Hi Alan,
[clarified wording of three ESRs from today's IDS WG discussion]
Per Gerry and Graydon's comments, change 3.b.i. from:
HCD shall verify the integrity of initial boot, operating system, and
application software/firmware.
to:
HCD shall verify the hardware-anchored integrity of firmware/software,
including initial boot, operating system, and applications.
(delete both 3.a.ii. roots of trust and 3a.iii. secure boot ESRs)
Per Bill's comments, change second 4.a. from:
(Conditionally mandatory) Regardless embedded or Field-Replaceable, the
nonvolatile storage device should be encrypted to protect the document data
and/or HCD critical data.
to:
(Conditionally mandatory) If nonvolatile storage is present, then the
nonvolatile storage device (either embedded or Field-Replaceable) should be
encrypted to protect the document data and/or HCD critical data.
(revised to make the "condition" the prefix of the sentence)
Per today's discussion, change 4.c. from:
Do not store the encryption keys as a plaintext-form, obfuscated-form,
encoded-form or another obscure way. To protect these keys, HCD WG strongly
recommends using the dedicated security component such as TPM, security
element, or USB thumb drive.
to:
Do not store encryption keys in a plaintext-form, obfuscated-form,
encoded-form or another obscure way. To protect these encryption keys, HCD
WG
strongly recommends using the dedicated security component such as a TCG
TPM or Global Platform Secure Element.
(delete reference to the completely unsafe use of a USB stick for key
storage
because, even when encrypted, the USB interface itself is unsafe and has
been hacked often, including embedded malware from nation-states)
All - any further comments?
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusichttp://sites.google.com/site/highnorthinc
mailto: blueroofmusic at gmail.com
PO Box 221 Grand Marais, MI 49839 906-494-2434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20190321/6f2efe90/attachment.html>