AGENCY:

National Institute of Standards and Technology (NIST), Commerce.

ACTION:

Request for comments.

SUMMARY:

The Secretary of Commerce approved FIPS 186-2, Digital Signature Standard, in January 2000. NIST proposes two minor changes to this standard to enable federal agencies to make a smooth transition to the Start Printed Page 36255acquisition of equipment implementing the algorithms specified in the standard. These adjustments do not change the technical cryptographic signature algorithm specifications.

Before recommending these minor changes to FIPS 186-2 to the Secretary of Commerce for approval, NIST invites review and comments by the public, private sector, and government organizations.

DATES:

Comments on these proposed changes to FIPS 186-2, Digital Signature Standard, must be received on or before August 10, 2001.

SPECIFICATIONS:

FIPS 186-2, Digital Signature Standard, is available through the NIST Computer Security Resource Center web page: http://csrc.nist.gov/​publications/​fips/​index.html. Text for the proposed changes is available at http://csrc.nist.gov/​publications/​drafts.html.

ADDRESSES:

Comments on the proposed changes to FIPS 186-2 may be sent either electronically to FIPS 186@nist.gov or by regular mail to: Chief, Computer Security Division, Information Technology Laboratory, ATTN: Comments on Changes to FIPS 186-2 Digital Signature Standard, 100 Bureau Drive, Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930.

FOR FURTHER INFORMATION CONTACT:

Ms. Elaine Barker, (301) 975-2911, National Institute of Standards and Technology, 100 Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930.

SUPPLEMENTARY INFORMATION:

In January 2000, the Secretary of Commerce approved FIPS 186-2, Digital Signature Standard (DSS). The standard adopts three techniques for the generation and verification of digital signatures. These are the Digital Signature Algorithm (DSA) and two techniques specified in industry standards (ANSI X9.31-1998, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry and ANSI 9.62, 1998 Public Key Cryptography for the Financial Services Industry: Elliptical Curve Digital Signature Algorithm). When the standard was approved, it provided for a transition period from July 2000 to July 2001 to enable federal agencies to continue to use their existing digital signature systems and to acquire additional equipment that might be needed to interoperate with these legacy digital signature systems. Several agencies have notified NIST that commercial equipment implementing another data formatting approach (as input to a signature algorithm) are more readily available and that the original implementation schedule should be extended.

Therefore, NIST is proposing that the Implementation Schedule of FIPS 186-2 be modified to extend the transition period for the acquisition of equipment implementing FIPS 186-2 from July 2001 to December 2002. This will enable agencies to continue to acquire commercial products based on a private sector data formatting approach PKCS #1, which does not interoperate with the data formatting approach specified in FIPS 186-2. NIST believes that using the PKCS #1 is robust and sufficiently strong for use by federal agencies. Also NIST proposes that the Applications section of FIPS 186-2 be modified to clarify that implementations of PKCS #1 (version 1.5 or higher) may be used during the transition period. These proposed adjustments do not change the technical cryptographic digital signature specifications (other than data formatting) for the standard.

Authority: Under Section 5131 of the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987 (Public Law 100-235), the Secretary of Commerce is authorized to approve standards and guidelines for the cost effective security and privacy of sensitive information processed by federal computer systems.

Executive Order 12866: This notice has been determined not to be significant for purposes of E.O. 12866.