[Top] [All Lists]

Re: ECC in OpenPGP proposal

2008-02-22 23:34:21

Hello Ian,

I appreciate your pragmatism regarding algorithm agility. There are two practical issues we need to worry about: steady increase in processing power and the difference in processing power on various hardware.

A proposal with single ciphersuite cannot remain adequate indefinitely. We need ability to roll forward the strength of public key crypto as yesterday's strength declines over time.

We have impressive breadth of hardware that supports ECC today: from servers to smartcards. These devices demand some breadth of choices for ECC curves: servers might want the ultimate crypto strength, while smartcards are usually trying to meet set manufacturing cost at OK performance.

The document we discuss has three "ciphersuites" with two of them as MUST. As I said, I am OK with making only one MUST. I am inclined toward weaker one, since it has to be the lowest common denominator.