[Federal Register Volume 66, Number 133 (Wednesday, July 11, 2001)]
[Notices]
[Pages 36254-36255]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-17297]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No. 981028268-1130-04]
RIN 0693-ZA23


Announcing Proposed Changes to Federal Information Processing 
Standard (FIPS) 186-2, Digital Signature Standard (DSS), and Request 
for Comments

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Request for comments.

-----------------------------------------------------------------------

SUMMARY: The Secretary of Commerce approved FIPS 186-2, Digital 
Signature Standard, in January 2000. NIST proposes two minor changes to 
this standard to enable federal agencies to make a smooth transition to 
the

[[Page 36255]]

acquisition of equipment implementing the algorithms specified in the 
standard. These adjustments do not change the technical cryptographic 
signature algorithm specifications.
    Before recommending these minor changes to FIPS 186-2 to the 
Secretary of Commerce for approval, NIST invites review and comments by 
the public, private sector, and government organizations.

DATES: Comments on these proposed changes to FIPS 186-2, Digital 
Signature Standard, must be received on or before August 10, 2001.

SPECIFICATIONS: FIPS 186-2, Digital Signature Standard, is available 
through the NIST Computer Security Resource Center web page: http://csrc.nist.gov/publications/fips/index.html. Text for the proposed 
changes is available at http://csrc.nist.gov/publications/drafts.html.

ADDRESSES: Comments on the proposed changes to FIPS 186-2 may be sent 
either electronically to FIPS [email protected] or by regular mail to: 
Chief, Computer Security Division, Information Technology Laboratory, 
ATTN: Comments on Changes to FIPS 186-2 Digital Signature Standard, 100 
Bureau Drive, Stop 8930, National Institute of Standards and 
Technology, Gaithersburg, MD 20899-8930.

FOR FURTHER INFORMATION CONTACT: Ms. Elaine Barker, (301) 975-2911, 
National Institute of Standards and Technology, 100 Bureau Drive, STOP 
8930, Gaithersburg, MD 20899-8930.

SUPPLEMENTARY INFORMATION: In January 2000, the Secretary of Commerce 
approved FIPS 186-2, Digital Signature Standard (DSS). The standard 
adopts three techniques for the generation and verification of digital 
signatures. These are the Digital Signature Algorithm (DSA) and two 
techniques specified in industry standards (ANSI X9.31-1998, Digital 
Signatures Using Reversible Public Key Cryptography for the Financial 
Services Industry and ANSI 9.62, 1998 Public Key Cryptography for the 
Financial Services Industry: Elliptical Curve Digital Signature 
Algorithm). When the standard was approved, it provided for a 
transition period from July 2000 to July 2001 to enable federal 
agencies to continue to use their existing digital signature systems 
and to acquire additional equipment that might be needed to 
interoperate with these legacy digital signature systems. Several 
agencies have notified NIST that commercial equipment implementing 
another data formatting approach (as input to a signature algorithm) 
are more readily available and that the original implementation 
schedule should be extended.
    Therefore, NIST is proposing that the Implementation Schedule of 
FIPS 186-2 be modified to extend the transition period for the 
acquisition of equipment implementing FIPS 186-2 from July 2001 to 
December 2002. This will enable agencies to continue to acquire 
commercial products based on a private sector data formatting approach 
PKCS #1, which does not interoperate with the data formatting approach 
specified in FIPS 186-2. NIST believes that using the PKCS #1 is robust 
and sufficiently strong for use by federal agencies. Also NIST proposes 
that the Applications section of FIPS 186-2 be modified to clarify that 
implementations of PKCS #1 (version 1.5 or higher) may be used during 
the transition period. These proposed adjustments do not change the 
technical cryptographic digital signature specifications (other than 
data formatting) for the standard.

    Authority: Under Section 5131 of the Information Technology 
Management Reform Act of 1996 and the Computer Security Act of 1987 
(Public Law 100-235), the Secretary of Commerce is authorized to 
approve standards and guidelines for the cost effective security and 
privacy of sensitive information processed by federal computer 
systems.

    Executive Order 12866: This notice has been determined not to be 
significant for purposes of E.O. 12866.

    Dated: July 5, 2001.
Karen H. Brown,
Acting Director, NIST.
[FR Doc. 01-17297 Filed 7-10-01; 8:45 am]
BILLING CODE 3510-CN-M