[ietf-dkim] agenda item on upgrading hash algorithms?

Hallam-Baker, Phillip pbaker at verisign.com
Thu Feb 23 12:32:58 PST 2006 

I think that we are all aware that IP owners have a duty to their
shareholders to promote the value of their IP in the best possible
light.

We do not need point compression for our purposes. Nor is efficiency a
critical issue. The only crucial criteria is a bit length of 1024 bits
or less.

> -----Original Message-----
> From: Douglas Otis [mailto:dotis at mail-abuse.org] 
> Sent: Thursday, February 23, 2006 3:16 PM
> To: Hallam-Baker, Phillip
> Cc: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] agenda item on upgrading hash algorithms?
> 
> 
> On Feb 23, 2006, at 10:31 AM, Hallam-Baker, Phillip wrote:
> >> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Scott 
> Kitterman
> >>
> >> One of the points that DKIM currently has in its favor is 
> that it can 
> >> be implemented in all major MTAs without conflicting with the 
> >> existing licensing of those programs (both proprietary and open, 
> >> including GPL).
> >>
> >> I think that if DKIM were to be dependent on crypto 
> technology with 
> >> more restrictive licensing terms, it would represent a substantial 
> >> impediment to adoption.  IANAL, so I have no idea if the 
> >> representations above would present a problem or not, but 
> I do think 
> >> that we should understand the impacts of these patents on 
> the ability 
> >> of DKIM to be implemented everywhere before we proceed to 
> far towards 
> >> a solution with additional licensing considerations.
> >
> > The point I was making here is that we do not need CertiCom 
> to do ECC.
> >
> > Certicom have a number of patents relating to ECC, the earliest of 
> > which was filed in 1997. Practical means of performing ECC were 
> > published in 1985.
> 
> ECC is attractive from a performance standpoint, but not 
> without problems.
> 
> Quote from Certicom Inc.
> http://www.certicom.com/index.php?action=ip,keygen
> ---
> The security of public-key systems rests on keeping the 
> private keys secret. Recent discoveries have revealed that 
> the presence of a bias in the process of generating private 
> keys may leak information about the private key into the 
> public key. As an example, a recent attack on a system with a 
> biased key-generation process obtained information about the 
> private key by examining a number of signatures.  The attacks 
> work against such discrete-log-based signature schemes as the 
> DSA and the ECDSA. One patent protects against this attack by 
> teaching methods of eliminating bias in the generation of 
> private keys or per-message secrets. One such method 
> comprises testing the hashed output of a random-number 
> generator against preset criteria (determined by the order of 
> the group underlying the cryptosystem).  
> If the output fails the test, the pre-hashed value is 
> modified by a deterministic amount, hashed, and retested 
> until the output passes the test.
> ---
> 
> There is a good papers at:
> http://www.secg.org/?action=secg,docs_draft
> 
> Certicom's extensive portfolio of patents related to 
> elliptic-curve cryptography, and the extensive IPR claims 
> affecting IETF protocols using the elliptic-curve algorithms 
> seems to suggest avoiding Certicom may not be that easy.  
> Their royalty-free license, if granted for DKIM, does not 
> seem overly problematic.  Certicom also provides a developers 
> kit.  Is there safe elliptic-curve cryptography code 
> available known to be free of any IPR restrictions?
> 
> -Doug
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>

More information about the ietf-dkim mailing list