Re: [2600] Should protection against bridging from fax interface to the shared media interface be mandatory for Environment C
Brian -
Since I started this thread I have had a chance to think more about it.
I think the issue here is very similar to the IPA concern in P2600.1
about requirements associated with functions like Fax that might be
optional in an HCD. The problem with Environment C is that it may be
true that some Environment C cases like FedEx-Kinkos might allow Fax
(and might even encourage it) but other Environment C cases like a
public library might not want or even might discourage use of Fax.
The problem in my mind is that in Environment C, if we mandate against
bridging from the fax interface to the shared media interface, the way
Clause 10 is worded now aren't we de facto requiring that HCDs in
Environment C have Fax; that's what doesn't make sense to me and
triggered this thread in the first place.
A solution that I'd like to discuss at the meeting next week might be to
put in wording in the appropriate place in Clause 10 that indicates that
the bridging requirement only applies if the HCD has a Fax function.
Since these are informal requirements we should be able to deal with
optional functions like Fax in Clause 10 because we don't have to deal
with the types of constraints the CC forced on us in the PPs that led to
your whole restructuring of P2600.1. This same "caveat" might also apply
in the other environments because not all HCDs that would be used in an
Environment A or B case would have Fax.
Think about it.
Al Sukert
Product Security Specialist - XOG Product Security Office
XOG Export Control Coordinator
Xerox Certified Green Belt
Device Administration Program Manager
8*227-1413 or 585-427-1413
FAX: 585-427-6599
Alan.Sukert@xerox.com
-----Original Message-----
From: Brian Smithson [mailto:Brian.Smithson@RICOH-USA.COM]
Sent: Thursday, August 16, 2007 2:39 PM
To: STDS-2600@listserv.ieee.org
Subject: Re: [2600] Should protection against bridging from fax
interface to othe shared media interface be mandatory for Environment C
In considering this proposal, please look at the scope of impact:
(1) Proxy and bridging are now lumped together* in one OSP
(P.SMI.MEDIATION) and objective (O.SMI.MEDIATED), which is fulfilled by
flow control SFRs. So if we want to remove bridging from environment C,
we
also remove proxy.
(2) If it's removed from environment C, we would also remove it from
environment D.
I don't think that either of these items necessarily mean that we should
not remove the fax-bridge requirement from environment C, it's just that
we need to consider the whole scope of impact.
* Since we haven't discussed this at a meeting yet, you might be
wondering
why bridging and proxy are lumped together. There are three reasons:
(a) Sharp commented that the original bridging objective could be
interpreted as an implied requirement to have two interfaces, a
shared-media interface plus some other interface from bridging shall be
prevented. But in a sense, proxy is a degenerate case of bridging (it is
like bridging to itself), so I think that both kinds of objectives could
be handled by a single objective that deals with proxy in a general way.
(b) Several people have noted that fax bridging can be prevented using
one
of several techniques, and some of those techniques are architectural
and
not the sort of thing that one can represent in an SFR. In CCv2.x, we
could use architectural SARs to fulfill objectives, but we cannot do
that
in CCv3.1. Therefore, we don't want our bridging objective to be too
specific about fax.
(c) There are some legitimate uses for bridging interfaces, so we don't
want to make some kind of blanket prohibition.
By making a very general policy and objective ("The TOE shall mediate
data
connections to and from shared media interfaces"), I am hoping that we
can
assure everyone that we prevent bridging and proxying while not implying
architecture or burdening ourselves with unnecessary requirements.
Regards,
--
Brian Smithson
Project Manager
PMP, SSCP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435
New address:
10460 Bubb Road
Cupertino, CA 95014-4150
________________________________
From: nchen@OKIDATA.COM [mailto:nchen@OKIDATA.COM]
Sent: Thursday, August 16, 2007 9:44 AM
To: STDS-2600@listserv.ieee.org
Subject: [2600] Should protection against bridging from fax
interface to othe shared media interface be mandatory for Environment C
Dear All,
Alan Sukert and I have been discussing this issue and would like
to ask your feedback on this requirement.
We both think that most of the HCDs used in FedEx-Kinkos or
public
libraries don't even have fax capabilities. So why do we worry about
mandating separation of the fax interface from other shared media
interfaces in Envrironment C? Therefore we recommend Clause 10.1.3.7
should be deleted.
Any objection?
Thanks,
-Nancy
------------------------------------------------------------------------
--
-----------------------
Principal Engineer
Solutions and Technology
GMC, Oki Data
2000 Bishops Gate Blvd.
Mt. Laurel, NJ 08054
Phone: (856)222-7006
email: nchen@okidata.com