S/MIME stumbles in standards race
By Jim Kerstetter, PC Week Online
=A0 NEW YORK -- It appears that S/MIME is out of the running to become an
official standard for E-mail security.
S/MIME (Secure Multipurpose Internet Mail Extension) was in the early
stages of the arduous standardization process when Internet Engineering
Task Force officials -- meeting three weeks ago in Munich -- hinted that it
didn't have much chance of making the cut.
Jeff Schiller, director of the IETF's security area, reportedly said at the
meeting that no protocol that depends on proprietary technology would ever
become a standard endorsed by the IETF. Schiller's comments appeared to be
a thinly veiled reference to S/MIME, which relies upon patented public key
algorithms created by RSA Data Security Systems Inc., of Redwood City,=
Calif.
S/MIME backers decided not to formally submit it for standard consideration
after Schiller's comments.
An RSA official here at the Java Internet Business Expo said he was floored
by the news that S/MIME was apparently out of the running and did not know
why it would falter so quickly. RSA even published its RC2 algorithm,
formerly a licensed trade secret, to ease IETF concerns.
The failure of S/MIME would seem to open a door for PGP (Pretty Good
Privacy) E-mail security, which backers say is based on more open
standards. A recent "birds of a feather" meeting held to discuss PGP went
well, according to developers who attended, and that should gain the
protocol further consideration.
Additional reporting by Eammon Sullivan
--- Rohit Khare /// MCI Internet Architecture (BOS) /// khare@mci.net Voice+Pager: (617) 960-5131 VNet: 370-5131 Fax: (617) 960-1009