Charter and direction of the SSPHWG

"SSPHWG-Co-chairs" <> Fri, 06 April 1990 20:31 UTC

Received: from XX0.CERT.SEI.CMU.EDU by (5.61/2.2) id AA06799; Fri, 6 Apr 90 16:31:58 -0400
Received: from localhost by (5.61/2.3) id AA00275; Fri, 6 Apr 90 16:31:54 -0400
Message-Id: <>
From: "SSPHWG-Co-chairs" <>
Subject: Charter and direction of the SSPHWG
Date: Fri, 06 Apr 90 16:31:51 EDT

As a few messages have already made clear, now is a good time to
clarify what is this group about and what we hope to accomplish.
I've included the charter again at the end of this message to refresh
your memories.  Those who joined from the post on the CERT-Tools list
saw an abridged version of this charter, so please review it again.

We'd like to take this opportunity to set expectations and goals.  
We hope that by letting everyone know what we believe the group is 
(and isn't) we'll have a better chance of coming to some agreement 
in developing a quality handbook that can be produced in a timely manner.

This mailing list is the discussion forum for an IETF Working Group.  This
list is not a general discussion list for security problems.  Rather,
we hope that it will be a means for constructive input into actually
producing a useful handbook for the Internet community.  Appropriate 
topics include anything having to do with security policy, what to do
during and after an incident, legal issues, and anything else related
to the task of getting the handbook out.

In general, technical discussion of security problems is probably
not appropriate.  Although discussions of these kinds of issues are
useful, this group was not created to address those issues.
Discussions of technical questions is appropriate to the cert-tools
list, which is a moderated discussion of security tools and techniques.
For more information, contact:

We hope to have a high standard of messages.  As a model, consider the
RISKS digest moderated by Peter Neumann.

Some suggested guidelines for contributions:

    - Messages that describe your experiences or your needs in dealing
with security at your site are especially welcome.  If we are going to
produce a handbook that well help people with the security problem, we
need to know what kind of problems people are facing.

    - Please consider whether the entire group would benefit from
reading your message.  If you are responding to another person's
comments, consider responding directly to the person and summarizing
to the list.

    - If you disagree with someone else's post, please give some
cogent reasons why and suggest an alternative.  Please avoid flaming.

We're not trying to discourage contributions.  Rather, we want an
informed discussion that will help us all understand the problem

The list is currently unmoderated, but if the traffic on the list
warrants it we will change to a moderated list.

We'll post several more messages outlining the next steps for this group.

Site Security Policy Handbook Working Group (SSPHWG)


        Paul Holbrook/CERT ph@CERT.SEI.CMU.EDU
        Joyce K. Reynolds/USC-ISI jkrey@ISI.EDU

Mailing lists:

	General discussion:
        To subscribe:

Description of Working Group:
	The Site Security Policy Handbook Working Group is chartered
	to create a handbook that will help sites develop their own
	site-specific policies and procedures to deal with computer
 	security problems and their prevention.


Among the issues to be considered in this group are:

    1) Establishing official site policy on computer security.
    2) Establishing procedures to prevent security problems.
    3) Establishing procedures to use when unauthorized activity
    4) Establishing post-incident procedures.

A specific schedule of activities will be worked out in the near
future.  This group will meet at the next IETF meeting, in Pittsburgh.

The formation of this group provided an excellent opportunity for
cooperation between areas within the new IESG structure.  The User
Services director (Craig Partridge) and the Security Area director
(Steve Crocker) joined together to support the formation of this
working group.  After some discussion, it was agreed to place
administrative responsibility for this group within the security area, 
but the work will be reported to and reviewed by both areas in

J. Paul Holbrook
Joyce K. Reynolds