W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2009

ECC considerations

From: Edgar, Gerald <gerald.edgar@boeing.com>
Date: Tue, 2 Jun 2009 07:42:11 -0700
Message-ID: <DC298B2E18C4C6468BA017B020D393E2091C3A24@XCH-NW-3V1.nw.nos.boeing.com>
To: "XMLSec WG Public List" <public-xmlsec@w3.org>

Given the public legal proceedings of Certicom, it has been aggressive
about their patents on ECC technology. At the NSA  there is information
that licenses for 26 patents were purchased but there are certain
constraints, including a signed "PLA" or patent license agreement ( see
http://www.nsa.gov/business/programs/quick_facts.shtml ). I am not sure
that we can use the NSA/Certicom to support 1.1 making ECC mandatory.  I
understand that there are certain IETF protocols that were granted a
license for ECC but I do not know the details.
 
Although I would like to see ECC as mandatory, a fall back position is
to make the stronger of the AES/SHA/RSA suites mandatory and the ECC
ones optional. I also think we are not going as far as is needed for
this standard without ECC being mandatory. 


Gerald Edgar, CISSP
Enterprise Architecture & Information Security
Received on Tuesday, 2 June 2009 14:43:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT