X

RSA under fire from IETF

The company is taking heat from the Internet Engineering Task Force about its tactics during the S/MIME standards process.

3 min read
RSA Data Security has come under fire from key members of the Internet Engineering Task Force (IETF), who charge that RSA is pushing a proprietary agenda and taking undue credit for pushing S/MIME along the IETF standards route.

Last Friday, RSA issued a press release that stated it had submitted S/MIME, its secure email protocol, to the IETF as a proposed Net standard.

But Paul Hoffman, director of trade group Internet Mail Consortium, and IETF security chief Jeffery Schiller were miffed at RSA's press release.

"The press release makes it sound like RSA is in charge of S/MIME," said Hoffman, whose organization's members include email heavyweights Microsoft, Netscape Communications, Lotus, IBM, Qualcomm, and Apple, as well as Clorox.

"RSA would like to create an Internet standard that would require you to buy technology from them," charged Schiller, who heads the IETF's security group. "The IETF has a bias against proprietary technology," he added.

RSA product manager Tim Matthews wrote today in a posting to an S/MIME mailing list that "we seem to have inadvertently touched a nerve with the release that went out last week."

"This was certainly not our intention," he wrote. "We were merely trying to sum up the positive work that has taken place over the last few months in a manner that would answer the questions frequently put to us by the press."

The IETF has received a proposed charter for an S/MIME working group, submitted by Hoffman's group, which is a step toward making S/MIME an IETF standard. The working group's charter is slated to be considered by an IETF steering group on Thursday.

In part, the reaction to RSA's announcement last week appears to stem from who gets credit for advancing S/MIME along the IETF's arcane standards process.

"We in no way intended to take credit for the good work of the authors and editors," RSA's Matthews wrote. "RSA has been the focal point for S/MIME development and comment for some time, so we took the step of announcing all of the good progress."

This is not RSA's first dust-up over S/MIME with the IETF. Last spring, Schiller said S/MIME could not proceed through IETF unless it published its RC2 encryption algorithm, ceded control of the standard to IETF, and gave up intellectual property protection for the term "S/MIME."

RSA took those steps, although not in time to meet a July 1 deadline that Schiller originally imposed. He has since backed off under pressure.

The brouhaha could affect Thursday's decision on setting up a working group.

"People on [the steering group] are now worried that RSA didn't really turn S/MIME over because it's making these claims," Hoffman said.

Schiller, though unhappy with RSA's press release, isn't willing to say whether it will jeopardize the decision to form a working group.

"Just because RSA is misbehaving, do we want to tell other groups and companies that they can't have a reasonable standard?" he said.