Items from security-related news (E71.Mar-2006)


NIST Issues 2 Crytpographic Standards Drafts, Requests Comments; also Final FIPS on Key Establishment
March 13, 2006
From Elaine Barker, NIST

A draft of Federal Information Processing Standard (FIPS) 186-3, Digital Signature Standard (DSS), is available for public comment as announced in the Federal Register. The draft is available at http://csrc.nist.gov/publications/drafts.html. Please submit comments to ebarker@nist.gov with "Comments on Draft 186-3" in the subject line. The comment period closes on June 12, 2006.

A draft of an accompanying document to the proposed FIPS 186-3, NIST Special Publication (SP) 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications, is also available for public comment at http://csrc.nist.gov/publications/drafts.html. Please submit comments to ebarker@nist.gov with "Comments on SP 800-89" in the subject line. The comment period closes on April 28, 2006.

NIST Special Publication (SP) 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, has been posted as a final document at http://csrc.nist.gov/publications/nistpubs/index.html.

Elaine Barker
National Institute of Standards and Technology
100 Bureau Drive, Stop 8930
Gaithersburg, MD 20899-8930
301-975-2911


Email Signature Verification Bug
March 9, 2006
From http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html, by Werner Koch, forwarded by Richard Schroeppel

The GNU Privacy Guard is an implementation of the OpenPGP standard for secure email. Recently it was noticed that given a signed email you can change the message to prepend and append arbitrary data to the message without disturbing the signature verification report to the user. It appears this bug has existed for years without anybody finding it. The bug arises from the complexity of parsing the message formats while preserving backward compatibility with older implemenations.


Test and Validation Lab AT SPAWAR, Charleston Wins Net Centric Warfare Award
February 6, 2006
Press Release

Charleston, SC, (February 6, 2006) - The Test and Validation Lab of the Net Centric Programs Office at SPAWAR Systems Center Charleston was honored recently by the Institute for Defense and Government Advancement (IDGA) with a 2006 Net Centric Warfare Award for outstanding contributions to the development of network centric warfare theory.

According to IDGA Executive Director Megan Knapp, IDGA's Network Centric Warfare (NCW) Awards were established to "honor, recognize and promote initiatives in the US Department of Defense, Coalition Governments, and Defense Industry that exemplify the principles of networkcentric warfare and support information age transformation. A panel of respected defense sector leaders evaluated the nominees and determined the winners.

Randall Shirley, Director of the Net Centric Programs Office, said As this award signifies, the Test and Validation Lab exemplifies the best in current initiatives and sets new standards of excellence for incorporating an innovative concept into future work for the Department of Defense.

The innovative methods developed by the Test and Validation Lab have supported development of network-centric warfare theory by enabling developers to integrate computer network defensive principles to create robust and secure Service Oriented Architecture (SOA) functionality in a minimal amount of time. As an SOA Center of Excellence for Engineering Services, the Test and Validation Lab will use its experience to help other developers of network centric warfare release their tested, certified, and accredited applications rapidly into the battlefield.

For more information on IDGA and the annual NCW Awards and Conference, visit www.idga.org or www.ncwawards.com.


Undergraduate Paper Competitions: Cash Prizes and Publication
February 16, 2006
Press Release

Cryptologia is the only scholarly journal dealing with the history and technology of communications intelligence with specific attention to the mathematics of cryptology. The journal sponsors two undergraduate paper competitions in cryptology, each with a $300 cash prize and publication of the winning article.

The journal's articles have broken many new paths in technical and mathematical cryptology as well as areas such as intelligence history by fostering the study of all aspects of cryptology -- technical as well as historical and cultural. Editor-in-Chief Brian Winkel, Dept of MathSci, United States Military Academy at West Point, and a renowned international editorial board of the world's foremost scholars in cryptology plan to disseminate papers of lasting appeal to mathematicians, security specialists, computer scientists, historians, political scientists, and teachers. For more information, please visit the journal's website at http://tandf.co.uk/journal/titles/01611194.asp

Starting in 2006, Cryptologia will be published by Taylor & Francis.


Air Force Lab Seeks Information Assurance Leader
February 24, 2006
Contributed by Gene Spafford

The position is for a new senior-level position in Information Assurance (IA) at the Air Force Research Laboratory, Information Directorate (AFLR/IF). The search is not yet officially open, but informal inquiries can be directed to the chief scientist of the lab at this location, John Bay john.bay@rl.af.mil