[Ssr2-review] Please review the first 5 SSR1 recommendations for the call tomorrow

Russ Housley housley at vigilsec.com
Wed Sep 5 17:15:44 UTC 2018

As part of the agenda for tomorrow, we will be looking over the SSR1 recommendations.  We will take them each in turn.  I doubt we will get through more that five on the call tomorrow, so if you are prepared to talk about the first five, that should be adequate preparation.

The Bylaws are pretty clear about our task regarding the SSR1 recommendations.

   Section 4.6  (c) (iv) The SSR Review Team shall also assess the extent to which
   prior SSR Review recommendations have been implemented and the extent
   to which implementation of such recommendations has resulted in the
   intended effect.

At the face-to-face meeting in Washington, I shared a way of thinking about this task.  I repeat it here in the hopes it will be easier to prepare for tomorrow's call.

   Was there an attempt to implement the recommendation?
   (In all cases, the answer is "yes")

   Is the recommendation still relevant today?
   If not, write a short statement saying that it has been overcome by events.
   If so, assess whether the implementation has the intended effect.

      If so, write a short statement saying so.
      if not, is this something we want to see more work on?

         If so, write an SSR2 recommendation about it.
         If not, write a short statement with the reason.

I look forward to our call tomorrow.


More information about the Ssr2-review mailing list