[Cesg-all] Results of CESG polls closing 28 October 2011
CCSDS Secretariat
tomg at aiaa.org
Sat Oct 29 15:37:03 EDT 2011
CESG E-Poll Identifier: CESG-P-2011-10-001 Approval to publish CCSDS
350.6-G-1, Space Missions Key Management Concept (Green Book, Issue 1)
Results of CESG poll beginning 12 October 2011 and ending 26 October 2011:
Abstain: 0 (0%)
Approve Unconditionally: 7 (100%) (Shames, Peccia, Barkley,
Taylor, Calzolari, Moury, Scott)
Approve with Conditions: 0 (0%)
Disapprove with Comment: 0 (0%)
CONDITIONS/COMMENTS:
Keith Scott (Approve Unconditionally): I have two editorial
questions that do not affect the suitability of the document for publication:
Section 1.1
The concepts described herein are the baseline for the CCSDS
standardization activities in respect to security services and,
**more concrete**, key management schemes for space missions.
The concepts described herein are the baseline for the CCSDS
standardization activities in respect to security services and,
**more concretely**, key management schemes for space missions.
----------------
Table 4-1
TPK Derivation **Less** master keys required Mission security bound to
Security of master keys the security of the (secret)
improved derivation function
shouldn't this be "*Fewer* master keys required"?
Total Respondents: 7
All Areas responded to this question.
SECRETARIAT INTERPRETATION OF RESULTS: Approved Unconditionally
PROPOSED SECRETARIAT ACTION: Generate CMC poll
* * * * * * * * * * * * * * * * * * * * * * * *
CESG E-Poll Identifier: CESG-P-2011-10-002 Approval to publish CCSDS
652.1-M-1, Requirements for Bodies Providing Audit and Certification
of Candidate Trustworthy Digital Repositories (Magenta Book, Issue 1)
Results of CESG poll beginning 14 October 2011 and ending 28 October 2011:
Abstain: 1 (20%) (Moury)
Approve Unconditionally: 2 (40%) (Peccia, Scott)
Approve with Conditions: 2 (40%) (Shames, Barkley)
Disapprove with Comment: 0 (0%)
CONDITIONS/COMMENTS:
Peter Shames (Approve with Conditions): I still find the
language in Sec 3 to be troubling. I suspect that it would be seen
as rather unusual or even a conflict of interest by ISO to have this
sort of self referential language in most ISO standards:
"The [Primary TDR Authorisation Body] PTAB will also accredit other
certification bodies. It will consist of internationally recognized
experts in digital preservation, the membership building on members
of the authors of CCSDS 652.0-R-1/ISO 16363 (reference [1])."
This issue was raised in the CESG-P-2010-07-002 poll in July
2010. The text is still present in Sec 1.6.2.2 and Sec 3. This
general topic of COI is one that has a lot of discussion on the web
and elsewhere.
The fundamental issue is not whether the people who defined this
standard are capable of applying it. The question is whether it is
appropriate for them to define themselves into the standard as an
accreditation body that itself does not adhere to any higher level
standards or accreditation body.
CCSDS has no language addressing this issue, except for patents, but
ISO does. See ISO/IEC 17021:2011. See also relevant language from
several other standards organizations.
My recommendation is that the PTAB be identified in this document in this way:
"The PTAB will also accredit other certification bodies. It should
consist of internationally recognized experts in digital
preservation. The PTAB will be formed and governed under the
auspices of TBD organization. "
I am not certain just which organization should be the "PTAB parent",
but there should be some organization that it is itself governed
by. Perhaps some international body such as the IAF AAPG would be
appropriate
(http://www.iaf.nu/articles/Accreditation_Auditing_Practices_Group_%28AAPG%29/20),
or some international body related to digital libraries and other
such repositories.
Erik Barkley (Approve with Conditions): 1) the document should
have a proper release date indicated on the cover sheet and on the
footer of each page. It currently indicates October 2010. I believe
this should be stated as October 2011.
2) Concur with Peter Shames' comments with regard to the revision of
PTAB identification. As the document is currently written it calls
for PTAB membership to overlap with that of the CCSDS Digital
Repository Audit and Certification Working Group. I do not believe
this is feasible as I suspect this would first require some sort of
charter change for CCSDS as a whole to fund and establish such an
ongoing/standing working group.
Keith Scott (Approve Unconditionally): I have one question
that does not (I believe) impact the suitability of the document for
publication. Section 3.0 Page 3-1 states:
"It [the Primary TDR Authorisation Body] will consist of
internationally recognized experts in digital preservation, the
membership overlapping with the membership of the CCSDS Digital
Repository Audit and Certification Working Group, which produced
CCSDS 652.0-M-1/ISO 16363 (reference [1]).
What happens when the CCSDS Digital Repository Audit and
Certification Working Group is finished and disbands, or is this WG
an ongoing group akin to SANA? If this is meant to mean an overlap
with the current set of members (regardless of whether the WG exists
or not) what happens when the current membership of the CCSDS WG is
no longer working in the field? Could this say something like:
"It will consist of internationally recognized experts in digital
preservation, preferably including CCSDS members with expertise in the field."
I did not obtain a copy of ISO/IEC 17021:2006 and so cannot comment
on the applicability of its principles (Sections 4, 5.1, 6.1, 7.1, 8.1)
Total Respondents: 5
No response was received from the following Area(s):
SOIS
SECRETARIAT INTERPRETATION OF RESULTS: Approved with Conditions
PROPOSED SECRETARIAT ACTION: Generate CMC poll after
conditions have been addressed
* * * * * * * * * * * * * * * * * * * * * * * *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iso_17021-2011.pdf
Type: application/pdf
Size: 1305618 bytes
Desc: not available
Url : http://mailman.ccsds.org/pipermail/cesg-all/attachments/20111029/8a04d426/iso_17021-2011-0001.pdf
More information about the CESG-all
mailing list