AL2_CM_CTR#028 and AL2_CM_CTR#025

Owned by Former user (Deleted)
Last updated: Aug 08, 2013Version comment
1 min read
Discussion of AL2_CM_CTR#028 and AL2_CM_CTR#025 questions
1. AL2_CM_CTR#028 seems to stipulate OTPs that are both event- _and_ time-base
which is a bit strange. It seems this confusion is in 800-63-1 aswell. If (for instance) 
b and c were combined, and there was an OR in the lead-in (line 1642) then the 
criterion would allow both (sensible) time and event-based OTP-devices which I 
suspect was the intent.

2. AL2_CM_CTR#025 doesn't permit the use of public key-based authn for AL2. This
must be an oversight right?

If you all agree we should open tickets for these and probably talk to somebody 
at NIST about (1).

 

Discussion of Questions: IAWG Meeting Minutes 2013-08-1

  • Comment appears valid
  • #1 is Errata - Need to raise with NIST for direction, but the requester makes a reasonable case
  • #2 is the same as Ticket #770408

Disposition: Errata | Add to IAF enhancements list