[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Larger DH groups?
My understanding from earlier statements from certicom (minneapolis
ietf?) was that certicom is attempting to patent certain ec acceleration
techniques, but that ec's themselves are not patentable. Your statement
seems to be that ec's in any form are either patented or patent-pending
by certicom. Is this correct?
Simon Blake-Wilson wrote:
>
> Hi Dan,
>
> Ahh ... the eternal patent question. Unfortunately the patent system doesn't
> allow the kind of black and white answer you're looking for. However I think our
> IPR statement is fairly clear that we believe we have patents and patent
> applcations covering ECC. Our advice to anyone implementing ECC is to take a
> license from Certicom :-).
>
> On the IANA issue. I believe all our numbers for ECC groups were assigned by
> IANA as specified in RFC 2409. I believe the link to the numbers on the IANA
> site is:
> http://www.isi.edu/in-notes/iana/assignments/ipsec-registry.
>
> Best regards. Simon
>
> S. Blake-Wilson
> Certicom Corp.
>
> Dan Harkins <dharkins@cips.nokia.com> on 10/05/2000 02:58:16 PM
>
> To: Simon Blake-Wilson/Certicom@Certicom
> cc: Ari Huttunen <Ari.Huttunen@F-Secure.com>, ipsec <ipsec@lists.tislabs.com>
> Subject: Re: Larger DH groups?
>
> While updating the "Additional ECC groups for IKE" draft can you unqualify
> your IP statement? Do you or do you not have patents that cover this? It
> would be nice if there was a one syllable response to the question "is a
> license from Certicom essential to implement these curves?"
>
> Also, in the AES assigned numbers thread it became obvious that certain
> vendors have been assigning numbers which are reserved to IANA to their
> own use of algorithms. I'd like to note that you are repeating this error
> in your draft and respectfully ask you to use numbers from the private use
> range for all the groups in this draft. Section 11.4 of RFC2409 describes
> the procedure necessary for you to follow to get IANA to assign number to
> you.
>
> Dan.
>
> On Thu, 05 Oct 2000 12:08:23 EDT you wrote
> >
> > Diffie-Hellman is a cubic operation, so I believe 15000-bit DH should take
> about
> > 15^3 approx=3000 times as long as 1000-bit DH, and 512-bit ECDH should take
> > about 25 times as long as 160-bit ECC. We don't have implementations of
> > 15000-bit DH but we do have 512-bit ECDH and our performance roughly follows
> the
> > estimates. (In fact we're in the process of adding 512-bit curves to our
> > "Additional ECC groups for IKE" draft so that it has complete AES support.)
> >
> > Best regards. Simon
> >
> > S. Blake-Wilson
> > Certicom Corp.
> >
> >
> >
> >
> >
> > Ari Huttunen <Ari.Huttunen@F-Secure.com> on 10/05/2000 11:02:42 AM
> >
> > To: ipsec <ipsec@lists.tislabs.com>
> > cc: (bcc: Simon Blake-Wilson/Certicom)
> > Subject: Larger DH groups?
> >
> >
> >
> >
> > Are there plans/interest in specifying larger standard DH groups, now that
> > the AES has been chosen?
> >
> > If so, what sizes would be appropriate? Tero earlier posted groups of
> > 2000-4000 bits, the draft for AES talks about 14000. Anybody know just
> > how slow would 14000 bit modulus be? (I can guess it's something between
> > extremely slow and ridiculously slow..) What about the speed of a 500 bit
> EC2N?
> >
> > Ari
> >
> > --
> > Ari Huttunen phone: +358 9 859 900
> > Senior Software Engineer fax : +358 9 8599 0452
> >
> > F-Secure Corporation http://www.F-Secure.com
> >
> > F-Secure products: Integrated Solutions for Enterprise Security
References: