[Cryptography Team] ECC and/or NSA Suite B?
Ron Teitelbaum
Ron at USMedRec.com
Fri Nov 24 19:55:02 UTC 2006
>
> So, advice? Should I press ahead?
No, let's clarify the license first.
Ron
> -----Original Message-----
> From:
> Cerebus
> Sent: Friday, November 24, 2006 2:43 PM
B?
>
> On 11/24/06, Matthew S. Hamrick <mhamrick at cryptonomicon.net> wrote:
>
> > With all the discussion of FIPS 140, I had assumed that most everyone
> > on the list is working on government contracts. Otherwise, why bother
> > with it?
>
> Because it enables its use in products. Without a FIPS certificate, a
> crypto implementation faces serious hurdles for inclusion in a product
> (and lately DoD has been cracking down on FIPS waivers). But it's
> hard to get people to pony up to pay for certification unless there's
> an immediate use. Chicken, meet egg. :)
>
> > The NSA negotiated a blanket US Federal Government deal for
> > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So...
> > if you're a federal government agency, you get to use these
> > algorithms without having to pay Certicom anything extra. So... if
> > part of what you're hoping to do is to create an ECC implementation
> > that can be used by a federal agency, then you can do so without fear
> > of the Certicom lawyers. Now... the moment the implementation gets
> > used in a commercial product, then you've got issues.
>
> And that's the rub. I'd love to implement something because:
>
> 1) I love crypto, and building an ECC implementation would teach me a
> great deal about it;
>
> 2) It gives me a reason to learn Smalltalk, something I've toyed with
> a dozen times in the past but never made progress at because I had
> nothing concrete to work on; and
>
> 3) It would just be fun. I'm weird that way.
>
> But the last thing I want to do is run afoul of Certicom (or cause
> others to run afoul of them).
>
> So, advice? Should I press ahead?
>
> -- Tim
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
More information about the Cryptography
mailing list