Just after the AES announcement, internet.com''s ECommerce Guide began receiving offers to interview industry experts who had great things to say about AES. This week I''m pleased to offer EC Outlook readers the fruit of our efforts with interviews from Dr. William Whyte, Senior Cryptographer for Baltimore Technologies in the U.K. and Tim Dierks, Chief Technology Officer for Certicom in California.

Both Baltimore Technologies and Certicom have announced support for AES in next versions of their cryptography toolkits and wanted to share some insights into the AES selection process and what it means to modern business.

The Journey Is The Reward
"Improved cryptography and interoperable global standards that are unencumbered by licensing or restrictions on use will give today''s corporations high confidence when they adopt AES," said William Whyte. "The process for selecting AES plus its free availability makes it irresistible for corporations and software developers," he added.

Baltimore''s KeyTools and SureWare cryptosystems already incorporate AES and are expected to meet the market''s readiness in nine to 18 months, when businesses migrate to the new standard. Whyte says that following the AES path today will help to assure a head start to interoperability in the future. He sees a gradual movement to AES, mandated by banking authorities and gaining popularity on closed networks.

Tim Dierks pointed out the value of the process that NIST used in selecting the AES. "The US Government''s involvement in the closed process which led to the specification of DES fueled some paranoia in parts of the cryptographic community with thoughts of a ''back door'' in the cipher. While this paranoia has proven to be unfounded, the open process that let to the AES should lay rest to such concerns," said Dierks. "AES is important to the advance of cryptography over time and will build confidence in the use of block ciphers; alternative ciphers in use today can''t offer the same levels of standardization, confidence and speed that AES offers."

Certicom''s Security Builder toolkit that provides low-level cryptographic functions, supports AES, and Certicom intends to incorporate AES into its WTLS+ protocols for wireless phones and into SSL+ once the standards shake out.

What About Wireless?
When asked about AES'' implications for wireless systems, here''s what they had to say:

"Next generation interoperability problems are solved by AES--Triple DES is too slow on phones, plus with the incompatible implementations of cryptography on the web and in wireless systems, the next version of the Wireless Access Protocol (WAP), expected in June 2001, has the opportunity to resolve these incompatibilities," said Dr. Whyte.

"Wireless devices are computationally constrained, so by supporting AES in Certicom products we can offer enhanced implementation possibilities without performance penalties. By offering equal security through 571-bit Elliptic Curve Cryptography (ECC) and 256-bit AES for key exchanges and encryption respectively, we can gain a 500:1 performance benefit over RSA encryption," claimed Tim Dierks of Certicom.

Recommendations
Their recommendations for the e-business community when looking to adopt AES are:

"This is the first time that a popular review process has taken place since DES was first submitted in 1974, and brings to light how good cryptographic systems are vetted and approved, thus improving corporate decision making and confidence," claims Whyte. "Follow the standards now and you''ll be ready to gain the marketing boost from incorporating the latest global standards."

Dierks added, "People should look to using the lower key lengths to initially adopt AES to help deliver added confidence in electronic commerce transactions. RC2 and RC4 don''t have the blessing of the standards community, so using AES now will prepare you when the demand for strong, industry accepted cryptography appears. Trust is the real benefit!"