[IDS] Edits suggested for HCD ESRs today

[IDS] Edits suggested for HCD ESRs today

Ira McDonald blueroofmusic at gmail.com
Thu Mar 21 20:26:09 UTC 2019 

Hi Alan,

[clarified wording of three ESRs from today's IDS WG discussion]


Per Gerry and Graydon's comments, change 3.b.i. from:

HCD shall verify the integrity of initial boot, operating system, and
application software/firmware.

to:

HCD shall verify the hardware-anchored integrity of firmware/software,
including initial boot, operating system, and applications.

(delete both 3.a.ii. roots of trust and 3a.iii. secure boot ESRs)


Per Bill's comments, change second 4.a. from:

(Conditionally mandatory) Regardless embedded or Field-Replaceable, the
nonvolatile storage device should be encrypted to protect the document data
and/or HCD critical data.

to:

(Conditionally mandatory) If nonvolatile storage is present, then the
nonvolatile storage device (either embedded or Field-Replaceable) should be
encrypted to protect the document data and/or HCD critical data.

(revised to make the "condition" the prefix of the sentence)
Per today's discussion, change 4.c. from:

Do not store the encryption keys as a plaintext-form, obfuscated-form,
encoded-form or another obscure way. To protect these keys, HCD WG strongly
recommends using the dedicated security component such as TPM, security
element, or USB thumb drive.

to:

Do not store encryption keys in a plaintext-form, obfuscated-form,
encoded-form or another obscure way. To protect these encryption keys, HCD
WG
strongly recommends using the dedicated security component such as a TCG
TPM or Global Platform Secure Element.

(delete reference to the completely unsafe use of a USB stick for key
storage
because, even when encrypted, the USB interface itself is unsafe and has
been hacked often, including embedded malware from nation-states)


All - any further comments?

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic at gmail.com
PO Box 221  Grand Marais, MI 49839  906-494-2434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20190321/6f2efe90/attachment.html>

More information about the ids mailing list