[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: undefined MAY algorithm example (Re: Question and note)
>So I doubt that open-pgp will be able to include ECC.
If open-pgp contains RSA why can't it contain ECC?
ECC is an option in open-pgp and not mandatory. It is a very useful option
that should have equal status to other patented algorithms. Certicom has
very reasonable licensing terms (as compared to other un-named companies
with three letter acronyms in their names). Certicom would issue a
non-commercial use license for ECC in open-pgp that would allow broad
"personal use" by the open-pgp community. Certicom would charge for
business use of ECC in open-pgp at our very low rates (we have to find some
way to hordes of Ph.D. mathematicians in our research labs).
In reviewing the specification, it does appear that some additional details
would be useful to better define ECC in open-pgp. I will try to get some
of our cryptographers to submit some algorithm and parameter related text.
Adam Back says:
> I just read the spec end to end, and I think I found an example of the
> sort of problem Tom is referring to, from:
> ............... For example (as Tom has been pointing out) it says
> Elliptic Curve.........
> PROBLEM: no definition of any Elliptic Curve parameters.
Elliptic Curve Cryptosystem is a VERY nice idea. Unfortunately,
despite the fac that its inventors intentionally did not patent
it, it is vastly covered by various patents. I heard that even
some eliptic curves have been patented! [How stupid was I not
to patent myself a few millions of primes. :-]
For at least some of those patents there appears to be no
freeware route (i.e. you pay for licening regardless).
So I doubt that open-pgp will be able to include ECC.