Editor's Note: Minutes received 8/5 CURRENT_MEETING_REPORT_ Reported by Mark Smith/AT&T Minutes of the Trusted X Working Group (TXWG) The current thinking on Secure X is divided into two separate approaches: 1. The establishment of a core security policy derived from prior vendor efforts. Vendors are still reluctant to publish their policies, although there are signs that some will soon be published. Inasmuch as there are no current proposals in this area, no further discussion on this approach was offered at the meeting. 2. The abstraction of the security policy via a policy-free protocol. The key here is the construction of a mechanism for security-cognizant applications to determine what the security policy is. We briefly discussed the ``RequestPolicy'' proposal (distributed via email shortly before the meeting), which allows a client to probe specific points of the policy, and agreed that the approach is promising but that a proof of concept is needed. The Boston TSIG X Working Group was not well attended. For that reason little progress was made other than the discussion on ``RequestPolicy'' above. We need vendor support, especially in the form of new proposals for (1) above, although more work in area (2) is very welcome also. We need to have an idea of the attendees for the next TSIG meeting in Minneapolis so that we can judge whether another ``cooling off period'' is required. Please let me or Mark Christianson know fairly soon whether you'll be attending the next meeting. I would like to know whether this low attendance was an aberration or not. Attendees Charles Blauner chazx@ctt.bellcore.com Edward Cande cande@zk3.dec.com Alton Hoover hoover@ans.net Richard Newton rnewton@csd.harris.com Mark Smith mark@neptune.att.com 1