Re: ECC in OpenPGP proposal
I appreciate your pragmatism regarding algorithm agility. There are two
practical issues we need to worry about: steady increase in processing
power and the difference in processing power on various hardware.
A proposal with single ciphersuite cannot remain adequate indefinitely.
We need ability to roll forward the strength of public key crypto as
yesterday's strength declines over time.
We have impressive breadth of hardware that supports ECC today: from
servers to smartcards. These devices demand some breadth of choices for
ECC curves: servers might want the ultimate crypto strength, while
smartcards are usually trying to meet set manufacturing cost at OK
The document we discuss has three "ciphersuites" with two of them as
MUST. As I said, I am OK with making only one MUST. I am inclined toward
weaker one, since it has to be the lowest common denominator.