Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)

Eugene Leitl Eugene.Leitl@lrz.uni-muenchen.de
Sun, 27 Jan 2002 23:41:37 +0100 (MET)


---------- Forwarded message ----------
Date: 27 Jan 2002 14:33:15 -0800
From: Eric Rescorla <ekr@rtfm.com>
To: Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de>
Cc: Cryptography List <cryptography@wasabisystems.com>
Subject: Re: Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)

Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de> writes:
> ---------- Forwarded message ----------
> Date: Sun, 27 Jan 2002 21:10:09 +0100 (CET)
> From: Robert Harley <harley@argote.ch>
> To: fork@xent.com
> Subject: Re: Cringely Gives KnowNow Some Unbelievable Free Press...
>
> Adam Beberg wrote:
> >I'm preaty sure the reason we're all using RSA _now_ is the same reason we
> >were using DH a couple years ago - the patents are all expired. ECC has a
> >bunch of patents still living, and the word among the crypto crowd I know is
> >still "avoid like the plague".
>
> I usually have no particular desire to respond to Beberg's negativism,
> but I suppose that I should do so this time.
[Discussion of patents deleted]

I see this sort of point-by-point discussion of EC patents a lot. I think
it misses the point.

If you want to see EC used you need to describe a specific algorithm
which has the following three properties:

(1) widely agreed to be unencumbered, particularly by the big players.
    [extra points if you're willing to indemnify]
(2) significantly better than RSA (this generally means faster)
(3) has seen a significant amount of analysis so that we can have
some reasonable confidence it's secure.

Until someone does that, the cost of information in choosing an
EC algorithm is simply too high to justify replacing RSA in
most applications.

Mr. Beberg's comment about avoiding ECC like the plague matches my
impression of the COMSEC community pretty well. I'm not really part
of the crypto community so I can't speak for that.

-Ekr