...
Number | Line / Reference | Proposed Change or Query | Proposer | Action / Decision (please leave blank) |
---|---|---|---|---|
1 | General | The proposal sticks quite closely to NIST's guidelines (https://pages.nist.gov/800-63-3/sp800-63b.html) - it would be helpful to add a statement on whether these guidelines are in line with NIST 800-63B to allow people to self audit more easily | Hannah Short (CERN) | |
2 | Chapter 4, Table | Could those pools be opened, from where this amount of characters is taken from? Like "e.g. 52 letters (a-z)(A-Z)" | Sami Silén (CSC) | |
3 | Chapter 4, Table | Kind of minor notice, but might be something to open up a little bit. Reading this table after reading this NIST guidelines, I had problems to understand that second line in each "Authenticator type". It didn't mean secrets chosen randomly by the CSP (Which was the assumption I had got from the NIST document). Both of lines are subscriber chosen and length is just different because of wider pool. | Sami Silén (CSC) |
...