[Cryptography] USPTO gives up on PKI
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Jun 4 07:13:01 EDT 2019
Just noticed this today, looks like the USPTO is giving up on PKI auth:
https://www.uspto.gov/patents-application-process/filing-online/new-users/pki-authentication-has-been-discontinued
to be replaced by TOTP auth:
https://www.uspto.gov/patent/authentication-changes-efs-web-and-pair
In other words they're swapping RFC 5280 for RFC 6238.
To compensate for this progressive step, they still expire passwords every 6
months...
Peter.
More information about the cryptography
mailing list