WYTM?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Oct 19 02:47:56 EDT 2003 

Ian Grigg <iang at systemics.com> writes:

>So, in reality, the spec does not specify, even if it uses the words?  OK, so
>there is no surprise if there is no takeup.  

Actually I think the main reason was that there's virtually no interest in this.

>What was the motive for adding lip service into the document?

So that it's possible to claim PGP and X.509 support if anyone's interested in
it.  It's (I guess) something driven mostly by marketing so you can answer
"Yes" to any question of "Do you support <x>".  You can find quite a number of
these things present in various security specs, it's not just an SSH thing.

To give an example from the home court (and avoid picking on other people's
designs :-), I've been advertising ECC support in my code for years.  After
three years of the code being present and a total of zero requests for its
use, I removed it because it was a pain to maintain (I also changed the text
at that point to say that it was optional/available on request).  It's now
been another three years and I'm still waiting for someone to say they
actually want to use it.  There has been the odd inquiry about potential
availability where I was able to say that it's available as an option, at that
point the user can fill in the appropriate checkbox in the RFP and forget
about it.

(Just to add a note here before people leap in with "But XYZ uses ECC
 crypto!", it's only really used in vertical-market apps.  To use it in
 general you need to know how to get it into a cert (data formats, parameters,
 and so on), find a CA to issue you the cert, figure out how to use it with
 SSL or PGP or whatever, find some other implementation that agrees with what
 your implementation is doing, etc etc etc.  This is why there's so little
 interest, not because of some conspiracy to supress ECCs.  For a more general
 discussion of this problem, see "Final Thoughts" in the Crypto Gardening
 Guide).

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list