypherpunks mailing list.

From: Damaged Justice 
Message-Id: <199708260828.EAA28687@yakko.cs.wmich.edu>
Subject: (fwd) S/MIME gets the heave ho - OPEN PGP considered
To: cypherpunks@algebra.com
Date: Tue, 26 Aug 1997 04:28:33 -0400 (EDT)
X-NSA-Food: narcotics anarchy bosnia encryption kidporn assassinate
X-URL: http://www.nyx.net/~imschira/
X-AKA: ims@grfn.org,imschira@nyx.net
Organization: Somewhere just far enough outside of your jurisdiction 
Content-Type: text
Sender: owner-cypherpunks@cyberpass.net
Precedence: bulk
Reply-To: Damaged Justice 
X-List: cypherpunks@cyberpass.net
X-Loop: cypherpunks@cyberpass.net


-- forwarded message --
Date: Mon, 25 Aug 1997 20:51:30 -0600
From: nospam@synernet.com
Subject: S/MIME gets the heave ho - OPEN PGP considered
Newsgroups: alt.security.pgp,comp.security.pgp.discuss,alt.security,talk.politics.crypto,alt.privacy,alt.privacy.anon-server
Message-ID: <872560157.2954@dejanews.com>
Reply-To: nospam@synernet.com
Organization: Deja News USENET Posting Service
X-Article-Creation-Date: Tue Aug 26 01:49:17 1997 GMT
X-Originating-IP-Addr: 166.82.194.182 (estone.vnet.net)
X-Http-User-Agent: Mozilla/3.0 (Win95; U)
X-Authenticated-Sender: nospam@synernet.com
Lines: 95
Xref: wmich-news comp.security.pgp.discuss:4184

>From an article in today's Network World:

"IETF shows door to RSA secure e-mail proposal
By Ellen Messmer
Network World, 8/25/97

The odds-on favorite e-mail security technology - S/MIME - suddenly is out
of the running as an IETF standard.

The specification, based on technology from RSA Data Security, Inc.,
basically has been booted off the Internet Engineering Task Force
standards track because of RSA's business practices.

Jumping into the race is RSA rival Pretty Good Privacy, Inc. (PGP), which
is pitching an e-mail security specification called Open PGP. The company
has promised it will put the specification in the public domain, giving
authority over change to the IETF.

This throws e-mail security into disarray be-cause the Secure
Multi-purpose Mail Extension already has been or will be implemented in
high-profile products such as Netscape Communications Corp.'s Communicator
4.0 groupware/messaging client and Microsoft Corp.'s Internet Explorer. It
is expected to be included in other products such as Lotus Development
Corp.'s Domino.

E-mail security technology has become a vital element for such products
because customers increasingly are using e-mail to exchange important
business information.
The setback stems from a recent IETF meeting in Munich. At the meeting,
IETF Security Area Director Jeff Schiller, the referee on all security
matters, essentially tossed S/MIME out of the game.

He said the fact that users have to pay licensing and royalty fees to RSA
to develop an S/MIME product eliminated it from becoming an IETF-blessed
standard.

''You shouldn't have to purchase technology from a proponent of a
standard,'' said Schiller, who is manager of network services at the
Massachusetts Institute of Technology.

A number of important items, such as an official charter for the planned
Open PGP Working Group and possibly having PGP sign legal papers
relinquishing change control on its technology, still need to be ironed
out. But it appears likely that Open PGP is in and S/MIME is out at the
IETF.

Charles Breed, PGP's director of technologies, said the Open PGP framework
for public-key certificates, encrypted messages and digital signing will
rely on the Diffie-Hellman key-management patents, which are held by
Stanford University and managed by Cylink Corp.

Invented by crypto legends Whitfield Diffie and Martin Hellman at
Stanford, the public-key technology will be available Sept. 6, which is
when the 20-year patents expire.

In the midst of this setback for RSA, there is growing evidence that RSA's
S/MIME interoperability tests for S/MIME products have been less than a
success.

In the RSA-reviewed testing, vendors test their products against a single
S/MIME reference implementation supplied by Worldtalk, Inc. But S/MIME
products are not being tested against each other directly.

Although Netscape's Communicator 4.0, now shipping, and Microsoft Corp.'s
Internet Explorer 4.0, which is still in beta, both passed RSA's S/MIME
interoperability tests, they do not work together. According to several
sources, the two products can exchange encrypted mail, but they cannot
check each other's digital signatures.

''There's been a misunderstanding,'' said Steve Dusse, RSA's chief
technology officer. He said Microsoft and Netscape pulled a ''bait and
switch'' in which the software each submitted that passed
the tests was changed in the products that appeared on the market.

''By the time Microsoft released their S/MIME product, it had
deficiencies,'' Dusse said. ''The problem on the Netscape side was
introduced between the beta and the final release.''

RSA said it believes Microsoft and Netscape are fixing the problems so
that the final Internet Explorer 4.0 and Version 4.02 of Communicator will
be interoperable in S/MIME. RSA now wants to test final products, not beta
code.

About a half-dozen S/MIME products are now on the market, including those
>From Frontier Technologies, Inc., ConnectSoft, Inc. and Worldtalk."

--
----------------------------
Ed Stone
estone@synernet-robin.com
remove "-birdname" spam avoider
----------------------------

-------------------==== Posted via Deja News ====-----------------------
      http://www.dejanews.com/     Search, Read, Post to Usenet
-- end of forwarded message --