Vin McLellan wrote:
| >with ECC than with RSA in 5 years. And, if as you say, winner
| >takes all in PKI, that would seem to say that ECC will eventually
| >be able to displace RSA on the desktop.
(I don't buy the winner take all approach to PKI. There need to be
gateways between pagers and email and the web; its perfectly feasable
that we'll see ECC pagers, DH/DSS mail, and RSA web certificates all
co-deployed. The programmers are different, the language is different
(in the case of pagers), etc. I also don't buy much of the global PKI
expectations that seem to be floating about; I'll post more on that
| EC is a elegant technology and Certicom is a neat company with a
| lot of talented people. The Motorola pager deal is certainly not the last
| Several of the industry's leading cryptographers -- e.g., Arjen
| Lenstra of Citibank, Taher ElGamal of Netscape, and Michael Wiener of
| Entrust -- have lately echoed the (perhaps less disinterested;-) warnings
| of Ron Rivest, Len Adleman, and Claus Schnoor that EC cryptosystems, while
| potentially very interesting, is not yet quite ready for prime time.
While I personally agree with the RSA camp, that ECC are only
ready for prime time where RSA can't go for performance and memory,
there are a *LOT* of very talented cryptographers at Certicom. Moti
Young, Don Beaver, Neal Koblitz, and plenty of other really first rate
people have joined the company. I can't believe these folks didn't
think long and hard about the system.
| (Dr. Weiner's comments may also explain why RSA-based S/MIME was so
| rapidly and widely adopted by the leading e-mail vendors -- while the
| IETF's security cadre dithers about, bitching about the illegitimacy of
| patents on crypto systems, and trying to score points for D-H based PGP.)
RSA's S/MIME gets into products becuase theres a toolkit for
it. Now that the PGP SDK is shipping as well, expect to see lots more
PGP based tools. There are a lot more deployed users of PGP than
users of S/MIME, based on PGP keys on business cards, web pages,
The issue that the IETF is waiting on is RSA's refusal to
state that standard pricing for use of the RSA patent in S/MIME
applications will be made available, as well as change control being
ceded to the IETF. Claiming that the IETF 'dithers' is pure crapola
taken from a press release. The IETF has a clear process; RSA knows
what it is, and is playing games rather than addressing the issues.
The IETF process is not always easy to follow, but it does tend to
produce useful standards better than anyone elses' process.
If the IETF took the RSA proposal as it stands, the IETF would
be rubber stamping a standard from RSA, compelling people who want to
comply with the standard to negotiate a deal with RSA. If RSA makes
the terms open and clear to all comers, then that may be possible.
As it stands, all IETF acceptance of RSA's proposal would mean is that
RSA can call S/MIME 'standards compliant,' which is clearly important
to them. But given their apparent lack of willingness to pay the
price of those standards, they're not advancing.
"It is seldom that liberty of any kind is lost all at once."