Re: AW: Reasons to include ECC to our charter

John W Noerenberg II <jwn2@qualcomm.com> Sat, 18 August 2001 16:36 UTC

Mime-Version: 1.0
Message-Id: <p05100101b7a43a5504f0@[129.46.77.28]>
In-Reply-To: <100722F3C53A484B8CF1F14B4F062E93157065@fra1d001.biodata.org>
References: <100722F3C53A484B8CF1F14B4F062E93157065@fra1d001.biodata.org>
Date: Sat, 18 Aug 2001 09:18:54 -0700
To: OpenPGP mailing list <ietf-openpgp@imc.org>
From: John W Noerenberg II <jwn2@qualcomm.com>
Subject: Re: AW: Reasons to include ECC to our charter
Cc: Ben Laurie <ben@algroup.co.uk>, Dominikus Scherkl <Dominikus.Scherkl@biodata.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk

At 3:33 PM +0200 8/15/01, Dominikus Scherkl wrote:
>Hi.
>
>>  > IIRC, not all ECC stuff is patented, only curves over GF(q), q even,
>>  > which can be implemented efficiently using two-valued logic.
>>
>>  As I read it, this I-D includes these.
>But it also includes Curves over GF(q), q prime or a power of some
>odd prime. I wouldn't appreciate it much to exclude some stuff,
>now that we have a definition including simply every finite field.

I agree with Dominkus on this point.  As long as what he has defined 
gives a means for any ECC curve deemed useful, I believe that 
finesses the IPR issues raised by Certicom's patents.

However, At 1:42 AM +1200 8/11/01, Peter Gutmann wrote:
>The rule of thumb for ECC is something like "ECC curves are divided into three
>groups, weak curves, inefficient curves, and curves patented by Certicom".

If Peter is accurate, then Certicom's IPR poses a significant 
obstacle to ECC utility.  Do others wish to comment on this?

It may be possible to pursue an agreement along the lines of RFC1790. 
Certicom would have to be agreeable, and  we would have to persuade 
the IETF as a whole such an agreement is in the IETF's interest.  To 
my knowledge, the RFCs covered by agreement documented in 1790 did 
not achieve STD status, but that doesn't mean we would not succeed. 
It is still a useful model.

Assuming we do proceed, it would be appropriate to be warn people 
about classes of curves which are either inefficient to compute, or 
may require licensing from a third party.  Both considerations limit 
utility of some ECC designs.

However, I would like to see more analysis of ECC curves (not to 
slight Peter's assessment), before I consider this matter resolved. 
Further, if someone could point me towards the appropriate person at 
Certicom to discuss the 1790 approach, please do so.

best,
-- 

john noerenberg
jwn2@qualcomm.com
   --------------------------------------------------------------------------
   Peace of mind isn't at all superficial, really.  It's the whole thing.
   That which produces it is good maintenance; that which disturbs it
   is poor maintenance.
   -- Zen and the Art of Motorcycle Maintenance, Robert M. Pirsig, 1974
   --------------------------------------------------------------------------

AW: Reasons to include ECC to our charter Dominikus Scherkl
Re: Reasons to include ECC to our charter Thomas Roessler
AW: Reasons to include ECC to our charter Dominikus Scherkl
Re: AW: Reasons to include ECC to our charter John W Noerenberg II
AW: Reasons to include ECC to our charter Dominikus Scherkl
Re: AW: Reasons to include ECC to our charter Bodo Moeller
AW: Reasons to include ECC to our charter Dominikus Scherkl
AW: Reasons to include ECC to our charter Dominikus Scherkl
Re: AW: Reasons to include ECC to our charter Ben Laurie
AW: Reasons to include ECC to our charter Dominikus Scherkl
Re: AW: Reasons to include ECC to our charter Ben Laurie
Re: AW: Reasons to include ECC to our charter Shawn C. Masters