iTC Meeting Minutes 2023 01 12 - DSC-iTC/cPP GitHub Wiki
Call started at 12:10pm EST
-
Add "2+ Urgent" to issues that need to be resolved from the items in the Interpretation Team project
The call started with a discussion of personnel in the iTC. Brian pointed out that NIAP seems to be OK with being the liaison (so assumed as Matt Downe). Brian showed the list of people who have so far been invited to the DIT. This was the initial list of people who were added last summer to resolve urgent issues. Lastly a discussion about the Editors led to an agreement to ask NIAP to provide time for Justin to be able to support the updates and ongoing changes to the DSC.
Next Brian did a quick review of how he has set up the GitHub repo. He walked through the labels used for prioritization and the use of the projects to track progress on the issues. He noted that labels with numbers are used to weight the issues based on the total number of all the assigned labels. The higher the number the higher the priority.
Brian noted the all the atsec issues have been placed into the Interpretation Team project while all the CCDB issues have been placed into the Incoming Triage project.
Brian stated that his plan is to first triage the atsec issues and resolve those for the Apple evaluation, and then move on to the CCDB comments.
Shawn pointed out that some of the atsec issues are still blocking issues and need TDs for them to proceed. The initial two issues have been assigned with "2+ Urgency". The other concern he had was that since the SD has never been used before, acceptance by BSI (or more broadly outside NIAP in general) likely will need at least some of the issues raised by the CCDB to be resolved for the first evaluation.
Brian stated that the approach could then be to review the CCDB comments after the atsec ones and determine what may need to be handled as a TD and move them to the IT branch to be corrected. This makes the rough plan:
-
triage atsec issues and move everything that does not need to be fixed for 1.0 into the v1.1 project
-
triage the CCDB issues and move anything that is felt to be critical for the evaluation to the IT project, the rest to the v1.1 project
-
issue TDs for the current evaluation covering the IT issues
-
begin work on v1.1 for all the remaining issues
The call then reviewed a few issues that atsec/Apple wanted to review. Issue #2 and Issue #3 are both needed to complete the evaluation. For Issue #2 it was thought that this could be handled by editing the SD to reflect the expected types of information regarding the location of the time source and leave the cPP alone. For Issue #3 to add AES-KW will require more changes to ensure that it is properly added in all locations (since it will require testing and additional notices in several areas). These issues should not cause any concerns in terms of making these TDs as they are not extensive (adding AES-KW is a lot of work, but is a defined standard).
The remaining atsec issues are currently thought to be able to be moved to v1.1. Brian proposed that if needed a large "editorial" TD could be created to resolve the errors in the docs. A few errors that are listed as "technical" need extra review to determine if they can be moved to v1.1.
Shawn asked about getting the CCDB to participate in the review of their questions. Brian stated he did not have contact information there, but thought that we could ask NIAP to reach out to the CCDB and relay the information that the issues are in GitHub and the discussions will proceed there (assuming they do not want to try and make the calls).
The iTC needs to review the issues (starting with the atsec set) and assign priority labels as well as provide some proposed changes for the two items that must have a TD.
The call ended at 1:16pm EST.