NIST Solicits Comments On Electronic Authentication Guideline 7
First time accepted submitter Jim Fenton writes The National Institute of Standards and Technology (NIST) is poised to make what is expected to be a major revision of Special Publication 800-63-2, Electronic Authentication Guideline. While normative only for the Federal Government, it is widely referenced elsewhere and specifies requirements to meet each of four Levels of Assurance (LOA). Should this structure change? Are there changes in technology or threats that should be considered in the revision? NIST would like to hear from you.
Re: (Score:1)
Re: (Score:2)
While they didn't willingly/intentionally give their information to the NSA, the fact that they were compromised by the NSA means that they should still be considered compromised going forward, so you are correct.
TLDR: don't do business with the NSA. This also means we really, really, really need to get rid of FIPS as well.
Why this one? (Score:3)
NIST solicits input on new specs or spec updates pretty much every week.
Why is this one so special that it get's a Slashdotting?
In my opinion the hot action is on Lightweight crypto (workshop in July) and the SP800-90B draft which is subject to substantial revision.