depend on NIST standard process and development? Is the statement talking
about all IETF security standards?
As I tried to explain in
http://tools.ietf.org/html/draft-tschofenig-perpass-surveillance-00 the IETF
is currently not in the business of developing cryptographic primitives. This
work is done outside the IETF (to a large extend).
Of course, our security protocols have to use cryptographic primitives and
there is the question where do these come from.
It turns out that there are not that many organizations in the world who have
the necessary level of expertise. NIST is one of them.
Indeed.
Some IETF standards normatively reference NIST cryptographic standards, and
many of them are the mandatory to implement algorithm. So, these IETF
standards do depend on the NIST standards, and indirectly on the process by
which the NIST standards were developed.
The IETF has developed it own cryptographic mechanisms when there has been a
void. RFC 3217 is one example. When that work was done by the S/MIME WG, the
group went to great lengths to get cryptographers to participate. This is not
the preferred approach, but sometimes there is a void that needs to be filled.
Russ