Author: Mike Hearn 2014-03-21 11:33:57
Published on: 2014-03-21T11:33:57+00:00
RIM has been telling CA's that they need to pay for the Certicom ECC patents, which is why most certs are still using RSA. Some old browsers don't know how to handle ECC certificates and it wasn't so long ago that Fedora and Android were deleting ECC code from upstream libraries before shipping them due to patent reasons or disk space saving measures. However, it's possible to get ECC certs if desired. Entrust is starting to sell them, but their intermediate cert is still RSA. ECC roots for many CAs have been submitted and are now included, but the competition between giving up compatibility with lots of users versus saving a bit of CPU time and a handful of bytes means that it will be a long time until most websites are using ECC certs. Regardless, adding another feature that uses some bytes into PaymentRequests may make stuffing them into a QR code impractical, and Bluetooth may be a more sensible option.
Updated on: 2023-06-08T00:58:57.970131+00:00