Policy-Discussion

[Philipp Gühring <pg AT futureware.at>]

Hi,

> Curious comment seen on crypto list... 2nd last penultimate
> paragraph what is CAcert's position on ECC?

I have seen 16000 bit RSA keys in action already, so I don´t really see a 
problem with RSA yet.

PGP had implemented ECC in their product around 2000 according to Jon Callas 
(CTO), but they never shipped it. The reason he gave: "You don´t exchange the 
whole infrastructure for a 30% speedup."

I´ve been talking to a developer who developed his own ECC implementation 
several months ago, and he told me that he believes that ECC will likely 
break before RSA breaks.

My personal issue with ECC is that it´s far more complex, and less 
understandable than RSA.

From the CAcert position I see the problem that a lot of hardware and 
software 
doesn´t support ECC yet, and it doesn´t provide any new features that would 
help to solve the existing problems.

Regarding the size, certificates with RSA aren´t that much longer than 
certificates with ECC. (Things like which hash standard you use (md5 vs. 
sha2) have a far bigger impact on the size)

Besides that, thanks to OpenSSL CAcert is already supporting the issueing of 
ECC certificates. I don´t think that issueing of ECC OpenPGP keys is 
supported yet, but I don´t know for sure.

So I would suggest we continue with the ECC topic, when Certicom (and perhaps 
others) patents have expired, most mobile phones are supporting ECC, and 
someone shows me a factored 16000 bit RSA key.

Best regards,
Philipp Gühring