Re: ECC in OpenPGP proposal

[Jon Callas <jon@xxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>
> Hmmm... you raise an interesting point.  I had thought that this was  
> going to be a new document, and as it is not referred to in the  
> existing core RFC, then ECC/Suite B was going to be a MAY by  
> definition.
>
> Within that new (MAY) document, there would be several choices for  
> MUST, SHOULD, MAY, etc.
>
> Or so I thought ... but I'm not fully aware of how these things  
> interact.
>

At least in theory, we could make ECC be the MUST. But as I said  
before, there really isn't a good process to change those things in  
the IETF.



> OK, if you are happy to carry on this discussion ... what are the  
> reasons for including the 128-bit profile?

There's nothing wrong 128-bit security. It's also faster. It competes  
against 3Kbit integer keys.

If you're doing smart cards, HSMs, mobile phones, etc. they will  
likely need 128-bit security for speed reasons.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj8DBQFHx0BEsTedWZOD3gYRAkmmAJ9eDHz2s6TiLS2rbb4kvwSAFEVDGgCgta1a
cc+w9w+IP3KwoAfp7hBfP7c=
=txKh
-----END PGP SIGNATURE-----