Re: Elliptic Curves

[Bob Jueneman <BJUENEMAN@xxxxxxxxxx>]

My only concern is that various states, the legal community, and users tend
to be strongly influenced by the actions of standards groups in areas such
as this.

I'm not taking any position one way or the other regarding the maturity of
elliptic curves from a cryptanalytic standpoint, although as a matter of
prudence I would not feel comfortable using them for high-value transactions
until they have been subected to several more years of examination by the
cryptographic community.

I believe that before we take any position regarding the inclusion or
exclusion of a particular algorithm, we should think through what such an
inclusion implies, and the process by which we should reach such a decision.

I have no problem with listing an algorithm identifier for a particular
algorithm, so long as we specifically say that we are neither endorsing  nor
recommending against its use, but rather feel that it is a decision that
must be left to the user at this time.

Bob

>>> Charles Breed <cbreed@pgp.com> 06/16/97 09:38AM >>>
Having the flexibility to add new algorithms is always a smart thing.
Elliptic curve (discrete log-based asymmetric) algorithms make a lot of
sense, wrt smart cards and their need for small keys, low memory and low
burden on CPUs. As long as the relevant PKCS 'standards' can accommodate the
new algorithm, I vote YES.

Charles


At 05:20 AM 6/16/97, Housley, Russ wrote:
>
>Since we began work on PKIX part 1, Elliptic Curve thecnology has become 
>more and more mature.  In fact, ANSI X9.62 looks pretty close to final.  
>How do people feel about ading the ECDSA algorithm to the list of signature

>algorithms in part 1?
>
>Russ
>
>