[Cryptography Team] ECC and/or NSA Suite B?

Matthew S. Hamrick mhamrick at cryptonomicon.net
Fri Nov 24 20:09:00 UTC 2006 

Great. Do you have a link that talks about what Sun released to the  
public domain?

On Nov 24, 2006, at 11:25 AM, Ron Teitelbaum wrote:

> Forgot the link:
> http://www.sun.com/emrkt/innercircle/newsletter/0304cto.html
>
> Ron
>
>> -----Original Message-----
>> From: Ron Teitelbaum [mailto:Ron at USMedRec.com]
>> Sent: Friday, November 24, 2006 2:25 PM
>> To: 'Cryptography Team Development List'
>> Subject: RE: [Cryptography Team] ECC and/or NSA Suite B?
>>
>> I'm not sure I understand this since SUN released ECC to the public
>> domain.  I'll get an opinion on it:
>>
>>> -----Original Message-----
>>> From: cryptography-bounces at lists.squeakfoundation.org
>>> [mailto:cryptography-bounces at lists.squeakfoundation.org] On  
>>> Behalf Of
>>> Matthew S. Hamrick
>>> Sent: Friday, November 24, 2006 2:07 PM
>>> To: Cryptography Team Development List
>>> Subject: Re: [Cryptography Team] ECC and/or NSA Suite B?
>>>
>>> Keep in mind, however, that products violate patent restrictions,  
>>> not
>>> implementations. Otherwise OpenSSL would not be able to include  
>>> IDEA,
>>> MDC2 or RC5.
>>>
>>> With all the discussion of FIPS 140, I had assumed that most  
>>> everyone
>>> on the list is working on government contracts. Otherwise, why  
>>> bother
>>> with it?
>>>
>>> The NSA negotiated a blanket US Federal Government deal for
>>> Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So...
>>> if you're a federal government agency, you get to use these
>>> algorithms without having to pay Certicom anything extra. So... if
>>> part of what you're hoping to do is to create an ECC implementation
>>> that can be used by a federal agency, then you can do so without  
>>> fear
>>> of the Certicom lawyers. Now... the moment the implementation gets
>>> used in a commercial product, then you've got issues.
>>>
>>> On Nov 23, 2006, at 10:24 PM, Cerebus wrote:
>>>
>>>> Is anyone working on Suite B stuff?
>>>>
>>>> Rijndael is there, but it probably should be subclassed as AES  
>>>> proper
>>>> if only to lock down the blocksize to 128 bits and the keysize  
>>>> to the
>>>> allowed 128 & 256 bits.
>>>>
>>>> SHA256 is there, but it doesn't extent to cover the rest of the  
>>>> SHA2
>>>> family (SHA384 and SHA512).  SHA384 is part of Suite B.
>>>>
>>>> Is anyone working on ECDSA, ECDH & ECMQV?  (Well, given that  
>>>> ECMQV is
>>>> more heavily patent-encumbered in the US, I can understand if it's
>>>> left by the wayside).
>>>>
>>>> If not I might take a crack at a couple of pieces.
>>>>
>>>> -- Tim
>>>> _______________________________________________
>>>> Cryptography mailing list
>>>> Cryptography at lists.squeakfoundation.org
>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>>>> cryptography
>>>
>>> _______________________________________________
>>> Cryptography mailing list
>>> Cryptography at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>>> cryptography
>
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

More information about the Cryptography mailing list