Re: Why ECC?
Rodney Thayer <email@example.com> Tue, 24 September 2002 15:43 UTC
Received: from above.proper.com (mail.proper.com [126.96.36.199])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA03129
for <firstname.lastname@example.org>; Tue, 24 Sep 2002 11:43:40 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8OFZ9O23546 for ietf-openpgp-bks; Tue, 24 Sep 2002 08:35:09 -0700 (PDT)
Received: from yancy.pkiclue.com (IDENT:email@example.com [188.8.131.52]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8OFZ7v23542 for <firstname.lastname@example.org>; Tue, 24 Sep 2002 08:35:07 -0700 (PDT)
Received: from rt-dt.pkiclue.com (IDENT:root@LOCALHOST [127.0.0.1]) by yancy.pkiclue.com (8.9.3/8.9.3) with ESMTP id IAA22293 for <email@example.com>; Tue, 24 Sep 2002 08:35:04 -0700
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Tue, 24 Sep 2002 08:30:28 -0700
From: Rodney Thayer <firstname.lastname@example.org>
Subject: Re: Why ECC?
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 03:18 AM 9/25/2002 +1200, Peter Gutmann wrote: >Rodney Thayer <email@example.com> writes: > > >Why do we want ECC in OpenPGP? > >Because it already contains every algorithm anyone could think of anyway, >and a >few more for implementors to ignore wouldn't matter? Well as I see it there's the "lifeboat" principle. If someone, somewhere, publishes a 3-line perl script that breaks 2048 bit RSA, we'd like to have a second public key algorithm in the protocol spec so we could switch over. This has two problems: -- the powers that be in the IETF tend to spit in your eye when you propose this class of logic. Been there, tried that. They assume RSA is immortal. -- we alread have DSA for that. (Well if we want to claim RSA and DSA are structurally related we don't but that's not the question at hand) The second thing we're doing is violating the "it should be implementable" principle. These RFC's are supposed to be buildable by normal mortals. Adding 80,000 bells and whistles is stupid -- we get specs that are hard to implement, hard to interoperate, and hard to read (for things like security flaws). So, I come back to my question -- why do we want ECC? If there isn't a requirement it fulfills it shouldn't be in the standard -- it just takes up space and causes problems.