usnistgov/800-63-3

Issues

• "Something you have" proved by "Something you know"

  #1990 opened 3 years ago by maurocasonato
  1

• Appendix A.2 - rationale for limiting password length

  #2008 opened 6 months ago by si-chan
  1

• Clarify roles for supervised (virtual) remote proofing

  #1931 opened 6 years ago by jimfenton
  0

• Require notification when associating a new authenticator at AAL3

  #1928 opened 6 years ago by jimfenton
  1

• ID proofing acquaintances

  #1927 opened 6 years ago by jimfenton
  0

• Profile of subscriber transactions

  #1926 opened 6 years ago by jimfenton
  0

• Require HttpOnly browser cookies

  #1937 opened 6 years ago by jimfenton
  2

• Clarify reauthentication requirements at AAL2

  #1933 opened 6 years ago by jimfenton
  0

• Revisit Verifier Impersonation Resistance Requirements

  #1934 opened 6 years ago by regenscheid
  1

• Identity evidence validators

  #1943 opened 6 years ago by jimfenton
  1

• Wrong indent level in bulleted/numbered list

  #1955 opened 5 years ago by jimfenton
  0

• Unclear reference regarding distribution of look-up secrets

  #1956 opened 5 years ago by jimfenton
  0

• Miscellaneous typos

  #1957 opened 5 years ago by jimfenton
  2

• IAL2 Evidence Validation and Identity Verification

  #1958 opened 5 years ago by regenscheid
  0

• Mislabled Diagram

  #1960 opened 5 years ago by jricher
  1

• Clarify reuse of OTP authenticator outputs

  #1961 opened 5 years ago by jimfenton
  0

• Zeroizing vs. reuse of activation factors

  #1962 opened 5 years ago by jimfenton
  0

• Suggested definition of identity

  #1967 opened 5 years ago by jimfenton
  1

• Table 4-1 AAL2 Replay Resistance requirement incorrect

  #1968 opened 5 years ago by jimfenton
  0

• Error in OOB authenticator descriptive text

  #1969 opened 5 years ago by jimfenton
  0

• FIPS 140 requirements for authenticators at AAL2

  #1970 opened 4 years ago by jimfenton
  1

• Broken link to ESIG document

  #1979 opened 4 years ago by jimfenton
  0

• Not all PII is protected

  #1981 opened 4 years ago by JasmesGraham
  0

• Uniquely addressable requirement for OOB authenticators

  #1982 opened 4 years ago by jimfenton
  0

• Inconsistency regarding permitted AAL3 authenticator type combinations

  #1983 opened 4 years ago by jimfenton
  0

• Labeling of "multi-factor" is confusing

  #1984 opened 4 years ago by utsecnet
  1

• Language used in SP800-63b 5.1.1.2 for choosing the salt

  #1994 opened 3 years ago by sebastien-rosset
  0

• Persistent session secrets, SSO, and iOS

  #2001 opened 2 years ago by whitehatguy
  0

• Wording error in intro to -63A Table 4-1

  #1951 opened 5 years ago by jimfenton
  0

• Improved description of Memorized Secret Verifiers

  #1954 opened 5 years ago by sebastien-rosset
  1

• Whitelist and blacklist should be updated to allow list and deny list.

  #2006 opened a year ago by mozts2005
  1

• Unclear presentation language

  #1959 opened 3 years ago by jricher
  0

• Out-of-Band Authenticators: Required Entropy For Authentication Secrets

  #2000 opened 3 years ago by mitchellhenke
  2

• Future - Advice on reset link entropy

  #1998 opened 3 years ago by Firstyear
  3

• Proofing and Identification Document Freshness

  #1991 opened 3 years ago by williambrantmyzenkey
  1

• How to include assurance levels into X.509 S/MIME certificates?

  #1992 opened 3 years ago by RufusJWB
  1

• Two-Factor device unlock clarification

  #1987 opened 4 years ago by DamianM1
  2

• Use of "salt" for secret rehashing key is confusing

  #1972 opened 4 years ago by jimfenton
  0

• Definition of multi-factor authenticator is problematic

  #1980 opened 4 years ago by NickBorgers
  2

• SP800-63a 4.4.1.6 e sequence repeated

  #1965 opened 5 years ago by birdybro
  1

• Bad link for blacklisting

  #1942 opened 5 years ago by glasses4days
  2

• Writing in 2nd person

  #1925 opened 5 years ago by jimfenton
  0

• Extra definition of 'Protected Session'

  #1930 opened 5 years ago by jimfenton
  0

• Missing words in -63C Section 6 introduction

  #1921 opened 5 years ago by jimfenton
  1

• Clarify use of "authorization credential"

  #1922 opened 5 years ago by jimfenton
  1

• Grammatical error in NIST SP 800-63B section 5.2.3

  #1953 opened 5 years ago by ksr42
  1

• kljldjfasdf

  #1938 opened 6 years ago by stephaniefaith
  0

• Incorrect salt length on website?

  #1923 opened 6 years ago by pranav-bagree
  1

• Use of Federation to describe a three way protocol

  #1920 opened 6 years ago by jimfenton
  1

• Move attribute references sentence

  #1924 opened 6 years ago by jimfenton
  1