[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: PKCS #1 in IKE vs. FIPS certification
At 01:31 PM 3/15/01 -0500, FRousseau@chrysalis-its.com wrote:
>>>>
<excerpt>
<smaller>Ari,</smaller>
<smaller>This is not exactly what I read in the Future Plans from the
NIST cryptographic toolkit web page about Digital Signatures at
(http://csrc.nist.gov/encryption/tkdigsigs.html):
</smaller>
<smaller>"NIST also intends to adopt PKCS #1 as an approved technique for
RSA digital signatures. (Currently, this is only allowed under the
transition period for FIPS 186-2, which is scheduled to end July 27,
2001.)"
</smaller>
</excerpt>
Unfortunately, this is probably obsolete. I'm not 100% sure,
but the news I got from a FIPS-140 validating lab was that
effective from this June, signing with PKCS#1 RSA would not
be FIPS-approved any more (but FIPS-certified modules will retain
certification until next re-validating time). Vendors are
encouraged to imlement, and use in FIPS mode of operating,
a different method of signing with RSA specified in some ANSI
document (don't remember the index).
Alexey
References: