[10288] in cryptography@c2.net mail archive
Re: Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Jan 28 12:24:49 2002
To: Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de>
Cc: Cryptography List <cryptography@wasabisystems.com>
Reply-To: EKR <ekr@rtfm.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla <ekr@rtfm.com>
Date: 27 Jan 2002 14:33:15 -0800
In-Reply-To: Eugene Leitl's message of "Sun, 27 Jan 2002 21:17:27 +0100 (MET)"
Message-ID: <kjsn8rqv9w.fsf@romeo.rtfm.com>
Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de> writes:
> ---------- Forwarded message ----------
> Date: Sun, 27 Jan 2002 21:10:09 +0100 (CET)
> From: Robert Harley <harley@argote.ch>
> To: fork@xent.com
> Subject: Re: Cringely Gives KnowNow Some Unbelievable Free Press...
>
> Adam Beberg wrote:
> >I'm preaty sure the reason we're all using RSA _now_ is the same reason we
> >were using DH a couple years ago - the patents are all expired. ECC has a
> >bunch of patents still living, and the word among the crypto crowd I know is
> >still "avoid like the plague".
>
> I usually have no particular desire to respond to Beberg's negativism,
> but I suppose that I should do so this time.
[Discussion of patents deleted]
I see this sort of point-by-point discussion of EC patents a lot. I think
it misses the point.
If you want to see EC used you need to describe a specific algorithm
which has the following three properties:
(1) widely agreed to be unencumbered, particularly by the big players.
[extra points if you're willing to indemnify]
(2) significantly better than RSA (this generally means faster)
(3) has seen a significant amount of analysis so that we can have
some reasonable confidence it's secure.
Until someone does that, the cost of information in choosing an
EC algorithm is simply too high to justify replacing RSA in
most applications.
Mr. Beberg's comment about avoiding ECC like the plague matches my
impression of the COMSEC community pretty well. I'm not really part
of the crypto community so I can't speak for that.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
