(A Javascript-enabled browser is required to email me.)


Jeffrey Schiller's clarification on S/MIME and the IETF
from TBTF for 1997-09-08



At last month's IETF meeting in Munich, the backers of S/MIME were ready to move the secure email protocol forward on a path to standardization. Netscape, Lotus, and Microsoft all have (or soon will have) products on the market that incorporate the technology, which is based on patented public-key algorithms developed by RSA. Accord- ing to press reports, Jeffrey Schiller, director of the IETF's security area, was overheard to comment "No protocol that depends on proprietary technology will ever become a standard endorsed by the IETF." The S/MIME proponents, discouraged, decided not to pursue the standards track, leaving the backers of PGP/MIME with a clear field.

Follow-up reports over the next week apparently remained in ignorance of this public letter that Schiller posted on 8/28 to clear up the confusion. It states unequivocally that the IETF is not hostile to the idea of an S/MIME proposal.


 Subject: S/MIME and the IETF
    Date: Thu, 28 Aug 1997 17:28:26 -0400
    From: "Jeffrey I. Schiller" 
      To: IETF-Announce:;@ietf.org

There has been a lot of coverage in the press recently about the
relationship of S/MIME and the IETF. The purpose of this note is to
clarify the situation from my perspective and to show the way into
the future.

Back last April at the Memphis meeting I attended and addressed the
2nd S/MIME BOF session. As you are probably aware, the IETF process
permits a group of people to meet as a BOF for two session prior to
either disbanding or deciding to propose a charter for a formal IETF
Working Group. The primary purpose of BOF sessions is to gauge
interest in the standardization of a solution for a particular
technology problem.

At that BOF meeting I informed the group of the ground rules and
pre-conditions that I felt were necessary for the IETF to be willing
to charter a Working Group in the S/MIME arena. To push things along
I established a deadline of last July 1st for the group to either
produce a proposed charter or decide to not pursue an S/MIME within
the IETF standard. July came and went without such a charter being
proposed.

At the recent Munich meeting a BOF was held on "Open PGP" and that
group agreed to quickly put together a charter for an "Open
PGP/MIME" Working Group. That effort is ongoing.

Since then the S/MIME proponents have come back to me claiming that
they misunderstood the nature of the July 1st deadline and expressed
an interest in pursuing an S/MIME Working Group charter.

Given that some of the key S/MIME participants were not present at
the meeting in Memphis and the results of that meeting were
variously reported, it is quite possible that reasonable people
misunderstood what was required.

The IESG discussed this situation at our teleconference this morning
and we agreed on the following position:

1. We are prepared to set aside the July 1st deadline on the grounds
   that there is sufficient confusion that reasonable people may not
   have understood what was required.

2. Before the IESG would consider chartering a working group on S/MIME
   RSA Data Security (or appropriate parent company) needs to execute
   an agreement with the Internet Society along the lines of the
   agreement between Sun Microsystems and the ISOC as documented in
   RFC1790.

3. Note: The IESG/IAB is not making a commitment to charter the group
   at this time. Point (2) is a pre-requisite, not a quid-pro-quo. At
   such time that a charter is proposed to the IESG/IAB, we will
   evaluate that proposal on its merits (as we do all proposed
   charters) and make a decision at that time.

                                -Jeff

[ TBTF for 1997-09-08 ]