RSA Data Security says it will have another try at pitching its S/MIME specification for encrypting and decrypting e-mail to an Internet standards body.
The Internet Engineering Task Force (IETF) made it clear in August that S/MIME (Secure Multi-purpose Internet Mail Extensions) would likely be rejected as a standard because RSA was planning to maintain rights to ownership of the technology and the trademark. At the time RSA had not formally submitted S/MIME to the IETF.
Earlier this month RSA announced that it had formally renounced trademark and change-control rights to S/MIME and agreed to "fair and non-discriminatory licensing" of the RSA algorithm. As part of its standardisation efforts, RSA published its RC2 encryption algorithm upon which S/MIME is based.
A competing specification called OpenPGP, from Pretty Good Privacy Inc., is already being pushed as a standard by an IETF working group. PGP does not claim proprietary rights to its technology, and it is free, while the public key algorithm upon which S/MIME is based still has a patent on it, according to Charles Breed, PGP's technology director.
An open standard would allow people to exchange encrypted e-mail over the Internet with others using different encryption applications. There are no preclusions to having two standards, however products would have to support both standards or risk not being interoperable.
Microsoft's Internet Explorer 4.0 Web browser, Outlook email client and Exchange Server products support S/MIME, as does Netscape's Communicator 4.0 browser. IBM and VeriSign also offer products that support S/MIME.
PGP works with all those products as a plug-in and is bundled with Qualcomm's Eudora e-mail client, said Breed. PGP's install base of nearly four million "active users" is larger than S/MIME's, he added.
"I think the IETF will let both standards proceed, but it will be up to corporations and users to decide which will win out," Breed said. "These are just specifications for how to build the mousetrap. Until you see the mousetraps built and who buys them, you won't know who wins."
RSA made its announcement at S/MIME Live!, a one-day vendor conference designed to showcase products supporting the technology.
Also at the event, RSA announced that 12 manufacturers, resellers and distributors have formed a new S/MIME Consortium in Japan. Among them are: Matsushita Graphic Communication Systems Inc., which plans to offer an S/MIME-based interoperable Internet fax machine; and NTT Electronics Corp., which began shipping in June Japanese-language messaging plug-in applications.
RSA also announced an effort to combine S/MIME with the US government's Message Security Protocol (MSP). Merging S/MIME and MSP will enable vendors to sell software to the government with minimal customisation and will allow the government to save money by buying off-the-shelf software, RSA said.
RSA expects to release a prototype of the new MSP-enhanced S/MIME protocol in 1998, with implementations the following year, the company said. RSA also hopes the new protocol will become an Internet standard.
RSA, based in Redwood City, California, can be reached at http://www.rsa.com/.