Re: Why ECC?

"Michael Young" <> Tue, 24 September 2002 16:25 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id MAA04538 for <>; Tue, 24 Sep 2002 12:25:47 -0400 (EDT)
Received: (from majordomo@localhost) by (8.11.6/8.11.3) id g8OGBBl26133 for ietf-openpgp-bks; Tue, 24 Sep 2002 09:11:11 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g8OGB9v26125 for <>; Tue, 24 Sep 2002 09:11:09 -0700 (PDT)
Received: from ( []) by (AIX4.3/UCB 8.7/8.7) with ESMTP id LAA14936 for <>; Tue, 24 Sep 2002 11:57:43 -0400 (EDT)
Received: from mwyoung ( []) by (8.8.0/8.8.0) with SMTP id MAA21897 for <>; Tue, 24 Sep 2002 12:11:05 -0400 (EDT)
Message-ID: <001301c263e4$be29d0e0$>
From: "Michael Young" <>
To: <>
References: <>
Subject: Re: Why ECC?
Date: Tue, 24 Sep 2002 12:09:20 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>
Content-Transfer-Encoding: 7bit

Hash: SHA1

> At 03:18 AM 9/25/2002 +1200, Peter Gutmann wrote:
> >Because it already contains every algorithm anyone could think of anyway, 
> >and a
> >few more for implementors to ignore wouldn't matter?

I took Peter's comment as a joke, a jab at the load of things already there.

From: "Rodney Thayer" <>;
> -- we alread have DSA for that.  (Well if we want to claim RSA and DSA are
> structurally related we don't but that's not the question at hand)

If we're going to fantasize about future breakthroughs, we could also
speculate that ECC and the integer DLP problems will be structurally related.

> The second thing we're doing is violating the "it should be implementable"
> principle.  These RFC's are supposed to be buildable by normal mortals.

I agree with this sentiment.  Interoperability for the masses is
important.  It's also fine to have a place for experimenters to
play, but there shouldn't be much pressure to get such things into
the specification.

> So, I come back to my question -- why do we want ECC?  If there isn't
> a requirement it fulfills it shouldn't be in the standard -- it just
> takes up space and causes problems.

At least in the last proposal I read, it takes up a LOT of space.
There were a dozen representation options.  It seemed quite unlikely
that anyone would implement more than a small subset.  Good luck
finding other interoperable implementations.

I'd be very happy for this to remain a separate document.

Version: PGP Personal Privacy 6.5.3