[Federal Register Volume 67, Number 199 (Tuesday, October 15, 2002)] [Notices] [Pages 63621-63622] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 02-26132] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket No.: 981028268-1287-05] Announcing Approval of Changes to Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard AGENCY: National Institute of Standards and Technology (NIST), Commerce. ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: The Secretary of Commerce has approved changes to Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard (DSS). These changes extend the transition period for the implementation of FIPS 186-2 to December 2002 and clarify that a private sector algorithm (PKCS1, version 1.5 or higher) may be used during the extended transition period. DATE: These changes are effective October 15, 2002. FOR FURTHER INFORMATION CONTACT: Ms. Elaine Barker, (301) 975-2911, National Institute of Standards and Technology, 100 Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930. SPECIFICATIONS: These changes are available electronically from the NIST Web site at http://csrc.nist.gov/encryption/tkdigsigs.html. SUPPLEMENTARY INFORMATION: In January 2000, the Secretary of Commerce approved FIPS 186-2, Digital Signature Standard (DSS), which adopts three techniques for the generation and verification of digital signatures. These are the Digital Signature Algorithm (DSA) and two techniques specified in industry standards (ANSI X9.31-1998, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry and ANSI 9.62, 1998, Public Key Cryptography for the Financial Services Industry: Elliptical Curve Digital Signature Algorithm). When the standard was approved, it provided for a transition period from July 2000 to July 2001 to enable federal agencies to continue to use their existing digital signature systems and to acquire additional equipment that might be needed to interoperate with these legacy digital signature systems. Several agencies notified NIST that commercial equipment implementing the digital signature algorithms adopted by FIPS 186-2 is not readily available, and that existing systems would be jeopardized by adherence to the original implementation schedule. A notice was published in the Federal Register (Volume 66, Number 133, pp. 36254-5) on July 11, 2001, seeking public review or comment on proposed changes to ease transition to FIPS 186-2. The proposed changes extended the transition period for the implementation of FIPS 186-2 from July 2001 until December 2002 and specified that a private sector algorithm (PKCS 1, version 1.5 or higher) may be used during the extended transition period. The Federal Register notice solicited comments from the public, academic and research communities, manufacturers, voluntary standards organizations, and Federal, state, and local government organizations. In addition to being published in the Federal Register, the notice was posted on the NIST Web pages; information was provided about the submission of electronic comments. Responses were received from four individuals and private sector organizations. Below are three comments received; the fourth response was a ``no comments'' response. None of the responses received opposed the changes. Comment: The extended transition period will give government agencies a longer period in which to implement FIPS 186-2 and insure its interoperability with existing systems. Overall, these changes to FIPS 186-2 are favorable, and should be adopted as soon as possible. Comment: This office concurs with the document as written and has no additional comments to offer. Comment: I support the indefinite continuation to ANSI X9.31 as a data formatting approach approved under FIPS 186. NIST is to be congratulated on its continuing interaction with the PKI industry to ensure compatible standards as reflected in the continuing support for PKCS 1. Therefore, the Secretary of Commerce approved the changes to Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard (DSS). These changes extend the transition period for the implementation of FIPS 186-2 from July 2001 to December 2002 and clarify that a private sector algorithm (PKCS 1, version 1.5 or higher) may be used during the extended transition period. Authority: Under Section 5131 of the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987, the Secretary of Commerce is authorized to approve standards and guidelines for the cost effective security and privacy of sensitive information processed by Federal computer systems. [[Page 63622]] E.O. 12866: This notice has been determined to be non-significant for purposes of E.O. 12866. It has been determined that this notice does not contain policies with Federalism implications as that term is defined in E. O. 13132. Dated: October 8, 2002. Arden L. Bement, Jr., Director. [FR Doc. 02-26132 Filed 10-11-02; 8:45 am] BILLING CODE 3510-CN-P