Werner Koch wk at
Mon Oct 31 11:09:48 CET 2005

On Mon, 31 Oct 2005 00:51:50 +0100, Christoph Anton Mitterer said:

> I know that, of course, but I think that perhaps we'll have no ECC the 
> next 10 years or so,.. if noone makes the step,...

There is no reason for ECC.  Even chip cards are getting powerful
enough not to need ECC for cost reasons.  There is also the problem
with US patents on many curves and essential implementation details.

OTOH, there seems to be a move in the NSIS to go for ECC for longer
DSA key sizes; this is due to decision on the new DSA key sizes.  So
there might be a change in some time.

> btw: If GnuPG would implement ECC and add it unofficially to OpenPGP it 
> could be done in such a way, that it is compatible with the ideas and 

Standards are a Good Thing and it is the politic of the GNU project
to comply with reasonable standards as long as there are no technical
reasons to to some thin else.  Proliferation of algorithms is actual a
Bad Thing.  We have seen that in the past: It hinders compatibility
because not all implementations will go for a certain optional feature
of a standard.

OpenPGP is a good standard and we don't want to play evil by adding
something outside of the standard.  If the WG agrees on adding certain
EC based algorithms we will support it.  There is no rush for it and
all tries in the past to add ECC have not been agreed upon.

> As you can see, lots of todays standards startet as one-man-application, 
> e.g. OpenPGP (from PGP/RSA Inc.), JavaScript->ECMAScript (from 

OpenPGP has nothing to do with RSA Inc.  Try asking Phil about RSA
Inc. and you will soon see why.  The OpenPGP WG has been founded out
of an initiative by Phil Zimmermann and Jon Callas at the 1997 Munich
IETF with the aim to keep PGP alive even if their new company would

> And in my opinion,... the algorithm/system of ECC is fixed,... of course 
> each standard may define things like headers or other small details 

No it is not.  There a many things one need to agree upon.  However
there are some EC based algorithms which have a lot of support.

> So if GnuPG would (pseudo-officially) implement that now,.. it could be 
> the first compliant application later :-)

No, we will however add some ECC support into Libgcrypt as time



More information about the Gnupg-users mailing list