Re: Comment by Schiller torpedos S/MIME

Jay Thomas (jpthomas@ix.netcom.com)
Fri, 29 Aug 1997 09:12:52 -0400


Rohit Khare wrote:
>
> August 27, 1997 6:15 PM ET
>
> S/MIME stumbles in standards race
> By Jim Kerstetter, PC Week Online
>
> NEW YORK -- It appears that S/MIME is out of the running to become an
> official standard for E-mail security.
>
> S/MIME (Secure Multipurpose Internet Mail Extension) was in the early
> stages of the arduous standardization process when Internet Engineering
> Task Force officials -- meeting three weeks ago in Munich -- hinted that it
> didn't have much chance of making the cut.
>
> Jeff Schiller, director of the IETF's security area, reportedly said at the
> meeting that no protocol that depends on proprietary technology would ever
> become a standard endorsed by the IETF. Schiller's comments appeared to be
> a thinly veiled reference to S/MIME, which relies upon patented public key
> algorithms created by RSA Data Security Systems Inc., of Redwood City, Calif.
<SNIP>

[I don't know how many of you have gotten this, but here is Jeff's
response
JT]

Subject:
S/MIME and the IETF
Date:
Thu, 28 Aug 1997 17:28:26 -0400
From:
"Jeffrey I. Schiller" <jis@mit.edu>
To:
IETF-Announce:;@ietf.org

There has been a lot of coverage in the press recently about the
relationship of S/MIME and the IETF. The purpose of this note is to
clarify the situation from my perspective and to show the way into the
future.

Back last April at the Memphis meeting I attended and addressed the
2nd
S/MIME BOF session. As you are probably aware, the IETF process
permits
a group of people to meet as a BOF for two session prior to either
disbanding or deciding to propose a charter for a formal IETF Working
Group. The primary purpose of BOF sessions is to gauge interest in the
standardization of a solution for a particular technology problem.

At that BOF meeting I informed the group of the ground rules and
pne-conditions that I felt were necessary for the IETF to be willing
to
charter a Working Group in the S/MIME arena. To push things along I
established a deadline of last July 1st for the group to either
produce
a proposed charter or decide to not pursue an S/MIME within the IETF
standard. July came and went without such a charter being proposed.

At the recent Munich meeting a BOF was held on "Open PGP" and that
group agreed to quickly put together a charter for an "Open PGP/MIME"
Working Group. That effort is ongoing.

Since then the S/MIME proponents have come back to me claiming that
they misunderstood the nature of the July 1st deadline and expnessed
an
interest in pursuing an S/MIME Working Group charter.

Given that some of the key S/MIME participants were not pnesent at the
meeting in Memphis and the results of that meeting were variously
reported, it is quite possible that reasonable people misunderstood
what was required.

The IESG discussed this situation at our teleconference this morning
and we agreed on the following position:

1. We are pnepared to set aside the July 1st deadline on the grounds
that there is sufficient confusion that reasonable people may not
have understood what was required.

2. Before the IESG would consider chartering a working group on S/MIME
RSA Data Security (or appropriate parent company) needs to execute
an agreement with the Internet Society along the lines of the
agreement between Sun Microsystems and the ISOC as documented in
RFC1790.

3. Note: The IESG/IAB is not making a commitment to charter the group
at this time. Point (2) is a pne-requisite, not a quid-pro-quo. At
such time that a charter is proposed to the IESG/IAB, we will
evaluate that proposal on its merits (as we do all proposed
charters) and make a decision at that time.

-Jeff