Re: Algorithm Selections from priewe@darmstadt.gmd.de on 2000-11-29 (xml-encryption@w3.org from November 2000)

From: <priewe@darmstadt.gmd.de>
Date: Wed, 29 Nov 2000 16:56:03 +0100
To: xml-encryption@w3.org
Message-ID: <OF71ED1866.A0DA2164-ONC12569A6.0056F9F0@LocalDomain>

With similar arguments as Simon Blake I suggest
to add IDEA as an optional block encryption algorithm for the XML 
encryption spec.

There is allready a draft RFC that defines how to incorporate IDEA in CMS 
or S/MIME.
(draft-ietf-smime-idea-07.txt - "Use of the IDEA Encryption Algorithm in CMS")

Regarding patent issues follows a cite from the above RFC draft:
<cite>
C. Intellectual Property Rights Notice

   Ascom Ltd. holds the patent to IDEA. In accordance with the 
   intellectual property rights procedures of the IETF standards 
   process, Ascom offers a non-exclusive license under reasonable and 
   non-discriminatory terms and conditions.

   IDEA(TM) is protected by international copyright law and in addition
   has been patented in several countries. Because Ascom wants to make 
   this highly secure algorithm widely available, the non-commercial use
   of this algorithm is free.
</cite>

You can get a free Java implementation from www.openjce.org or
a commercial implementation e.g. from jcewww.iaik.tu-graz.ac.at .
So IDEA could easily be implemented, too.

It is a good algorithm thats even free for non-commercial usage, so I 
really would like to see it supported.

Arne Priewe

"Simon Blake-Wilson" <sblakewilson@certicom.com> wrote:
>I'd like to suggest including ECC as an option ... either ECDH key 
agreement or
>ECIES key transport. My reasons:
>
>- ECC offers favourable performance compared to RSA in constrained 
environments
>like wireless ... particularly for private key operations like 
decryption.
>- In general it seems sensible to standardize a reasonable selection of
>algorithms to mitigate against the potential that some algorithms will be
>broken.
>- ECC is now fairly widely specified ... for example in IEEE 1363, PKIX, 
WAP,
>etc. Dan Brown and I also have a reasonably stable "ECC in S/MIME" draft.
>
>Of course, there are patent issues with ECC, but I don't think this 
should be a
>reason to exclude optional ECC. Plus I think all the parties involved 
(certainly
>the party I work for) are fairly accustomed to committing to the usual
>'reasonable and non-discriminatory' terms that standards bodies' policies
>typically request.
>
>Best regards. Simon
>
>S. Blake-Wilson
>Certicom Corp.

Received on Thursday, 30 November 2000 13:37:49 UTC