An eduGAIN membership vote was carried out from 7th December - 30th December 2022. Members were asked to vote on the eduGAIN CSIRT Terms of Reference and the eduGAIN CSIRT RFC2350.
Results of the Vote
eduGAIN CSIRT ToR: 49 votes cast, 43 votes in the affirmative, 6 abstain
eduGAIN CSIRT RFC2350: 51 votes cast, 46 votes in the affirmative, 5 abstain
Notes and Errata
Comments from UK fed:
| COMMENT | ACTION |
|---|---|
- Section 4.3 of RFC2350 uses the colour designation from TLP version 1. If we are to support both versions of TMLP and follow Postel's Principle, eduGAIN-CSIRT would accept information that comes in with designations from either version (TLP:RED, TLP:AMBER, TLP:AMBER+STRICT, TLP:GREEN, TLP:WHITE, TLP:CLEAR) and send information out only with designations from TLPv2. | Updated |
- Section 3.3 of the Terms of Reference states "business hours (9x5 CET/CEST)" should be made consistent with the information in RFC2350v1, which is "hours of operation are Monday - Friday 09:00-17:00 (CET/CEST), except public holidays" | Updated. |
- Section 4.1 of the Terms of Reference states "the eduGAIN-CSIRT Security Officer, that will be nominated by the GEANT project." Should it be the eduGAIN Executive Committee that appoints? | No - the Board would not get involved in this level. Perhaps more appropriate to say eduGAIN Service Owner. Updated to reflect. |
Comments from ACOnet:
| COMMENT | ACTION |
|---|---|
| Not strictly related to the current vote but since I noticed it in this context and I don't want it to be forgotten: Note that https://wiki.geant.org/display/eduGAIN/eduGAIN+Security contains different (and a lot more) information than https://edugain.org/edugain-security/ and (making matters worse) neither contains link to the other, AFAICT. | |
Now, in the ToR document the TOC on page 2 of the PDF says "5.6 Reporting Error! Bookmark not defined." when I open this (using 2 different PDF viewers, xpdf/poppler and mupdf). Also what should be hyperlinks is only indicated by blue, underlined text but none of the links are hyperlinks/clickable when they could and therefore should be. | Cleaned for published version |
Comments from eduID.lu
| COMMENT | ACTION |
|---|---|
| Review naming consistency (dashes in CSIRT). | Actioned |