[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PKCS #1 in IKE vs. FIPS certification

To: ipsec@lists.tislabs.com
Subject: RE: PKCS #1 in IKE vs. FIPS certification
From: Alexey Kirichenko <Alexey.Kirichenko@F-Secure.com>
Date: Thu, 15 Mar 2001 21:57:51 +0200
In-Reply-To: <918C70B01822D411A87400B0D0204DFF72F671@panda.chrysalis-its.com>
Sender: owner-ipsec@lists.tislabs.com

At 01:31 PM 3/15/01 -0500, FRousseau@chrysalis-its.com wrote: 

>>>>

<excerpt>

<smaller>Ari,</smaller> 


<smaller>This is not exactly what I read in the Future Plans from the
NIST cryptographic toolkit web page about Digital Signatures at
(http://csrc.nist.gov/encryption/tkdigsigs.html):

</smaller>

<smaller>"NIST also intends to adopt PKCS #1 as an approved technique for
RSA digital signatures.  (Currently, this is only allowed under the
transition period for FIPS 186-2, which is scheduled to end July 27,
2001.)"

</smaller>

</excerpt>

Unfortunately, this is probably obsolete. I'm not 100% sure,

but the news I got from a FIPS-140 validating lab was that

effective from this June, signing with PKCS#1 RSA would not

be FIPS-approved any more (but FIPS-certified modules will retain

certification until next re-validating time). Vendors are

encouraged to imlement, and use in FIPS mode of operating,

a different method of signing with RSA specified in some ANSI

document (don't remember the index).


Alexey

References:

RE: PKCS #1 in IKE vs. FIPS certification

From: FRousseau@chrysalis-its.com

Prev by Date: Re: Agenda for the Minneapolis meeting
Next by Date: RE: Agenda for the Minneapolis meeting
Prev by thread: RE: PKCS #1 in IKE vs. FIPS certification
Next by thread: A method to prevent DoS in IPv6 DAD and Mobile IPv6
Index(es):
- Main
- Thread