[ietf-dkim] agenda item on upgrading hash algorithms?
pbaker at verisign.com
Thu Feb 23 12:32:58 PST 2006
I think that we are all aware that IP owners have a duty to their
shareholders to promote the value of their IP in the best possible
We do not need point compression for our purposes. Nor is efficiency a
critical issue. The only crucial criteria is a bit length of 1024 bits
> -----Original Message-----
> From: Douglas Otis [mailto:dotis at mail-abuse.org]
> Sent: Thursday, February 23, 2006 3:16 PM
> To: Hallam-Baker, Phillip
> Cc: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] agenda item on upgrading hash algorithms?
> On Feb 23, 2006, at 10:31 AM, Hallam-Baker, Phillip wrote:
> >> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Scott
> >> One of the points that DKIM currently has in its favor is
> that it can
> >> be implemented in all major MTAs without conflicting with the
> >> existing licensing of those programs (both proprietary and open,
> >> including GPL).
> >> I think that if DKIM were to be dependent on crypto
> technology with
> >> more restrictive licensing terms, it would represent a substantial
> >> impediment to adoption. IANAL, so I have no idea if the
> >> representations above would present a problem or not, but
> I do think
> >> that we should understand the impacts of these patents on
> the ability
> >> of DKIM to be implemented everywhere before we proceed to
> far towards
> >> a solution with additional licensing considerations.
> > The point I was making here is that we do not need CertiCom
> to do ECC.
> > Certicom have a number of patents relating to ECC, the earliest of
> > which was filed in 1997. Practical means of performing ECC were
> > published in 1985.
> ECC is attractive from a performance standpoint, but not
> without problems.
> Quote from Certicom Inc.
> The security of public-key systems rests on keeping the
> private keys secret. Recent discoveries have revealed that
> the presence of a bias in the process of generating private
> keys may leak information about the private key into the
> public key. As an example, a recent attack on a system with a
> biased key-generation process obtained information about the
> private key by examining a number of signatures. The attacks
> work against such discrete-log-based signature schemes as the
> DSA and the ECDSA. One patent protects against this attack by
> teaching methods of eliminating bias in the generation of
> private keys or per-message secrets. One such method
> comprises testing the hashed output of a random-number
> generator against preset criteria (determined by the order of
> the group underlying the cryptosystem).
> If the output fails the test, the pre-hashed value is
> modified by a deterministic amount, hashed, and retested
> until the output passes the test.
> There is a good papers at:
> Certicom's extensive portfolio of patents related to
> elliptic-curve cryptography, and the extensive IPR claims
> affecting IETF protocols using the elliptic-curve algorithms
> seems to suggest avoiding Certicom may not be that easy.
> Their royalty-free license, if granted for DKIM, does not
> seem overly problematic. Certicom also provides a developers
> kit. Is there safe elliptic-curve cryptography code
> available known to be free of any IPR restrictions?
More information about the ietf-dkim