Brian / Smith –
I’d like to put Brian’s suggestion (especially #2) as a topic for a future PWG SC Meeting. If my memory is correct the next SC Meeting is scheduled for Sept 8th but I will be on vacation that day. Can we put this on the agenda for the following SC Meeting which I guess would be Sep 22nd?
From: Brian Smithson [mailto:bsmithson at ricohsv.com]
Sent: Tuesday, August 30, 2016 2:28 PM
To: Ira McDonald <blueroofmusic at gmail.com>; Sukert, Alan <Alan.Sukert at xerox.com>
Cc: ids at pwg.org; Kennedy, Smith (Wireless Architect) <smith.kennedy at hp.com>; Michael Sweet (msweet at apple.com) (msweet at apple.com) <msweet at apple.com>
Subject: Re: [IDS] 08/24/16 F2F Meeting Minutes
The problem isn't copyright (as it was with IEEE-SA and the 2600.n series). The problem is recognition of the PP. NIAP and Japan recognize HCD PP v1.0, and sort of by proxy the other four eyes and maybe Germany, Sweden, and others, might go along with it. But Korea has a problem with it because it is too FIPS-validation-specific and doesn't accommodate other national crypto algos and validation processes. 2600.1/2600.2 require data protection that pretty much can only be satisfied by crypto, but doesn't specify method or testing, so Korea can apply it using their national standards.
Unfortunately, publishing HCD PP v1.0 as a PWG standard won't help Korea, and I don't think it would go very far to make it seem more "international".
Publishing an HCD PP v1.1 to allow Korean and other crypto standards as an optional addition to the FIPSy requirements isn't a bad idea, but I'm pretty sure that NIAP wouldn't recognize it because they don't recognize the other standard's assurance activities (or maybe even the algos). Korea would still need to conform to two PPs (v1.0 for NIAP, v1.1 for ITSCC) but at least they'd be closer cousins. It would just be for Korea, and honestly, it would be better if ITSCC and Samsung got together and did it without the PWG.
I'd still like to keep exploring how the PWG and the IDS group can have a role in PP development and maintenance. I think of two levels of participation:
1. Just the IDS group, for mostly ad hoc purposes, mostly of concern to vendors (not the broader CC community of labs, consultants, nations, etc.). We've been doing this already, but there may be more specific or proactive ways we could do it in the future. I don't have any particular ideas, but it just seems like it could be useful. It could include publication of PWG documents related to the PP. Whitepapers? Amicus briefs? :-)
2. The PWG and IDS group could get more deeply involved if it hosted an interpretations and maintenance function for the HCD PP, or even further if the PWG hosted the MFP Technical Community. Presently, the interpretations and maintenance function is performed by NIAP's TRRT, and the MFP TC is hosted by the CCUF on OnlyOffice. But you never know. I bring this up because to properly serve either of those functions, the PWG would need to accommodate non-vendor participants on a fairly equal footing, and those participants probably wouldn't want to (or be able to) pay a membership fee. I know that "anyone can participate", but in this case the freebies would fully participate in decision-making on PP (not PWG) issues.
Level 2 is a big can of worms, as is PP production. But I think we should consider some kind of ongoing participation at level 1, at least as a convenient F2F meetup but better yet as an industry voice.
On 8/30/2016 10:25 AM, Ira McDonald wrote:
Reading the HCD PP slides and the IDS F2F minutes, I encountered
the idea of the PWG adopting and publishing the HCD PP v1.
Although I can find no claim of copyright in the actual HCD PP, I guess
that NIAP and IPA claim the copyright. If so, the PWG can't consider
standardizing this document.
Brian and Alan - do you know the copyright status?
Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
mailto: blueroofmusic at gmail.com<mailto:blueroofmusic at gmail.com>
Jan-April: 579 Park Place Saline, MI 48176 734-944-0094
May-Dec: PO Box 221 Grand Marais, MI 49839 906-494-2434
On Mon, Aug 29, 2016 at 11:19 AM, Sukert, Alan <Alan.Sukert at xerox.com<mailto:Alan.Sukert at xerox.com>> wrote:
Updated the Subject Line to the correct date
From: Sukert, Alan
Sent: Monday, August 29, 2016 11:19 AM
To: 'ids at pwg.org<mailto:ids at pwg.org>' <ids at pwg.org<mailto:ids at pwg.org>>
Cc: 'Kennedy, Smith (Wireless Architect)' <smith.kennedy at hp.com<mailto:smith.kennedy at hp.com>>; Ira McDonald (blueroofmusic at gmail.com<mailto:blueroofmusic at gmail.com>) <blueroofmusic at gmail.com<mailto:blueroofmusic at gmail.com>>; Michael Sweet (msweet at apple.com<mailto:msweet at apple.com>) (msweet at apple.com<mailto:msweet at apple.com>) <msweet at apple.com<mailto:msweet at apple.com>>; Brian Smithson <bsmithson at ricohsv.com<mailto:bsmithson at ricohsv.com>>
Subject: [IDS] 11/03/15 F2F Meeting Minutes
The minutes from the August 24, 2016 PWG IDS Face-to-Face Meeting have been posted on the PWG IDS FTP site and are available at ftp://ftp.pwg.org/pub/pwg/ids/minutes/ids-f2f-minutes-20160824.pdf. Unfortunately I don’t have the email addresses to many of the attendees at the meeting, so if you can forward this note to the appropriate persons that would be very helpful.
Product Security Specialist
Xerox Global Technology Delivery Group Strategy, Quality and Customer Experience
Xerox Certified Green Belt
Alan.Sukert at xerox.com|<mailto:Alan.Sukert at xerox.com%7C> tel 585.427.1413<tel:585.427.1413> or 8*707-1413
MS 0111-03A | 800 Phillips Road | Webster, NY 14580
“The right angle from which to approach a problem is a try-angle”
CISSP, CISA, PMP, CSM
Senior Security Architect
Global Solutions Engineering
Solutions Development Center
675 Campbell Technology Pkwy., Suite 200, Campbell CA, 95008
-------------- next part --------------
An HTML attachment was scrubbed...