[Federal Register Volume 62, Number 92 (Tuesday, May 13, 1997)]
[Notices]
[Pages 26293-26294]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-12341]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology
[Docket No. 960924273-6273-01]
RIN 0693-2A11


Announcing Plans to Revise Federal Information Processing 
Standard 186, Digital Signature Standard

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice; request for comments.

-----------------------------------------------------------------------

SUMMARY: NIST is planning to develop a proposed revision to Federal 
Information Processing Standard 186, Digital Signature Standard. This 
revision would specify additional public-key based digital signature 
algorithms (in addition to the Digital Signature Algorithm [DSA]) for 
use in designing and implementing public-key based signature systems 
which Federal departments and agencies operate or which are operated 
for them under contract. The purpose of the revision will be to enable 
Federal departments and agencies greater flexibility, consistent with 
sound security practices, in the design, implementation, and use of 
public-key based digital signature systems.

DATES: Comments should be received on or before August 11, 1997.

ADDRESSES: Written comments should be sent to: Director, Information 
Technology Laboratory, ATTN: Planned Revision to FIPS 186, Technology 
Building, Room A231, National Institute of Standards and Technology, 
Gaithersburg, MD 20899.
    Electronic comments should be sent to: [email protected]
    Comments are particularly sought with respect to the RSA and 
elliptic curve techniques. In addition, parties believing their patents 
or other intellectual property pertain to either of these techniques 
are asked to comment and provide specifics of the nature of their 
claims.
    Comments received in response to this notice will be made part of 
the public record and will be made available for inspection and copying 
in the Central Reference and Records Inspection Facility, Room 6020, 
Herbert C. Hoover Building, 14th Street between Pennsylvania and 
Constitution Avenues, NW., Washington, DC 20230.

FOR FURTHER INFORMATION CONTACT:
Edward Roback, Computer Security Division, National Institute of 
Standards and Technology, Gaithersburg, MD 20899, telephone (301) 975-
3696. The current FIPS 186 and change notice is available at http://
csrc.nist.gov/fips/fips186.txt. Interested parties may obtain copies of 
the current FIPS 186 and change notice from the National Technical 
Information Service, U.S. Department of Commerce, Springfield, VA 
22161, telephone (703) 487-4650, e-mail [email protected].

SUPPLEMENTARY INFORMATION: NIST is planning to develop a proposed 
revision to Federal Information Processing Standard 186, Digital 
Signature Standard, to specify additional public-key based digital 
signature algorithms (in addition to the Digital Signature Algorithm 
[DSA]) for incorporation into FIPS 186. These algorithms could then be 
used in designing and implementing public-key based signature systems 
which Federal departments and agencies operate or which are operated 
for them under contract. The purpose of the revision will be to enable 
Federal departments and agencies greater flexibility, consistent with 
sound security practices, in the design, implementation, and use of 
public-key based signature systems.
    Other algorithms approved for inclusion shall be either: (1) Freely 
available or (2) available under terms consistent with the American 
National Standards Institute (ANSI) patent policy.
    The Administration policy is that cryptographic keys used by 
Federal agencies for encryption (i.e., to protect the confidentiality 
of information) shall be recoverable through an agency or third-party 
process and that keys used for digital signature (i.e., for integrity 
and authentication of information) shall not be recoverable. Agencies 
must be able to ensure that signature keys cannot be used for 
encryption. Any algorithms proposed for digital signature must be able 
to be implemented such that they do not support encryption unless keys 
used for encryption are distinct from those used for signature and are 
recoverable.
    The distinction between signature and encryption keys will be 
facilitated in the public key infrastructure by using X.509v3 public 
key certificates.
    NIST solicits comments from interested parties, including industry, 
voluntary standards organizations, the public, and State and local 
governments concerning developing such a proposed revision, and 
concerning the availability, security, and adequacy of existing 
industry standards, de facto or otherwise, for public key-based digital 
signature systems.
    This work is pursuant to NIST's responsibilities under the Computer 
Security Act of 1987, the Information

[[Page 26294]]

Technology Management Reform Act of 1996, OMB Circular A-130, and 
Executive Order 13011.

    Dated: May 6, 1997.
Elaine Bunten-Mines,
Director, Program Office.
[FR Doc. 97-12341 Filed 5-12-97; 8:45 am]
BILLING CODE 3510-CN-M