On Tue, 30 Jun 1998, Paul Lambert wrote:
So I doubt that open-pgp will be able to include ECC.
If open-pgp contains RSA why can't it contain ECC?
ECC is an option in open-pgp and not mandatory. It is a very useful option
now you can see why people like me MAY get confused ;).
MAY requires specific definition. We don't have that. EC will require
parameters (MPIs in a specific order and any other parameters needed).
Until this is completed, it can't be a MAY (but the algorithm ID will stay
in but marked "reserved").
The problem is that if I go ahead and do something with ECC (I already
aborted something based on the EC in Peter Gutmann's Cryptlib, and
another one I saw elsewhere), someone else may store the parameters in a
different order or use a different variant that uses parameters with
different definitions.
In reviewing the specification, it does appear that some additional details
would be useful to better define ECC in open-pgp. I will try to get some
of our cryptographers to submit some algorithm and parameter related text.
I might be able to start there - DH and even DSA were simple enough to do
from reading Applied Cryptography.
If you can get some sample code or information to me so that I can create
an implementation (my opgp library is sort of an unofficial reference
implementation), I will put it in and copy any license terms, but I will
need URLs or pointers or the source to include somewhere. I haven't read
up on elliptic curves so application notes would be more helpful than a
mathematical treatise.
We are at final call, so I don't know if it would make it (if it is
undefined, or I can't be sure I implemented it right, it will move from
MAY to reserved-for).
(It sounds like your terms are similar to RSAref or IDEA).
--- reply to tzeruch - at - ceddec - dot - com ---