[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove SHOULD for elliptic curve groups in IKEv2

"The Purple Streak (Hilarie Orman)" <ho@alum.mit.edu> writes:
> In my previous note about published work on using elliptic curve
> groups for cryptography, I did not mean to imply that existing
> patents are invalid.  What I meant to say is that the patents do
> not cover the basic algorithms, nor do they cover all good
> implementation methods.  There is plenty of early published
> work covering the ideas.  It's not nearly as all-encompassing
> as the RSA or DH patent situation was.
Nevertheless, a lot of us find the situation very confusing,
because there seem to be a lot of patents of various sorts
flying around.

What I think would be very helpful here would be if someone
(you?) wrote a draft describing a single algorithm with:

(1) A description of its patent status (hopefully, with
    some reference to the techniques having been published
    prior to patents being filed).
(2) Some estimate of its security properties (e.g. an estimate
    of strength.)
(3) Some description of (unencumbered) implementation techniques
    along with performance numbers for those techniques,
    perhaps with comparisons to RSA.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/