On Mon, Nov 15, 2010 at 09:36:58PM -0600, Marsh Ray wrote: > For one thing, open source projects wouldn't go along with it. > http://fedoraproject.org/wiki/User:Peter/Disabled_applications
This is due to excessive paranoia on the part of RH's legal department (they are assuming even ECDH over GF(p) is still patented, for instance). I pointed them to draft-mcgrew-fundamental-ecc [1], hopefully once that hits RFC they will take it into consideration. > elliptic curves using keys a bit shorter than RSA, but that those who do > so sometimes end up paying ++$M. From my perspective, this is > effectively equivalent to the algorithm having a rather severe form of > security vulnerability. > > Thus ECC just does not seem technically relevant to me at this time. I think you (as with RH) are making too many simplifying assumptions. A particular implementation of, say, ECDSA, probably is covered by a number of implementation patents, but then again so is the modexp algorithm your RSA implementation uses, because to a first order approximation everything is patented. Using an algorithm invented in 1978 won't necessarily be any safer for you than using one from 1985, especially in the current patent landscape. If someone wants to sue you, not using ECC isn't exactly going to save you. It's also worth noting that the Certicom patent that they actually sued Sony over does not seem to be specific to ECC but would cover the same usage in a standard mod-p group. -Jack [1] http://tools.ietf.org/html/draft-mcgrew-fundamental-ecc-03 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
