At RSA Conference 2007 Industry Experts Discuss the Factors That Make ECC Ready for Prime Time in TLS


Panel representing Certicom, Microsoft, Red Hat and Sun Microsystems discuss how the Internet, mobile devices and the new TLS standard are spurring ECC's adoption

MISSISSAUGA, ON, Jan. 31 -- Certicom (TSX: CIC) today announced that its chief technology officer, Bill Lattin, will speak at the RSA Conference 2007 about the important new application of elliptic curve cryptography (ECC) in TLS. He will be joined by fellow panelists Ari Medvinsky from Microsoft Corp., Bob Lord of Red Hat, and Vipul Gupta from Sun Microsystems, who will talk about the factors that have spurred this change in an industry traditionally slow to adopt new cryptographic standards.

During the session entitled Implementing ECC/Suite-B in TLS: Lessons Learned, Challenges Ahead, scheduled for February 6 at the Moscone Center, San Francisco, they will discuss how the evolution of public-key cryptography combined with the need for secure high performance ubiquitous connectivity across all types of devices, from servers to wireless sensors, have fueled ECC adoption. In particular, they will discuss the use of ECC in TLS and share results from performance benchmarking and interoperability testing from 11 companies.

"Two years ago at the RSA Conference, the NSA announced its Suite-B specifications. Since then, my fellow panelists and I worked to apply Suite-B to the TLS protocol," said Lord, senior director of engineering at Red Hat. "We spent well over a year conducting extensive interoperability tests. The result is not only a clean RFC (4492), but also products that are interoperable before they ship. This level of vendor cooperation and customer focus will shorten the time it takes for ECC to become a mainstream technology."

"ECC/Suite-B cryptography is a core part of the security foundation in Windows Vista and is integrated across a wide range of system components, including IPSec, smartcards, secure mail (S/MIME) and TLS," said David B. Cross, director of program management for Windows Security Core at Microsoft Corp. "The collaborative effort presented at this panel underscores Microsoft's continued commitment to ensuring that these components are standards-based and interoperable with implementations from other vendors."

"Security is an industry-wide concern that affects nearly every IT company and customer. The full value of a new security technology can only be realized if that technology is deployed broadly and the deployed implementations interoperate seamlessly," said Gupta, distinguished engineer, Sun Labs.

The driving force behind ECC is the need for stronger security that can hold its strength today and for decades to come. The RSA cryptosystem cannot scale efficiently with stronger key sizes. ECC offers more security per bit than other public-key algorithms, so it doesn't compromise performance, a feature traditionally important in constrained environments such as mobile devices and chips, but now essential for infrastructure servers and routers. For years, organizations such as ANSI, IETF and NIST have been adding ECC to standards.

"2007 promises to be the tipping point for broad adoption of elliptic curve cryptography," said Lattin. "The National Security Agency has specified ECC for protecting both sensitive but unclassified as well as classified U.S. Government information under its Suite-B initiative. The private sector is also beginning to use ECC, as Suite B has redefined what is considered industry best practice for cryptographic implementations."

About Certicom

Certicom protects the value of your content, applications and devices with government-approved security. Adopted by the National Security Agency (NSA) for classified and sensitive but unclassified government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the undisputed leader in ECC, Certicom security offerings are currently licensed to more than 300 customers including General Dynamics, Motorola, Oracle, Research In Motion and Unisys. Founded in 1985, Certicom's corporate offices are in Mississauga, ON, Canada with worldwide sales and marketing headquarters in Reston, VA and offices in the US, Canada and Europe. Visit www.certicom.com

Source: Certicom Corp.

CONTACT: Lisa Courtney Lloyd Jolita Communications (613) 271-7512 lcourtneylloyd@jolita.ca

All Topics