David Howe writes:

I doubt the NSA need, trust or want anyone else's actual software for EC

Nonetheless, it's an indication that they don't think RSA has much of a future. So now they have a public key cryptosystem with smaller key lengths, and a more obtuse one-way function that can't be understood by Joe Schmo. We shall see what this portends. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law"

On Sunday, October 26, 2003, at 07:37 PM, Neil Johnson wrote:

I dunno know. It comes down to which of the following slogans you believe.

ECC: "Our algorithm is so good it has been licensed by the NSA".

or

RSA: "Our algorithm is so good that the NSA tried to prevent it's publication, had it classified as a munition and export controlled, tried to get the government to ban it in favor of a key escrow system, arrested and harassed a programmer for implementing an program using it, etc."

Depending on the orientation of your tin foil hat, either one can mean the algorithm is good or has a backdoor. Oh, the fodder for conspiracy theorists.

Other theories:

It's always in NSA's interest to make sure that the current "in vogue" crypto system require licensing even if it is a commercial license. At least it limits it's use in Open Source and Free Software.

Or my theory: Part of outsourcing. I hear yawning. But there's more to outsourcing than simplistic notions that outsourcing lets the Pentagon (and NSA, CIA, etc.) save money: -- outsourcing puts the Beltway Bandits into the loop -- outside suppliers are a place for senior NSA cryptographers and managers to go when they have maxed out their GS-17 benefits ("sheep-dipping" agents is another avenue for them to work in private industry) -- outside suppliers are less accountable to Congress, are insulated in various well-known ways This is not just something out of a Grisham thriller, with a Crystal City corporation funneling NSA money into a Cayman account...this is the Brave New World of hollowing out the official agencies and moving their functions to Halliburton, Wackenhut, TRW, TIS/NAI, and the legion of Beltway Bandit subcontractors all around D.C. (When I left the D.C. area in 1970 the practice was in full swing, and even my father went to a Bandit in Rockville when he left the U.S. Navy, doing the same job but both better paid and less accountable. And he wasn't even a spook.) Put it this way, if Dick Cheney had worked for the NSA before going into private practice for his 8 years out of government, he'd want to go to a place like Certicom. And then return to government and help mandate that his former company's products be the Official Standard. Follow the money. --Tim May

Eric Cordian wrote:

Nonetheless, it's an indication that they don't think RSA has much of a future. Not really - they could simply be covering all bases (supporting RSA, DH and EC, knowing if DH is broken then almost certainly so is RSA (and vice versa) leaving only EC to fill the gap) The smaller keysizes can't hurt either.

On Sun, 26 Oct 2003 22:01:50 -0600 (CST) "J.A. Terranson" <measl@mfn.org> wrote:

Am I the only one here who finds this "requirement" excessive? My god: are we looking to keep these secrets for 50 years, or 50000 (or more) years?

Or am I missing something?

-- Yours, J.A. Terranson sysadmin@mfn.org

"Every living thing dies alone." Donnie Darko

50 years does sound like a reasonable figure for computing power and the ability to brute force a crack on anything encrypted. If one is lucky the actual time limit will be around 500 years , but with computing power increasing , its possible that what ever was encrypted 10 years ago , is now in danger of being cracked. And for some things ,there is no statute of limitations. Declan O'Reilly