[Federal Register Volume 67, Number 199 (Tuesday, October 15, 2002)]
[Notices]
[Pages 63621-63622]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-26132]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No.: 981028268-1287-05]


Announcing Approval of Changes to Federal Information Processing 
Standard (FIPS) 186-2, Digital Signature Standard

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Secretary of Commerce has approved changes to Federal 
Information Processing Standard (FIPS) 186-2, Digital Signature 
Standard (DSS). These changes extend the transition period for the 
implementation of FIPS 186-2 to December 2002 and clarify that a 
private sector algorithm (PKCS 1, version 1.5 or higher) may 
be used during the extended transition period.

DATE: These changes are effective October 15, 2002.

FOR FURTHER INFORMATION CONTACT: Ms. Elaine Barker, (301) 975-2911, 
National Institute of Standards and Technology, 100 Bureau Drive, STOP 
8930, Gaithersburg, MD 20899-8930.

SPECIFICATIONS: These changes are available electronically from the 
NIST Web site at http://csrc.nist.gov/encryption/tkdigsigs.html.

SUPPLEMENTARY INFORMATION: In January 2000, the Secretary of Commerce 
approved FIPS 186-2, Digital Signature Standard (DSS), which adopts 
three techniques for the generation and verification of digital 
signatures. These are the Digital Signature Algorithm (DSA) and two 
techniques specified in industry standards (ANSI X9.31-1998, Digital 
Signatures Using Reversible Public Key Cryptography for the Financial 
Services Industry and ANSI 9.62, 1998, Public Key Cryptography for the 
Financial Services Industry: Elliptical Curve Digital Signature 
Algorithm). When the standard was approved, it provided for a 
transition period from July 2000 to July 2001 to enable federal 
agencies to continue to use their existing digital signature systems 
and to acquire additional equipment that might be needed to 
interoperate with these legacy digital signature systems. Several 
agencies notified NIST that commercial equipment implementing the 
digital signature algorithms adopted by FIPS 186-2 is not readily 
available, and that existing systems would be jeopardized by adherence 
to the original implementation schedule.
    A notice was published in the Federal Register (Volume 66, Number 
133, pp. 36254-5) on July 11, 2001, seeking public review or comment on 
proposed changes to ease transition to FIPS 186-2. The proposed changes 
extended the transition period for the implementation of FIPS 186-2 
from July 2001 until December 2002 and specified that a private sector 
algorithm (PKCS 1, version 1.5 or higher) may be used during 
the extended transition period. The Federal Register notice solicited 
comments from the public, academic and research communities, 
manufacturers, voluntary standards organizations, and Federal, state, 
and local government organizations. In addition to being published in 
the Federal Register, the notice was posted on the NIST Web pages; 
information was provided about the submission of electronic comments. 
Responses were received from four individuals and private sector 
organizations. Below are three comments received; the fourth response 
was a ``no comments'' response. None of the responses received opposed 
the changes.
    Comment: The extended transition period will give government 
agencies a longer period in which to implement FIPS 186-2 and insure 
its interoperability with existing systems. Overall, these changes to 
FIPS 186-2 are favorable, and should be adopted as soon as possible.
    Comment: This office concurs with the document as written and has 
no additional comments to offer.
    Comment: I support the indefinite continuation to ANSI X9.31 as a 
data formatting approach approved under FIPS 186. NIST is to be 
congratulated on its continuing interaction with the PKI industry to 
ensure compatible standards as reflected in the continuing support for 
PKCS 1.
    Therefore, the Secretary of Commerce approved the changes to 
Federal Information Processing Standard (FIPS) 186-2, Digital Signature 
Standard (DSS). These changes extend the transition period for the 
implementation of FIPS 186-2 from July 2001 to December 2002 and 
clarify that a private sector algorithm (PKCS 1, version 1.5 
or higher) may be used during the extended transition period.

    Authority: Under Section 5131 of the Information Technology 
Management Reform Act of 1996 and the Computer Security Act of 1987, 
the Secretary of Commerce is authorized to approve standards and 
guidelines for the cost effective security and privacy of sensitive 
information processed by Federal computer systems.


[[Page 63622]]


    E.O. 12866: This notice has been determined to be non-significant 
for purposes of E.O. 12866.
    It has been determined that this notice does not contain policies 
with Federalism implications as that term is defined in E. O. 13132.

    Dated: October 8, 2002.
Arden L. Bement, Jr.,
Director.
[FR Doc. 02-26132 Filed 10-11-02; 8:45 am]
BILLING CODE 3510-CN-P