On 10/18/2013 01:29 AM, Werner Koch wrote:
On Fri, 18 Oct 2013 09:57, gmaxwell(_at_)gmail(_dot_)com said:
as it is twist secure), it would make it gratuitously incompatible all
the existing (esp fast constant time code) implementations which work
on the X coordinate alone.
Nope. First, there is no released OpenPGP implementation with ECC yet.
One could google for "pgp command line with ecc support" and see a few
hits. I clearly recall working on one product that was released.
Second, there is no incompatibiliy because it is still the same point
and actually it is faster to use because there is no need for
uncompressing. Note also that compressing is an old technique which is
is simply not used because in the Weierstrass form it is patented (till
next year).
http://tools.ietf.org/html/draft-jivsov-ecc-compact-00 is based on a
year 1986 method. You need an unambiguous definition for the DSA (not ECDH).
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp