On Sunday, October 26, 2003, at 07:37 PM, Neil Johnson wrote:
I dunno know. It comes down to which of the following slogans you believe.
ECC: "Our algorithm is so good it has been licensed by the NSA".
or
RSA: "Our algorithm is so good that the NSA tried to prevent it's publication, had it classified as a munition and export controlled, tried to get the government to ban it in favor of a key escrow system, arrested and harassed a programmer for implementing an program using it, etc."
Depending on the orientation of your tin foil hat, either one can mean the algorithm is good or has a backdoor. Oh, the fodder for conspiracy theorists.
Other theories:
It's always in NSA's interest to make sure that the current "in vogue" crypto system require licensing even if it is a commercial license. At least it limits it's use in Open Source and Free Software.
Or my theory: Part of outsourcing. I hear yawning. But there's more to outsourcing than simplistic notions that outsourcing lets the Pentagon (and NSA, CIA, etc.) save money: -- outsourcing puts the Beltway Bandits into the loop -- outside suppliers are a place for senior NSA cryptographers and managers to go when they have maxed out their GS-17 benefits ("sheep-dipping" agents is another avenue for them to work in private industry) -- outside suppliers are less accountable to Congress, are insulated in various well-known ways This is not just something out of a Grisham thriller, with a Crystal City corporation funneling NSA money into a Cayman account...this is the Brave New World of hollowing out the official agencies and moving their functions to Halliburton, Wackenhut, TRW, TIS/NAI, and the legion of Beltway Bandit subcontractors all around D.C. (When I left the D.C. area in 1970 the practice was in full swing, and even my father went to a Bandit in Rockville when he left the U.S. Navy, doing the same job but both better paid and less accountable. And he wasn't even a spook.) Put it this way, if Dick Cheney had worked for the NSA before going into private practice for his 8 years out of government, he'd want to go to a place like Certicom. And then return to government and help mandate that his former company's products be the Official Standard. Follow the money. --Tim May