Bill Frantz says:
I agree with Ian that RSA should be left in for non-US implementors who don't
have to worry about patents. For us the concern is getting people to use the
implementation, people have heard of, and trust, RSA, people can sometimes be
persuaded to use DSA, but noone outside the crypto/security community has
ever heard of Elgamal, and it's going to be a tough job going to someone who
barely knows how to spell RSA and convincing them to use a different
algorithm they've never heard of before.
I disagree with Peter grossly here.
Somebody who trusts RSA because he understands how it works, will
trust El-Gamal for the same reason. Somebody who trusts RSA
because the vendor who he believes, told him RSA is good,
will trust El-Gamal for the same reason.
USA developers won't care after the autumn of 2000. Then people can go
back to worrying about advances in factoring as well as attacks on random
numbers.
Still, I'd prefer El-Gamal over Elliptic Curve if I can have my say.
In addition, I'd rather carry 300-bit key for ECC, that 2024-bit for
RSA... 'nuff...
--
Regards,
Uri uri(_at_)watson(_dot_)ibm(_dot_)com
-=-=-=-=-=-=-
<Disclaimer>