NSA Suite B Cryptography

Ian G iang at systemics.com
Fri Oct 14 11:22:31 EDT 2005 

Sidney Markowitz wrote:
> Excerpt from
> 
>>"Fact Sheet on NSA Suite B Cryptography"
>>http://www.nsa.gov/ia/industry/crypto_suite_b.cfm
> 
> 
> "NSA has determined that beyond the 1024-bit public key cryptography in
> common use today, rather than increase key sizes beyond 1024-bits, a
> switch to elliptic curve technology is warranted. In order to facilitate
> adoption of Suite B by industry, NSA has licensed the rights to 26
> patents held by Certicom Inc. covering a variety of elliptic curve
> technology. Under the license, NSA has a right to sublicense vendors
> building equipment or components in support of US national security
> interests."
> 
> Does this prevent free software interoperability with Suite B standards?
> It potentially could be used to block non-US vendors, certainly anyone
> who is in the US Government's disfavor, but it seems to me that even
> with no further intentional action by the NSA it would preclude software
> under the GPL and maybe FOSS in general in countries in which the
> patents are valid.

I didn't read it that way at all.  AFAICS,
the NSA has acquired the licences it needs
to deliver (have delivered) software to its
government customers.  As all the government
customers will need to use approved software
anyway, it will be acquired on some approved
list, and the licences will be automatically
extended.

Anyone outside the "national security" market
will need to negotiate separately with Certicom
if they need to use it.  This represents a big
subsidy to Certicom, but as they are a Canadian
company it is harder to argue against on purely
statist grounds.

Which is to say, NSA solved its problem and it
is nothing to do with FOSS.

The big question (to me perhaps) is where and
how far the Certicom patents are granted.  If
they are widely granted across the world then
the software standards won't spread as there
won't be enough of an initial free market to
make it bloom (like happened to RSA).  But if
for example they are not granted in Europe
then Europeans will get the free ride on NSA
DD and this will cause the package to become
widespread, which will create the market in
the US.  Of course predicting the future is
tough...

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list