Slashdot Mirror

← Back to Stories (view on slashdot.org)

NIST Solicits Comments On Electronic Authentication Guideline

Posted by samzenpus on from the what-do-you-think dept.

First time accepted submitter Jim Fenton writes The National Institute of Standards and Technology (NIST) is poised to make what is expected to be a major revision of Special Publication 800-63-2, Electronic Authentication Guideline. While normative only for the Federal Government, it is widely referenced elsewhere and specifies requirements to meet each of four Levels of Assurance (LOA). Should this structure change? Are there changes in technology or threats that should be considered in the revision? NIST would like to hear from you.

7 comments

  1. NIST would like to hear from you. by Cornwallis · · Score: 0

    Don't you mean "NSA would like to hear from you?"

    They've got to be kidding if they think anyone is going to believe anything they may have to say...

    1. Re:NIST would like to hear from you. by poetmatt · · Score: 1

      While they didn't willingly/intentionally give their information to the NSA, the fact that they were compromised by the NSA means that they should still be considered compromised going forward, so you are correct.

      TLDR: don't do business with the NSA. This also means we really, really, really need to get rid of FIPS as well.

  2. Yay for power grabbing by Anonymous Coward · · Score: 0

    These are really just part of the larger push of identifying everyone everywhere with every move they make. You know, like how facebook or google+ require the use of a "real identity", now backed by an army and a navy. Go on, read the proposals and put some lines between the dots.

  3. Why this one? by TechyImmigrant · · Score: 2

    NIST solicits input on new specs or spec updates pretty much every week.
    Why is this one so special that it get's a Slashdotting?

    In my opinion the hot action is on Lightweight crypto (workshop in July) and the SP800-90B draft which is subject to substantial revision.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  4. About time by Anonymous Coward · · Score: 0

    That NIST document is the one that proposes silly password entropy measures that accomplish nothing. I'm not sure if anyone in industry takes their wing-of-newt password guidelines seriously, but Fed agencies have to. It's good if they're willing to reconsider.