[Cryptography Team] ECC and/or NSA Suite B?
Ron Teitelbaum
Ron at USMedRec.com
Fri Nov 24 20:03:59 UTC 2006
This is interesting too:
http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf
Ron
> -----Original Message-----
> From: cryptography-bounces at lists.squeakfoundation.org
> [mailto:cryptography-bounces at lists.squeakfoundation.org] On Behalf Of Ron
> Teitelbaum
> Sent: Friday, November 24, 2006 2:55 PM
> To: 'Cryptography Team Development List'
> Subject: RE: Re: [Cryptography Team] ECC and/or NSA Suite B?
>
> >
> > So, advice? Should I press ahead?
>
> No, let's clarify the license first.
>
> Ron
>
> > -----Original Message-----
> > From:
> > Cerebus
> > Sent: Friday, November 24, 2006 2:43 PM
> B?
> >
> > On 11/24/06, Matthew S. Hamrick <mhamrick at cryptonomicon.net> wrote:
> >
> > > With all the discussion of FIPS 140, I had assumed that most everyone
> > > on the list is working on government contracts. Otherwise, why bother
> > > with it?
> >
> > Because it enables its use in products. Without a FIPS certificate, a
> > crypto implementation faces serious hurdles for inclusion in a product
> > (and lately DoD has been cracking down on FIPS waivers). But it's
> > hard to get people to pony up to pay for certification unless there's
> > an immediate use. Chicken, meet egg. :)
> >
> > > The NSA negotiated a blanket US Federal Government deal for
> > > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So...
> > > if you're a federal government agency, you get to use these
> > > algorithms without having to pay Certicom anything extra. So... if
> > > part of what you're hoping to do is to create an ECC implementation
> > > that can be used by a federal agency, then you can do so without fear
> > > of the Certicom lawyers. Now... the moment the implementation gets
> > > used in a commercial product, then you've got issues.
> >
> > And that's the rub. I'd love to implement something because:
> >
> > 1) I love crypto, and building an ECC implementation would teach me a
> > great deal about it;
> >
> > 2) It gives me a reason to learn Smalltalk, something I've toyed with
> > a dozen times in the past but never made progress at because I had
> > nothing concrete to work on; and
> >
> > 3) It would just be fun. I'm weird that way.
> >
> > But the last thing I want to do is run afoul of Certicom (or cause
> > others to run afoul of them).
> >
> > So, advice? Should I press ahead?
> >
> > -- Tim
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
More information about the Cryptography
mailing list