It appears that the tactics of internet security player RSA Security Inc to attempt to get its technology adopted by the Internet Engineering Task Force (IETF) has blown up in its face. At the start of last month the company, which is a subsidiary of Security Dynamics Inc, published its RC2 algorithm on its website to enable closer scrutiny by the IETF’s engineers. It said it was trying to get a Request for Comments (RFC) on the matter issued by the IETF, which never happened. But at the recent IETF meeting in Munich, the group bypassed RSA’s protocol, which includes the S/MIME standard for electronic messaging, because it is considered proprietary. RSA had said it had no intention of giving up the source code or the name when it published the spec. That sort of attitude does not go down well at the IETF, which generally does not adopt anything that is still encumbered by a patent held by a company requiring license fees. But as luck would have it, the 20 year-old patent on the Diffie-Hellman key management system runs out on September 6, after which it will be free for anybody to use. Rival security company Pretty Good Privacy Inc says it will step in with an implementation based on Diffie-Hellman for consideration by the IETF called Open PGP, to which PGP will claim no ownership. It is expected to be voted on next month, after which it could take anything up to two years to become an IETF standard. The discussion in Munich was under the auspices of the IETF’s IP security area working group. W. Diffie and M.E. Hellman published their paper called New directions in cryptography in 1976. RSA public key cryptosystem inventor Ron Rivest, the ‘R’ in RSA, developed RC2 eleven years later.
