Re: Reasons to include ECC to our charter
Jon Callas <jon@callas.org> Tue, 04 September 2001 21:25 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA28427 for <openpgp-archive@odin.ietf.org>; Tue, 4 Sep 2001 17:25:06 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f84L6LR00294 for ietf-openpgp-bks; Tue, 4 Sep 2001 14:06:21 -0700 (PDT)
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f84L6KD00290 for <ietf-openpgp@imc.org>; Tue, 4 Sep 2001 14:06:20 -0700 (PDT)
Received: from [192.168.1.180] (64.69.113.115) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.0.3) for <ietf-openpgp@imc.org>; Tue, 4 Sep 2001 14:06:11 -0700
Mime-Version: 1.0
X-Sender: jon@merrymeet.com
Message-Id: <p05100300b7bac4c03376@[63.73.97.180]>
In-Reply-To: <p05100103b7baa69ace04@[129.46.76.229]>
References: <200108101342.BAA232398@ruru.cs.auckland.ac.nz> <m15d9Cc-000Qe5C@epsilon> <3B93737C.1A87B234@algroup.co.uk> <p05100103b7baa69ace04@[129.46.76.229]>
Date: Tue, 04 Sep 2001 14:06:05 -0700
To: ietf-openpgp@imc.org
From: Jon Callas <jon@callas.org>
Subject: Re: Reasons to include ECC to our charter
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
I'm afraid that I don't see what the hand-wringing is over Certicom and ECC. In the IETF, we forbid technologies with intellectual property encumbrances from being *required*, but we don't forbid them from being optional. In the real world, any new public key system has an uphill battle to gain any sort of acceptance. Look at the DSS/EG keys we have now. They were invented for two reasons: (1) to address security problems in previous key versions (2) to migrate from encumbered technologies to unencumbered ones. Yet in some quarters of the user community, OpenPGP is looked on as if it were fluoridation, for any number of reasons, none of which are really relevant to this discussion. What *is* relevant is that if we put the ECC parameters in OpenPGP, they probably won't be widely adopted, intellectual property or not. So why not put them in, since they don't hurt anyone else? Also as a real-world consideration, there's no need for any desktop or laptop user to use ECC. Do I care if ECC means that a decrypt happens ten times faster? Nope. The decrypt right now is happening in the blink of an eye (like 50ms) or two. I'm not going to notice it taking place in a tenth of an eye-blink. The delays I see in encrypted email are all related to UI and layers and disk accesses and groveling through databases to *find* the darned key. I might notice an improvement if I'm encrypting a message to a dozen or more people, but maybe not. The size savings is utterly laughable. ECC will matter only on constrained devices. If you want to make a OpenPGP secured pager or SMS cell phone, then we're starting to see a reason for ECC. Why not let these people do it interoperably? I can understand some people's concern that the ECC proponents aren't pushing things. But they did. About three years ago, some Certicom guys made a presentation at an IETF meeting (Chicago?) and were basically pelted with tomatoes and hooted out of the room. It was pretty embarrassing. If I worked for Certicom, my reaction to this working group would be, "When you want to talk rationally, email me." We aren't going to make ECC a MUST or even a SHOULD. We will try very hard to make the formats for ECC not favor anyone's implementation. We all know that. So why don't we encourage some ECC experts to write an informational RFC, do some interoperability testing, and make sure that it doesn't assume a patented technology? And then if we like it, we can put it in a future draft, or a follow-on document? We already have reserved PK algorithm numbers for ECC and ECDSA. Jon
- Reasons to include ECC to our charter Dominikus Scherkl
- Re: Reasons to include ECC to our charter Ben Laurie
- Re: Reasons to include ECC to our charter Florian Weimer
- Re: Reasons to include ECC to our charter Peter Gutmann
- Re: Reasons to include ECC to our charter Ben Laurie
- Re: Reasons to include ECC to our charter Bodo Moeller
- Re: Reasons to include ECC to our charter Ben Laurie
- Re: Reasons to include ECC to our charter John W Noerenberg II
- Re: Reasons to include ECC to our charter Jon Callas
- Re: Reasons to include ECC to our charter Ben Laurie
- Re: Reasons to include ECC to our charter vedaal
- Re: Reasons to include ECC to our charter Jon Callas
- Re: Reasons to include ECC to our charter Ben Laurie
- Re: Reasons to include ECC to our charter Jon Callas
- Re: Reasons to include ECC to our charter John W Noerenberg II
- Re: Reasons to include ECC to our charter Bodo Moeller