RE: Final Interpretation for RI 137 - Rules governing binding should be specifiable

Subject: RE: Final Interpretation for RI 137 - Rules governing binding should be specifiable
From: Gary Stoneburner <gary.stoneburner@nist.gov>
Date: Tue, 24 Feb 2004 10:19:30 -0500
Content-Type: multipart/alternative; boundary="=====================_3068609==.ALT"
In-Reply-To: <4E25ECBBC03F874CBAD03399254ADFDE02AD913E@US-Columbia-CIST. mail.saic.com>

This thread makes one wonder how much "project" is actually in the CC Project. :-)

Gary

At 10:13 AM 2/24/2004, Apted, Tony J. [RA] wrote:

> >The normal procedure is:
>
> >1) RI is submitted
> >2) Time passess....
> >3) The CCIMB publishes a draft
> >4) If there are comments on the draft, go to step 2
> >5) Publish it as final. As there were no comments on the
> draft, public
> >review is unnecessary.
>
> So the CCIMB will not publish a draft for final until there
> is complete consensus from the community? It would seem that
> some of these would be in a never-ending cycle of review and comment.
>

Looking at this algorithm, I think the only requirement for publishing as
final is complete silence from the community, which isn't necessarily the
same as complete consensus.

>
> While it is understood that discontinuing commoncriteria.org
> was not foreseen, the CCIMB and the Schemes could have used
> this, or a similar, vehicle in its absence to ensure that the
> community is kept informed. If the CCIMB has regularly
> scheduled meetings it would seem that it is likewise
> reasonable to have a pre-established, published (on this
> list, all scheme sites etc.) schedule for the review of
> proposed interpretations and submission of comments. This
> allows the community sufficient time to respond and ensures
> that the CCIMB process steps 3, 4 and 5 provide a true
> indication of the public consensus for a particular interpretation.
>

Out of curiosity, I had a quick look at the UK and Australian scheme sites a
day or two after RI 137 was published on the CCEVS site. I couldn't find any
information or links for International Interpretations on other site, so I
wonder how those schemes keep their communities informed in the absence of
commoncriteria.org.

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************

Follow-Ups:
- Re: Final Interpretation for RI 137 - Rules governing binding should be specifiable
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: RE: Final Interpretation for RI 137 - Rules governing binding sho uld be specifiable
Next by Date: RE: Final Interpretation for RI 137 - Rules governing binding sho uld be specifiable
Prev by thread: Final Interpretation for RI 137 - Rules governing binding should be specifiable
Next by thread: Re: Final Interpretation for RI 137 - Rules governing binding should be specifiable

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov