18

Background

I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site.

Does Certicom have intellectual property rights that prevent other issuers from offering EC certificates? Does a widely-used browser fail to support ECC? Is ECC a bad fit for traditional PKI use like web server authentication? Or is there just no demand for it?

I'm interested in switching to elliptic curve because of the NSA Suite B recommendation. But it doesn't seem practical for many applications.

Bounty Criteria

To claim the bounty, an answer must provide a link to a page or pages at a well-known CA's website that describes the ECC certificate options they offer, prices, and how to purchase one. In this context, "well-known" means that the proper root certificate must be included by default in Firefox 3.5 and IE 8. If multiple qualifying answers are provided (one can hope!), the one with the cheapest certificate from a ubiquitous CA will win the bounty. If that doesn't eliminate any ties (still hoping!), I'll have to choose an answer at my discretion.

Remember, someone always claims at least half of the bounty, so please give it a shot even if you don't have all the answers.

erickson
  • 291

5 Answers5

6

As a quick update, today Cloudflare deployed a new certificate for its blog signed by Comodo and using ECC...I guess ECC's for the general public are coming soon.

https://blog.cloudflare.com/

And Verisign (now Symantec) offers ECC in its Secure Site Pro line of certs

Albert Casademont
  • 186
6

I wanted to dig a little deeper into this, so I contacted the folks at Comodo who are responsible for their ECC CA. After a bit of back and forth, they told me that Comodo have been advised that they need a license from Certicom/RIM before they can issue ECC certs, and that they are currently in licensing discussions with them. They didn't give an ETA for having those discussions finalized, so who knows when you can actually buy a cert.

paulr
  • 2,093
5

Found this link at entrust that I found useful. http://www.entrust.net/ecc-certs/index.htm

Basically, NSA Suite B is not trusted globally (at the root level) and no CA currently (as of Oct 2012) offer SSL certificates that meet the standard. You can sign your own certificate but modern browsers will display a very discouraging warning to users. Typically NSA Suite B certificates are integrated into applications that connect directly to secure servers. Keep in mind there is a lak of support in the browsers for ECC. ECC is part of TLS 1.1 which is only supported in Chrome v22+ by default [ http://en.wikipedia.org/wiki/Transport_Layer_Security#Browser_implementations ]

will Farrell
  • 151
5

They are issued now by Comodo as part of their PositiveSSL offering. I can't say they're advertising it too well, but living proof by math exists:

-----BEGIN CERTIFICATE-----
MIID0DCCA3WgAwIBAgIQTOFIoMgcOpPD5P72Ag+HhTAKBggqhkjOPQQDAjCBkDEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMT
LUNPTU9ETyBFQ0MgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAe
Fw0xNDA2MTMwMDAwMDBaFw0xNTA2MTMyMzU5NTlaMFYxITAfBgNVBAsTGERvbWFp
biBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxGzAZBgNV
BAMTEnN3ZWV0dGhpbmdiaGFtLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BBkPJg217SKOh9qK1s4TVKI+fjT+6GQZH+HxS1cmr58G2HRFIkh/pkPjlgOdYPEr
KFwpA3d55XQB9IGXQuBdhU2jggHoMIIB5DAfBgNVHSMEGDAWgBS7+gjgv1TuWv0W
pDUCCamkyOz9SzAdBgNVHQ4EFgQUs78vzYsx4z/l3ScGLz7cZPJrV5kwDgYDVR0P
AQH/BAQDAgWAMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMFAGA1UdIARJMEcwOwYMKwYBBAGyMQECAQMEMCswKQYIKwYBBQUHAgEW
HWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMAgGBmeBDAECATBUBgNVHR8E
TTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9FQ0NEb21h
aW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcw
TwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET0VDQ0Rv
bWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0
dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA1BgNVHREELjAsghJzd2VldHRoaW5nYmhh
bS5jb22CFnd3dy5zd2VldHRoaW5nYmhhbS5jb20wCgYIKoZIzj0EAwIDSQAwRgIh
AJiXW3RVr/VrvRa3LwRjLYTKKTdFOMXsc/4ySeci/9tgAiEA7IDbRVOLxQ8cPEGs
rsp6KCSt/Dzu+H6n7DsgC2xxkHw=
-----END CERTIFICATE-----
StackExchange User
  • 246
3

I dont believe Certicom are preventing use of eliptical curve the MS2008 Certificate Authority offers Suite B. Im sure therefore the latest version of windows clients in 7 support its use. I'm going to go and have a look, it will be the MS cryptographic subsytem that would need to support it (CryptoAPI) and this has a plugin CSP architecture which would allow it to support it quite easily.

The following is taken from the entrust documentation on the topic:-

All the major CA software products support ECDSA, both for certificate and CRL signing and for end-user public keys. So, for applications that only require authentication and digital signatures, it should not be difficult to source a suitable CA product. The slower pace of standardization for ECC-based key agreement adds some uncertainty for applications that also require encryption. However, the major CA software suppliers all have advanced plans to support ECDH keys in end- user certificates. So, planning in this area carries only minor risk. Implementation, on the other hand, must await realization of these plans in shipping products

ECC requires less computational power than RSA and is therefore useful for embedded systems such as smartcards and for devices with less powerful processors such as wireless routers. It could be useful for web servers as it would require less processing by the web server to support TLS key exchange operations with obvious benefits for supporting high amounts of secure traffic. I think these factors will drive demand and also there will be high demand from the Government sector, around the world, which pay close attention NIST. This will also help push the technology as vendors seek to sell into this sector.

Mark Sutton
http://www.blacktipconsulting.com

Mark Sutton
  • 626