Re: where to find X9.26 document?
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 06/02/03
- Previous message: 1053655692_at_noid.net: "where to find X9.26 document?"
- In reply to: 1053655692_at_noid.net: "where to find X9.26 document?"
- Next in thread: 1053655692_at_noid.net: "Re: where to find X9.26 document?"
- Reply: 1053655692_at_noid.net: "Re: where to find X9.26 document?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 02 Jun 2003 03:39:21 GMT
1053655692@noid.net (1053655692@noid.net) writes:
> I'm looking for a document entitled:
>
> "Draft American national standard for financial institution
> sign-on authentication for wholesale financial systems: Secure
> transmission of personal authenticating information and node
> authentication"
>
> It's the ANSI X9.26 specification.
most x9 available in pdf (but not x9.26) .... ansi
http://www.ansi.org/
electronic standards store:
http://webstore.ansi.org/ansidocstore/
and do search on x9
notice x9.26 withdrawal ...
Withdrawal of x9.26
Recommended Action:
In its July, 1999 meeting, Working Group X9F3 responsible for the
maintenance of ANS X9.26, Financial Institution Sign-On Authentication
for Wholesale Financial Transactions, by unanimous vote recommends
that ANS X9.26 be withdrawn. This is a continuation of the action
taken by X9F in its last meeting when it recommended the withdrawal of
ANS X9.9 and ANS X9.23. ANS X9.26 is dependent on ANS X9.9 and X9.23
and is therefore an inappropriate standard to be used in the wholesale
financial environment based on the high average dollar value of
transactions.
Procedural Basis:
At its April meeting in 1999, the X9F subcommittee voted unanimously
(except for an abstention of one new member) to withdraw ANS X9.9 and
ANS X9.23. Subsequent to that meeting, the X9 Secretariat advised
ANSI to cease all sales (paper and ESS versions) of ANS X9.9 and ANS
X9.23. X9F3 also recommends the withdrawal of ANS X9.26 for the
reasons stated below.
Rational for this action:
Based on recent attacks on 56 bit symmetric encryption algorithms such
as the Data Encryption Algorithm (DEA), X9F at its April, 1999 meeting
decided to cease support for X9.9 and X9.23. ANSI has been advised to
stop selling these standards.
ANS X9.26 is also recommended for withdrawal based on the following:
1) ANS X9.26 is dependent on ANS X9.9 (MAC) for message authentication
and X9.23 for data encryption..
2) There is a well known attack on MACs used by ANS X9.26 based on the
availability of brute force equipment, such as the "DES cracker".
This attack is published in TG-24-1999, which is available in draft
form and will be made freely available on the X9 bookstore web site.
3) Given the existence of the above equipment, in the wholesale
environment with average transactions of millions of dollars, the use
of 56-bit keys is no longer a prudent business practice to be
continued. Financial Institutions need to plan to migrate away from
the use of any 56 bit symmetric encryption algorithm in the wholesale
business environment.
-- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
- Previous message: 1053655692_at_noid.net: "where to find X9.26 document?"
- In reply to: 1053655692_at_noid.net: "where to find X9.26 document?"
- Next in thread: 1053655692_at_noid.net: "Re: where to find X9.26 document?"
- Reply: 1053655692_at_noid.net: "Re: where to find X9.26 document?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
