[cryptography] Dual EC backdoor was patented by Certicom?
tanja at hyperelliptic.org
Sun Jun 15 15:24:55 EDT 2014
On Sun, Jun 15, 2014 at 02:13:04PM +0100, ianG wrote:
> Or is this impossible to reconcile? If Certicom is patenting backdoors,
> the only plausible way I can think of this is that it intends to wield
> backdoors. Which means spying and hacking. Certicom is now engaged in
> the business of spying on ... customers? Foreign governments?
Note that the majority of the claims (and the entirety of the granted
claims in the US and JP so far; they got all parts granted in Europe)
is on escrow avoidance; i.e. on using the procedure for alternative
points from the SP800-90 appendix. I.e. if a vendor gets sufficiently
worried about the potential backdoor but doesn't want to do a completely
new implementation he will opt for other points ---> royalties.
> In contrast, I would have said that Certicom's responsibility as a
> participant in Internet security is to declare and damn an exploit, not
> bury it in a submarine patent.
I had hoped so.
More information about the cryptography