Re: [2600] Should protection against bridging from fax interface to othe shared media interface be mandatory for Environment C
In considering this proposal, please look at the scope of impact:
(1) Proxy and bridging are now lumped together* in one OSP
(P.SMI.MEDIATION) and objective (O.SMI.MEDIATED), which is fulfilled by
flow control SFRs. So if we want to remove bridging from environment C, we
also remove proxy.
(2) If it's removed from environment C, we would also remove it from
environment D.
I don't think that either of these items necessarily mean that we should
not remove the fax-bridge requirement from environment C, it's just that
we need to consider the whole scope of impact.
* Since we haven't discussed this at a meeting yet, you might be wondering
why bridging and proxy are lumped together. There are three reasons:
(a) Sharp commented that the original bridging objective could be
interpreted as an implied requirement to have two interfaces, a
shared-media interface plus some other interface from bridging shall be
prevented. But in a sense, proxy is a degenerate case of bridging (it is
like bridging to itself), so I think that both kinds of objectives could
be handled by a single objective that deals with proxy in a general way.
(b) Several people have noted that fax bridging can be prevented using one
of several techniques, and some of those techniques are architectural and
not the sort of thing that one can represent in an SFR. In CCv2.x, we
could use architectural SARs to fulfill objectives, but we cannot do that
in CCv3.1. Therefore, we don't want our bridging objective to be too
specific about fax.
(c) There are some legitimate uses for bridging interfaces, so we don't
want to make some kind of blanket prohibition.
By making a very general policy and objective ("The TOE shall mediate data
connections to and from shared media interfaces"), I am hoping that we can
assure everyone that we prevent bridging and proxying while not implying
architecture or burdening ourselves with unnecessary requirements.
Regards,
--
Brian Smithson
Project Manager
PMP, SSCP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435
New address:
10460 Bubb Road
Cupertino, CA 95014-4150
________________________________
From: nchen@OKIDATA.COM [mailto:nchen@OKIDATA.COM]
Sent: Thursday, August 16, 2007 9:44 AM
To: STDS-2600@listserv.ieee.org
Subject: [2600] Should protection against bridging from fax
interface to othe shared media interface be mandatory for Environment C
Dear All,
Alan Sukert and I have been discussing this issue and would like
to ask your feedback on this requirement.
We both think that most of the HCDs used in FedEx-Kinkos or public
libraries don't even have fax capabilities. So why do we worry about
mandating separation of the fax interface from other shared media
interfaces in Envrironment C? Therefore we recommend Clause 10.1.3.7
should be deleted.
Any objection?
Thanks,
-Nancy
--------------------------------------------------------------------------
-----------------------
Principal Engineer
Solutions and Technology
GMC, Oki Data
2000 Bishops Gate Blvd.
Mt. Laurel, NJ 08054
Phone: (856)222-7006
email: nchen@okidata.com