IETF Logo Mail Archive

Re: [TLS] DSS with other than SHA-1 algorithms

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 11 May 2011 14:14 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B45F4E0758 for <tls@ietfa.amsl.com>; Wed, 11 May 2011 07:14:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.442
X-Spam-Level:
X-Spam-Status: No, score=-102.442 tagged_above=-999 required=5 tests=[AWL=0.158, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GIax99xUyNLz for <tls@ietfa.amsl.com>; Wed, 11 May 2011 07:14:29 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2001:4870:a30c:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id DDE71E0746 for <tls@ietf.org>; Wed, 11 May 2011 07:14:28 -0700 (PDT)
Received: from [10.20.30.150] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p4BEEAnG012487 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 11 May 2011 07:14:11 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <201105111149.12286.rob.stradling@comodo.com>
Date: Wed, 11 May 2011 07:14:10 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <92D2BDAA-D76F-410E-80B7-EEEB9CD81ADC@vpnc.org>
References: <E1QK4wD-0007QV-Qp@login01.fos.auckland.ac.nz> <201105111149.12286.rob.stradling@comodo.com>
To: Rob Stradling <rob.stradling@comodo.com>
X-Mailer: Apple Mail (2.1084)
Cc: tls@ietf.org
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2011 14:14:29 -0000

On May 11, 2011, at 3:49 AM, Rob Stradling wrote:

> On Wednesday 11 May 2011 09:38:33 Peter Gutmann wrote:
>> Martin Rex <mrex@sap.com> writes:
>>> There are probably a number of reasons why we are seeing very few (if any)
>>> ECDSA certs issued by commercial CAs.  EC algorithms are still patent
>>> encumbered, and the licensing scheme by the patent holder was a pay-per-
>>> issued-certificate targetting commercial CAs.
>> 
>> Are the CAs impeded by patents?
> 
> The first commercial CA to answer "No" and proceed to issue ECC certs will 
> almost certainly end up in court with an expensive legal bill.  Even if the 
> correct answer really is "No".
> 
> So yes, the CAs are impeded by patents.

This makes it sound like there are patents are issuing ECC certs. However, that statement seems to fly in the face of RFC 6090. Can you clarify? This seems particularly odd because Comodo has issued itself an ECC certificate that is now widely distributed.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email