At 1:30 PM +0200 9/1/08, Francis Dupont wrote:
>=> the situation is not the same in PKI-like system where a second
>mechanism is desirable. This role was taken by DSA but it seems nobody
>uses DSA in DNSSEC and X.509 PKIs go from DSA to EC.

This makes no sense on a number of fronts:
- The adoption of EC in PKIX-based applications is still minuscule
- You can't go "from DSA to EC" because the EC use of PKIX is for
ECDSA. (ECDH is even more minuscule, by far, than ECDSA.)

> My idea is if
>this is good for X.509 PKI there is no reason to stay far behind.

We agree on that. There are certainly markets that want EC for a
variety of reasons.

--Paul Hoffman, Director
--VPN Consortium

to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.