[Cryptography Team] ECC and/or NSA Suite B?

Ron Teitelbaum Ron at USMedRec.com
Fri Nov 24 19:25:45 UTC 2006 

Forgot the link:
http://www.sun.com/emrkt/innercircle/newsletter/0304cto.html

Ron

> -----Original Message-----
> From: Ron Teitelbaum [mailto:Ron at USMedRec.com]
> Sent: Friday, November 24, 2006 2:25 PM
> To: 'Cryptography Team Development List'
> Subject: RE: [Cryptography Team] ECC and/or NSA Suite B?
> 
> I'm not sure I understand this since SUN released ECC to the public
> domain.  I'll get an opinion on it:
> 
> > -----Original Message-----
> > From: cryptography-bounces at lists.squeakfoundation.org
> > [mailto:cryptography-bounces at lists.squeakfoundation.org] On Behalf Of
> > Matthew S. Hamrick
> > Sent: Friday, November 24, 2006 2:07 PM
> > To: Cryptography Team Development List
> > Subject: Re: [Cryptography Team] ECC and/or NSA Suite B?
> >
> > Keep in mind, however, that products violate patent restrictions, not
> > implementations. Otherwise OpenSSL would not be able to include IDEA,
> > MDC2 or RC5.
> >
> > With all the discussion of FIPS 140, I had assumed that most everyone
> > on the list is working on government contracts. Otherwise, why bother
> > with it?
> >
> > The NSA negotiated a blanket US Federal Government deal for
> > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So...
> > if you're a federal government agency, you get to use these
> > algorithms without having to pay Certicom anything extra. So... if
> > part of what you're hoping to do is to create an ECC implementation
> > that can be used by a federal agency, then you can do so without fear
> > of the Certicom lawyers. Now... the moment the implementation gets
> > used in a commercial product, then you've got issues.
> >
> > On Nov 23, 2006, at 10:24 PM, Cerebus wrote:
> >
> > > Is anyone working on Suite B stuff?
> > >
> > > Rijndael is there, but it probably should be subclassed as AES proper
> > > if only to lock down the blocksize to 128 bits and the keysize to the
> > > allowed 128 & 256 bits.
> > >
> > > SHA256 is there, but it doesn't extent to cover the rest of the SHA2
> > > family (SHA384 and SHA512).  SHA384 is part of Suite B.
> > >
> > > Is anyone working on ECDSA, ECDH & ECMQV?  (Well, given that ECMQV is
> > > more heavily patent-encumbered in the US, I can understand if it's
> > > left by the wayside).
> > >
> > > If not I might take a crack at a couple of pieces.
> > >
> > > -- Tim
> > > _______________________________________________
> > > Cryptography mailing list
> > > Cryptography at lists.squeakfoundation.org
> > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> > > cryptography
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

More information about the Cryptography mailing list