The Internet Engineering Steering Group (IESG), which oversees the workings of the Internet Engineering Task Force (IETF) is meeting today to discuss, among other things, the formation of a working group for the S/MIME secure email protocol. The issue is contentious largely because of the actions of RSA Data Security Inc action recently, implying that it had made a formal submission to the IETF and that its version of S/MIME was to be adopted by the IETF as a standard. RSA protested that it now made its position perfectly clear and was not trying to force its technology on anyone. It is merely is trying to gain publicity for the S/MIME protocol itself, says RSA. IETF security area director Jeff Schiller says that the others involved in S/MIME don’t want RSA to be – or be seen to be – in a dominant position. He said the IETF is likely to approve the formation of a working group for S/MIME today and the other vendors are going to let RSA know what role they want it to have, and according to Schiller they are likely to say, Not a big one. RSA insists that it has relinquished intellectual property claims to both the acronym and change control to the specification itself, while the IETF community says it has not – all it has done is publish informational drafts. That has upset many other vendors who are doing similar work and not shouting about it from the rooftops. RSA’s product manager Tim Matthews admits that perhaps, its initial attempt in August to get a working group established within the IETF might have caused the ill-feeling that has carried over till now. Back then RSA didn’t want to give up rights to either the name or change control. Now it has, but people haven’t forgot its initial position. Matthews says the drafts of S/MIME 3 are the ones the IESG will be considering as the basis of the eventual standard, and they were written by the Internet Mail Consortium (IMC), RSA and others, so RSA should not be held completely responsible. The whole affair seems to be have been blown out of proportion – maybe RSA, as part of Security Dynamics Inc, just has a more effective publicity machine in place.
This article is from the CBROnline archive: some formatting and images may not be present.
CBR Online legacy content.