[IDS] 08/24/16 F2F Meeting Minutes

[IDS] 08/24/16 F2F Meeting Minutes

Ira McDonald blueroofmusic at gmail.com
Tue Aug 30 22:17:20 UTC 2016 

Hi Alan and Brian,

This is all interesting - thanks.

The tricky aspect about #2 is giving non-PWG members a vote.  Can't
be done under IEEE-ISTO and PWG by-laws.

Cheers,
- Ira



Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic at gmail.com
Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094
May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434


On Tue, Aug 30, 2016 at 2:37 PM, Sukert, Alan <Alan.Sukert at xerox.com> wrote:

> Brian / Smith –
>
>
>
> I’d like to put Brian’s suggestion (especially #2) as a topic for a future
> PWG SC Meeting. If my memory is correct the next SC Meeting is scheduled
> for Sept 8th but I will be on vacation that day. Can we put this on the
> agenda for the following SC Meeting which I guess would be Sep 22nd?
>
>
>
> Alan
>
>
>
> *From:* Brian Smithson [mailto:bsmithson at ricohsv.com]
> *Sent:* Tuesday, August 30, 2016 2:28 PM
> *To:* Ira McDonald <blueroofmusic at gmail.com>; Sukert, Alan <
> Alan.Sukert at xerox.com>
> *Cc:* ids at pwg.org; Kennedy, Smith (Wireless Architect) <
> smith.kennedy at hp.com>; Michael Sweet (msweet at apple.com) (msweet at apple.com)
> <msweet at apple.com>
> *Subject:* Re: [IDS] 08/24/16 F2F Meeting Minutes
>
>
>
> Hi Ira,
>
> The problem isn't copyright (as it was with IEEE-SA and the 2600.n
> series). The problem is recognition of the PP. NIAP and Japan recognize HCD
> PP v1.0, and sort of by proxy the other four eyes and maybe Germany,
> Sweden, and others, might go along with it. But Korea has a problem with it
> because it is too FIPS-validation-specific and doesn't accommodate other
> national crypto algos and validation processes. 2600.1/2600.2 require data
> protection that pretty much can only be satisfied by crypto, but doesn't
> specify method or testing, so Korea can apply it using their national
> standards.
>
> Unfortunately, publishing HCD PP v1.0 as a PWG standard won't help Korea,
> and I don't think it would go very far to make it seem more
> "international".
>
> Publishing an HCD PP v1.1 to allow Korean and other crypto standards as an
> optional addition to the FIPSy requirements isn't a bad idea, but I'm
> pretty sure that NIAP wouldn't recognize it because they don't recognize
> the other standard's assurance activities (or maybe even the algos). Korea
> would still need to conform to two PPs (v1.0 for NIAP, v1.1 for ITSCC) but
> at least they'd be closer cousins. It would just be for Korea, and
> honestly, it would be better if ITSCC and Samsung got together and did it
> without the PWG.
>
> I'd still like to keep exploring how the PWG and the IDS group can have a
> role in PP development and maintenance. I think of two levels of
> participation:
>
>    1. Just the IDS group, for mostly ad hoc purposes, mostly of concern
>    to vendors (not the broader CC community of labs, consultants, nations,
>    etc.). We've been doing this already, but there may be more specific or
>    proactive ways we could do it in the future. I don't have any particular
>    ideas, but it just seems like it could be useful. It could include
>    publication of PWG documents related to the PP. Whitepapers? Amicus briefs?
>    :-)
>    2. The PWG and IDS group could get more deeply involved if it hosted
>    an interpretations and maintenance function for the HCD PP, or even further
>    if the PWG hosted the MFP Technical Community. Presently, the
>    interpretations and maintenance function is performed by NIAP's TRRT, and
>    the MFP TC is hosted by the CCUF on OnlyOffice. But you never know. I bring
>    this up because to properly serve either of those functions, the PWG would
>    need to accommodate non-vendor participants on a fairly equal footing, and
>    those participants probably wouldn't want to (or be able to) pay a
>    membership fee. I know that "anyone can participate", but in this case the
>    freebies would fully participate in decision-making on PP (not PWG) issues.
>
> Level 2 is a big can of worms, as is PP production. But I think we should
> consider some kind of ongoing participation at level 1, at least as a
> convenient F2F meetup but better yet as an industry voice.
>
> - Brian
>
>
>
> On 8/30/2016 10:25 AM, Ira McDonald wrote:
>
> Hi Alan,
>
> Reading the HCD PP slides and the IDS F2F minutes, I encountered
>
> the idea of the PWG adopting and publishing the HCD PP v1.
>
> Although I can find no claim of copyright in the actual HCD PP, I guess
>
> that NIAP and IPA claim the copyright.  If so, the PWG can't consider
>
> standardizing this document.
>
> Brian and Alan - do you know the copyright status?
>
> Cheers,
>
> - Ira
>
>
> Ira McDonald (Musician / Software Architect)
> Co-Chair - TCG Trusted Mobility Solutions WG
> Chair - Linux Foundation Open Printing WG
> Secretary - IEEE-ISTO Printer Working Group
> Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
> IETF Designated Expert - IPP & Printer MIB
> Blue Roof Music / High North Inc
> http://sites.google.com/site/blueroofmusic
> http://sites.google.com/site/highnorthinc
> mailto: blueroofmusic at gmail.com
> Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094
> May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434
>
>
>
> On Mon, Aug 29, 2016 at 11:19 AM, Sukert, Alan <Alan.Sukert at xerox.com>
> wrote:
>
> Updated the Subject Line to the correct date
>
>
>
> *From:* Sukert, Alan
> *Sent:* Monday, August 29, 2016 11:19 AM
> *To:* 'ids at pwg.org' <ids at pwg.org>
> *Cc:* 'Kennedy, Smith (Wireless Architect)' <smith.kennedy at hp.com>; Ira
> McDonald (blueroofmusic at gmail.com) <blueroofmusic at gmail.com>; Michael
> Sweet (msweet at apple.com) (msweet at apple.com) <msweet at apple.com>; Brian
> Smithson <bsmithson at ricohsv.com>
> *Subject:* [IDS] 11/03/15 F2F Meeting Minutes
>
>
>
> The minutes from the August 24, 2016 PWG IDS Face-to-Face Meeting have
> been posted on the PWG IDS FTP site and are available at
> ftp://ftp.pwg.org/pub/pwg/ids/minutes/ids-f2f-minutes-20160824.pdf.
> Unfortunately I don’t have the email addresses to many of the attendees at
> the meeting, so if you can forward this note to the appropriate persons
> that would be very helpful.
>
>
>
> Alan Sukert
>
> Product Security Specialist
>
> Xerox Global Technology Delivery Group Strategy, Quality and Customer
> Experience
>
> Xerox Certified Green Belt
>
> Alan.Sukert at xerox.com| tel 585.427.1413 or 8*707-1413
>
> MS 0111-03A | 800 Phillips Road | Webster, NY 14580
>
> “The right angle from which to approach a problem is a try-angle”
>
>
>
>
>
>
>
> --
>
> Regards,
>
> Brian Smithson
>
> CISSP, CISA, PMP, CSM
>
> Senior Security Architect
>
> Global Solutions Engineering
>
> Solutions Development Center
>
> Ricoh Americas
>
> 675 Campbell Technology Pkwy., Suite 200, Campbell CA, 95008
>
> (408)610-3113
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20160830/0af8c446/attachment.html>

More information about the ids mailing list