Subject: Policy-Discussion
List archive
- From: Johan van Selst <johans AT stack.nl>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored]
- Date: Wed, 23 May 2007 15:52:41 +0200
- List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
Philipp Ghring wrote:
> I´ve been talking to a developer who developed his own ECC implementation
> several months ago, and he told me that he believes that ECC will likely
> break before RSA breaks.
> My personal issue with ECC is that it´s far more complex, and less
> understandable than RSA.
Well, RSA has been researched much longer than ECC. I'm no mathematician;
however experts tell me that the theory behind it is actually rather well
understood and trusted.
Also NIST and the NSA seem to put their cards on ECC;
http://csrc.nist.gov/cryptval/dss.htm
http://www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm
Personally I'm more worried about the Certicom patent-issues and
the stability of bleeding-edge implementations than the mathematical
soundness.
> From the CAcert position I see the problem that a lot of hardware and
> software doesn´t support ECC yet
This is true, but software and hardware (esp. in the smartcard-area)
is appearing left and right.
FYI, GnuPG has recently imported (cleaned up) code from the ECC GnuPG
module (http://www.calcurco.cat/eccGnuPG/index.en.html) into their main
codebase and the development snapshots can now import and validate
S/MIME ECC-certificates.
The OpenPGP spec (RFC2440/2440bis) has reserved algorithm IDs for
elliptic curve and ECDSA; but still lacks a detailed description -
and I don't know of any implementation.
I agree that ECC is not wide-spread and most implementations not
well-tested yet, but it is something "coming soon". For CAcert, I'd say
it is not something to worry about, but rather something to keep in
mind. It is nice that CAcert can handle (sign) ECC certs and there is
probably no other technical aspect to worry about now. We can think
about PGP signing when GnuPG supports it in stable releases. If we need
to talk about algorithms in a policy (do we?), then why not just copy
from, or even better simply refer to the NIST standards on what are
considered "good" algorithms and keysizes.
Johan
Attachment:
pgpam2qaPjsAq.pgp
Description: PGP signature
- [CAcert-Policy] [Fwd: Re: 307 digit number factored], Iang, 05/22/2007
- Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored], Johan van Selst, 05/22/2007
- Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored], Ian G, 05/22/2007
- Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored], Johan van Selst, 05/23/2007
- Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored], Ian G, 05/22/2007
- Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored], Philipp Gühring, 05/22/2007
- Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored], Johan van Selst, 05/23/2007
- Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored], Ian G, 05/23/2007
- Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored], Johan van Selst, 05/23/2007
- Re: [CAcert-Policy] [Fwd: Re: 307 digit number factored], Johan van Selst, 05/22/2007
Archive powered by MHonArc 2.6.16.