The OpenPGP security protocol has reached a milestone: It's been promoted to the status of proposed standard by the Internet Engineering Task Force (IETF).
"It's very gratifying that we've reached this stage in the standards process," said John Noerenberg, chairman of the IETF's PGP working group. Although PGP is well-known throughout the world and technical differences between implementations are fairly small, there has been the perception that with no formal statement defining it, there is uncertainty over whether various implementations are really interoperable, he explained.
OpenPGP is the open standards version of Network Associates' PGP (Pretty Good Privacy) encryption protocol. It has been viewed by some as a rival standard to S/MIME (Secure Multipurpose Mail Extensions), a protocol based on technology from RSA Data Security, but Jon Callas, Network Associates Chief Technology Officer of the Total Network Security division, said it's most likely that the two technologies will co-exist.
PGP has now reached the second stage in the IETF's four-step standards process, with the next level being draft standard. IETF rules call for a wait of at least six months before a proposed standard becomes a draft, during which it can be demonstrated that there are a number of implementations running and that they are interoperable, Noerenberg said. Due to the fact that PGP has been around for nearly eight years and that there are a good number of implementations, he expects that PGP will attain draft standard status fairly quickly.
"We've been saying for some time that we will wind up with two standards. Both S/MIME and PGP have their uses," Network Associates' Callas said. While PGP's advantage is that it is a much smaller, more lightweight protocol that is more general and can be applied in other areas than messaging, S/MIME is very suitable for applications like EDI (electronic data interchange) and can be built into a more heavyweight corporate infrastructure, Callas explained.
By turning over OpenPGP to the IETF, Network Associates will allow anyone in the world to create PGP-enabled products, Callas added. "As of now, it's not PGP's protocol, it's the world's." Network Associates acquired Pretty Good Privacy Inc., the original developer of the protocol, late last year.
Network Associates can be reached at +1-408-988-3832 or on the web at http://www.nai.com.