[Federal Register Volume 62, Number 92 (Tuesday, May 13, 1997)]
[Notices]
[Page 26294]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-12340]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 960924271-6271-01]
RIN 0693-ZA10
Announcing Plans to Develop a Federal Information Processing
Standard for Public-Key Based Cryptographic Key Agreement and Exchange
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: NIST is planning to develop a Federal Information Processing
Standard for Public-Key Based Cryptographic Key Agreement and Exchange.
This notice solicits comments regarding techniques for consideration
specifically including RSA, Diffie-Hellman, and Elliptic Curve
techniques. This standard will be for use in designing and implementing
public-key based key agreement and exchange systems which Federal
departments and agencies operate or which are operated for them under
contract. More than one algorithm may be specified, consistent with
sound security practices, to enable Federal departments and agencies
enhanced flexibility in the design, implementation, and use of
cryptographic systems.
DATES: Comments should be received on or before August 11, 1997.
ADDRESSES: Written comments should be sent to: Director, Information
Technology Laboratory, ATTN: Key Agreement/Exchange FIPS, Technology
Building, Room A231, National Institute of Standards and Technology,
Gaithersburg, MD 20899.
Electronic comments should be sent to: [email protected]
Comments received in response to this notice will be made part of
the public record and will be made available for inspection and copying
in the Central Reference and Records Inspection Facility, Room 6020,
Herbert C. Hoover Building, 14th Street between Pennsylvania and
Constitution Avenues, NW, Washington, DC 20230.
FOR FURTHER INFORMATION CONTACT: Miles Smid, Manager, Security
Technology Group, Computer Security Division, National Institute of
Standards and Technology, Gaithersburg, MD 20899, telephone (301) 975-
2938.
SUPPLEMENTARY INFORMATION: NIST is planning to develop a Federal
Information Processing Standard for Public-Key Based Cryptographic Key
Agreement and Exchange. This standard will be for use in designing and
implementing public-key based key agreement and exchange systems which
Federal departments and agencies operate or which are operated for them
under contract. More than one algorithm may be specified in the
standard, consistent with sound security practices, to enable Federal
departments and agencies enhanced flexibility in the design,
implementation, and use of cryptographic systems.
Algorithms approved for inclusion shall be either: (1) Freely
available or (2) available under terms consistent with the American
National Standards Institute (ANSI) patent policy.
The Administration policy is that cryptographic keys used by
Federal agencies for encryption (i.e., to protect the confidentiality
of information) shall be recoverable through an agency or third-party
process and that keys used for digital signature (i.e., for integrity
and authentication of information) shall not be recoverable. Agencies
must be able to ensure that signature keys cannot be used for
encryption. Any algorithms proposed for digital signature must be able
to be implemented such that they do not support encryption unless keys
used for encryption are distinct from those used for signature and are
recoverable.
The distinction between signature and encryption keys will be
facilitated in the public key infrastructure by using X.509v3 public
key certificates.
This standard would specify the mathematical algorithm(s) approved
for use by Federal agencies for using public key cryptographic key
exchange/agreement (e.g., to exchange the encryption key[s] used by two
parties for data encryption). This standard will be complemented by the
activities of the ``Technical Advisory Committee to Develop a Federal
Information Processing Standard for Federal Key Management
Infrastructure,'' which is working on recommendations for a federal
standard on encryption key recovery (independent of the underlying
mathematical algorithm[s] used to exchange the encryption key[s]).
NIST solicits comments from interested parties, including industry,
voluntary standards organizations, the public, and State and local
governments concerning developing such a standard, and concerning the
availability, security, and adequacy of existing standards for public
key-based key agreement and exchange.
Comments are particularly sought with respect to the RSA, Diffie-
Hellman, and elliptic curve techniques. In addition, parties believing
their patents or other intellectual property pertain to any of these
three techniques are asked to comment and provide specifics of the
nature of their claims.
This work is pursuant to NIST's responsibilities under the Computer
Security Act of 1987, the Information Technology Management Reform Act
of 1996, OMB Circular A-130, and Executive Order 13011.
Dated: May 6, 1997.
Elaine Bunten-Mines,
Director, Program Office.
[FR Doc. 97-12340 Filed 5-12-97; 8:45 am]
BILLING CODE 3510-CN-M
