Nils Larsch wrote:
Markus Friedl wrote:On Mon, Aug 04, 2003 at 04:27:08PM -0700, Douglas Stebila wrote:Is anyone looking at the use of elliptic curve cryptography in the SSH protocol? Specifically at either ECDH for key exchange or ECDSA for signatures?not for openssh, since it opens another can of stupid patent problems.
>
I don't think that patents are a problem (for ECDSA and ECDH) if only curves over GF(p), p prime, are used (see for example: http://grouper.ieee.org/groups/1363/P1363/patents.html). Using curves over GF(2**m) without some features (point compression, onb basis etc.) should be possible as well.
I was under the (possibly mistaken) impression that avoiding these patents eliminated many of the benefits of EC. (Not to mention that avoiding patents is a difficult and potentially expensive game.)
Note: Implementing ECDSA and ECDH in OpenSSH shouldn't very difficult as soon as OpenSSL 0.9.8 is released as OpenSSL 0.9.8 will support ecdsa and ecdh.
The license that the EC stuff in OpenSSL is released under contains some terms that we won't accept. In particular, the patent license:
http://research.sun.com/projects/crypto/FrequenlyAskedQuestions.htmlSo, like RSA and SRP, another interesting crypto technology is killed for ~20 years.
-d