Any organization should be able to choose between certificates that provide protection based on the algorithm that suits their environment: RSA, ECC, or DSA. This agility allows business owners to provide a broader array of encryption options for different circumstances, infrastructure, and customer or partner groups.
The design of Transport Layer Security (TLS – formerly Secure Sockets Layer or SSL) allows different algorithms to work either alone or side by side. With algorithmic agility, organizations can choose the public key algorithm, or combination of algorithms, that work best for their online presence and infrastructure. Security While key lengths for current encryption methods using RSA increase exponentially as security levels increase, ECC key lengths increase linearly. For example, 128-bit security requires a 3,072-bit RSA key, but only a 256-bit ECC key.
Increasing to 256-bit security requires a 15,360- bit RSA key, but only a 512-bit ECC key3 . The previously mentioned NIST guidelines stay abreast with the need for increasing security. With such a favorable security per bit ratio, it is anticipated that ECC will be the focus of planning for IT and their supplemental Security systems.