attachment
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6001.18203" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>The reason I'm so adamant about this
is....</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>If the TCG HCWG does indeed determine
security/trust issues that are NOT covered by our existing work, there almost
needs to be a "roadmap" document (maybe produced by the PWG) for hardcopy
vendors that answers the question..."What specifications do I need to look at to
determine how to create a secure product?" If there are overlapping methods
to accomplish the same thing, the guidance is ambiguous (unless the product team
has specific check-off items from customers as to which standards are
required).</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>That being said, if the TCG HCWG does come up with
something new, it's probably a good thing.......just another security/trust hole
to be plugged. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Randy</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=david@lexmark.com href="mailto:david@lexmark.com">Dave Whitehead</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=rturner@amalfisystems.com
href="mailto:rturner@amalfisystems.com">Randy Turner</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=ids@pwg.org
href="mailto:ids@pwg.org">ids@pwg.org</A> ; <A title=owner-ids@pwg.org
href="mailto:owner-ids@pwg.org">owner-ids@pwg.org</A> ; <A
title=STDS-2600@LISTSERV.IEEE.ORG
href="mailto:STDS-2600@LISTSERV.IEEE.ORG">STDS-2600@LISTSERV.IEEE.ORG</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, April 10, 2009 6:54
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: IDS> minutes from April 8
2009 TCG HCWG charter discussion teleconference</DIV>
<DIV><BR></DIV><BR><FONT face=sans-serif size=2>All,</FONT> <BR><BR><FONT
face=sans-serif size=2>I agree with Randy that the goals and objectives of the
various bodies should not overlap. The goals and objectives of the TCG
HCWG need to be complementary to those of the P2600 and PWG IDS groups.</FONT>
<BR><BR><FONT face=sans-serif size=2>dhw</FONT> <BR><BR><FONT face=sans-serif
size=2>David H. Whitehead<BR>Development Engineer<BR>Lexmark International,
Inc.<BR>859.825.4914<BR>davidatlexmarkdotcom</FONT> <BR><BR><BR>
<TABLE width="100%">
<TBODY>
<TR vAlign=top>
<TD width="40%"><FONT face=sans-serif size=1><B>"Randy Turner" <<A
href="mailto:rturner@amalfisystems.com">rturner@amalfisystems.com</A>></B>
</FONT><BR><FONT face=sans-serif size=1>Sent by: <A
href="mailto:owner-ids@pwg.org">owner-ids@pwg.org</A></FONT>
<P><FONT face=sans-serif size=1>04/10/09 01:01 AM</FONT> </P>
<TD width="59%">
<TABLE width="100%">
<TBODY>
<TR vAlign=top>
<TD>
<DIV align=right><FONT face=sans-serif size=1>To</FONT></DIV>
<TD><FONT face=sans-serif size=1><<A
href="mailto:STDS-2600@LISTSERV.IEEE.ORG">STDS-2600@LISTSERV.IEEE.ORG</A>></FONT>
<TR vAlign=top>
<TD>
<DIV align=right><FONT face=sans-serif size=1>cc</FONT></DIV>
<TD><FONT face=sans-serif size=1><<A
href="mailto:ids@pwg.org">ids@pwg.org</A>></FONT>
<TR vAlign=top>
<TD>
<DIV align=right><FONT face=sans-serif size=1>Subject</FONT></DIV>
<TD><FONT face=sans-serif size=1>IDS> minutes from April 8 2009
TCG HCWG charter discussion
teleconference</FONT></TR></TBODY></TABLE><BR>
<TABLE>
<TBODY>
<TR vAlign=top>
<TD>
<TD></TR></TBODY></TABLE><BR></TR></TBODY></TABLE><BR><BR><TT><FONT size=2>Hi
All,<BR></FONT></TT><BR><TT><FONT size=2>After reading the minutes from the
latest TCG HCWG re-chartering discussion,<BR>I have the following
comment...<BR></FONT></TT><BR><TT><FONT size=2>I think, at a minimum, any new
charter for the TCG HCWG should be filtered<BR>through the goals and
objectives of the p2600 work<BR>and the PWG-IDS activity to determine any new
objectives.<BR></FONT></TT><BR><TT><FONT size=2>in other
words,<BR></FONT></TT><BR><TT><FONT size=2>o1 = set of p2600 goals and
objectives (both core standard and protection<BR>profiles)<BR>o2 = set of PWG
IDS goals and objectives (including NEA/TNC + IDS<BR>attributes)<BR>o3 = The
union of o1 and o2 (i.e., o1 U o2)<BR></FONT></TT><BR><TT><FONT size=2>o4 =
The set of proposed TCG HCWG goals and objectives<BR></FONT></TT><BR><TT><FONT
size=2>The intersection of o3 and o4 should be the empty
set<BR></FONT></TT><BR><TT><FONT
size=2>Thanks,<BR>Randy<BR></FONT></TT><BR><BR><TT><FONT size=2>----- Original
Message -----<BR>From: "Brian Smithson"
<brian.smithson@RICOH-USA.COM><BR>To:
<STDS-2600@LISTSERV.IEEE.ORG><BR>Sent: Thursday, April 09, 2009 1:13
PM<BR>Subject: [2600] minutes from April 8 2009 TCG HCWG charter
discussion<BR>teleconference<BR></FONT></TT><BR><BR><TT><FONT size=2>>
Please see the attached meeting minutes from yesterday's
teleconference<BR>> discussion of the TCG Hardcopy Workgroup charter
revision.<BR>><BR>> Many thanks to Shah Bhatti for leading the
discussion, Seigo Kotani for<BR>> acting as interim chair and BoD liaison,
Steve Hanna for providing<BR>> perspective from the TNC WG, and Lee Farrell
for contributing his<BR>> excellent notes to the production of these
minutes.<BR>><BR>> --<BR>> Regards,<BR>> Brian Smithson<BR>>
PM, Security Research<BR>> PMP, CISSP, CISA, ISO 27000 PA<BR>> Advanced
Imaging and Network Technologies<BR>> Ricoh Americas Corporation<BR>>
(408)346-4435<BR>><BR>></FONT></TT> <BR><BR></BLOCKQUOTE></BODY></HTML>