Re: Elliptic Curves

[Tim Polk <wpolk@xxxxxxxx>]

At 08:26 PM 6/16/97 -0500, Ken Rowe wrote:
>At 11:22 AM 6/16/97 -0600, Bob Jueneman wrote:
>[stuff deleted]
>>I believe that before we take any position regarding the inclusion or
>>exclusion of a particular algorithm, we should think through what such an
>>inclusion implies, and the process by which we should reach such a decision.
>>
>>I have no problem with listing an algorithm identifier for a particular
>>algorithm, so long as we specifically say that we are neither endorsing  nor
>>recommending against its use, but rather feel that it is a decision that
>>must be left to the user at this time.
>[stuff deleted]
>
>I feel that way about any algorithm included in the standard.  I don't think
>the pkix is about endorsement of suitability of algorithms, only providing
>a public interface for using "standard" (i.e., well-defined) algorithms.
>In that sense, I think EC crypto is far enough along to include it in 
>the pkix standard as just one of many algorithms.
>
>Ken.
>
>

Inclusion of an algorithm in PKIX-1 is not an endorsement.  It is simply
recognition that an algorithm will be "widely" used in the Internet PKI.
Conforming implementations need not support any of the algorithms identified.
However, implementations that support an algorithm included in PKIX-1 must
process the algorithm as specified to claim conformance.

By including the algorithm, we specify the algorithm identifier(s) and the
rules for encoding key materials.  If CAs conform when they issue certs,
and clients process the certs as specified, two clients that use the same
algorithm will (in general) be interoperable.  If PKIX-1 does not include
the algorithm, two conforming clients may support different OIDs or
encoding rules, and wouldn't interoperate even tho' they use the same
algorithm.

I believe there will be sufficient ECDSA certs issued in the Internet PKI
to justify including the algorithm in PKIX-1.

Tim