[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reasons to include ECC to our charter

To: Dominikus Scherkl <Dominikus.Scherkl@xxxxxxxxxxx>
Subject: Re: Reasons to include ECC to our charter
From: Ben Laurie <ben@xxxxxxxxxxxxx>
Date: Thu, 09 Aug 2001 15:40:31 +0100
Cc: "openPGP e-Mail (E-Mail)" <ietf-openpgp@xxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

Dominikus Scherkl wrote:
> 
> Dear openPGP Working Group,
> 
> Sorry, that I supposed my suggestions for an ECC-extension
> to the openPGP message format to be property of this WG while
> it is only a personal draft.
> 
> Now for my reasons, why this WG should include
> <draft-scherkl-openpgp-ecc-00.txt> to its charter:
> 
> I think it is time to fulfill the promise this WG made by
> reserving space for ECC and ECDSA, if we want to keep this
> standard as wide used as it is.
> 
> Long time has gone since we reserved IDs for ECC algorithms
> and many applications now support ECC but can't provide it in
> an openPGP context. So they uses other standards like S/MIME
> or proprietary protocols to provide these algorithms to those
> who want to enjoy their advantages.
> 
> Different sets of ECC parameters have now been tested long
> enough to outsource all trivialy (and many not so trivial)
> cases that won't provide sufficient security, so ECC becomes
> a "well known" algortithm.
> In this light the somewhat slightly advantages "short keys"
> and "high performance" gain weight due to the lack of
> disadvantages.
> 
> Therefore I'm convinced we can include it in the standard
> without high probability to compromise our security goals.
> 
> The attached draft is thought to be fully conform with the
> openPGP format and even some other standards, and it defines
> all elliptic curves so that no greater changes in the
> future are expected (it keeps no further gaps in the ECC
> definiton as some older suggestions have done).
> If it isn't, I'm sure we can make it with small efford.
> 
> At all, the openPGP standard can only gain by adding this
> draft to the charter.

You can't add it to the _standard_ because of restrictive licensing. I
guess Informational RFCs are possible, but they don't make me happy -
essentially the WG is doing free work, both technical and marketing, for
the owner(s) of the patents.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

Follow-Ups:
- Re: Reasons to include ECC to our charter
  - From: Florian Weimer

References:
- Reasons to include ECC to our charter
  - From: Dominikus Scherkl

Prev by Date: AW: Draft openPGP ECC formats
Next by Date: AW: Reasons to include ECC to our charter
Previous by thread: Reasons to include ECC to our charter
Next by thread: Re: Reasons to include ECC to our charter
Index(es):
- Date
- Thread