Re: Key Management, anyone? (DNS keying)

> 2) FORTEZZA(tm) (including Skipjack) is on the IETF standards track, as
> an algorithm suite in the Transport Layer Security (TLS) protocol.
> That doesn't imply that anyone other than posessors of FORTEZZA(tm)
> cards will be expected, or even able, to use that particular mechanism.
> It meets the need of a large community of users; no objections to
> standardization of FORTEZZA(tm) as an optional CipherSuite have been
> raised, or even mentioned, within the TLS WG.

well, as best I can tell, there's NO WAY for a classified algorithm to
be on the IETF standards track.

RFC1602 says:

         (A)  ISOC will not propose, adopt, or continue to maintain any
              standards, including but not limited to standards labelled
              Proposed, Draft or Internet Standards, which can only be
              practiced using technology or works that are subject to
              known copyrights, patents or patent applications, or other
              rights, except with the prior written assurance of the
              owner of rights that:

              l.   ISOC may, without cost, freely implement and use the
                   technology or works in its standards work;

              2.   upon adoption and during maintenance of an Internet
                   Standard, any party will be able to obtain the right
                   to implement and use the technology or works under
                   specified, reasonable, non-discriminatory terms; and

              3.   the party giving the assurance has the right and
                   power to grant the licenses and knows of no other
                   copyrights, patents, patent applications, or other
                   rights that may prevent ISOC and members of the
                   Internet community from implementing and operating
                   under the standard.

Now, this is part of the part of 1602 which was generally felt to be
"broken".  However, the replacement for RFC1602,
draft-ietf-poised95-std-proc-3-06.txt, says:
 
   7.1.2  Incorporation of Other Specifications

      Other proprietary specifications may be incorporated by reference
      to a version of the specification as long as the proprietor meets
      the requirements of section 10.  If the other proprietary
      specification is not widely and readily available, the IESG may
      request that it be published as an Informational RFC.

      The IESG generally should not favor a particular proprietary
      specification over technically equivalent and competing
      specification(s) by making any incorporated vendor specification
      "required" or "recommended".

and, later on:

10.2  Confidentiality Obligations

   No contribution that is subject to any requirement of confidentiality
   or any restriction on its dissemination may be considered in any part
   of the Internet Standards Process, and there must be no assumption of
   any confidentiality obligation with respect to any such contribution.

						- Bill

Received on Thursday, 1 August 1996 19:23:06 UTC