Information Alerts TR-45 Comments on IA#002 and IA#003.

Information Alerts

TR-45 Comments onIA#002 and IA#003

Action Item: April 24, 2012

• Document -028 was reviewed. This contribution included some comments on Information Alerts #002 and #003. The Chair requested TIA Staff convene a conference call to discuss these issues. Jane Brownley requested a date and time be selected so that she could participate.

• ACTION: Herb Congdon will coordinate a date for a conference call with Jane Brownley for a conference call to review paragraph 1 of -028. Jane Brownley requested that TR-45 be included on the invitation.

• TSSC-2012Apr24-029d_Meeting_Report.doc

Background

• Advisory Note - text to change or modify the current Engineering Manual until revised and approved by ANSI. The proposed text must be approved by the Technical Committee prior to release, and is withdrawn after it has been incorporated into the next version of the Manual. (See Section 14)

• TIA Engineering Manual, 5th Edition

Background

• Information Alert– From time to time, TIA Staff may issue and revise

Information Alerts to:• Facilitate and ensure compliance with the ANSI

Essential Requirements and TIA Engineering Manual• Provide consistent interpretation to content in the TIA

Engineering Manual between Engineering Committees• Document policies and agreements not contained in

the TIA Engineering Manual• Provide important and timely information on other

subjects related to Engineering Committee activities

Background

• Multiple factors considered in issuing Information Alerts– ANSI Compliance– TIA Engineering Manual Compliance– Consistency of Engineering Committee Operations– Timeliness of Information Delivery– Ease of Administrative Burden on Engineering

Committees– Input from Engineering Committees and Participants– Capabilities and Limitations of Resources

TR-45 Report(TSSC-2012Apr24-028_TR-45_Report.pdf)

• TIA Information Alerts– During the last TR-45 meeting it was stressed that

Engineering Committees should have the opportunity to review and weigh-in on draft TIA Information Alerts and any other changes that may impact the work of the Engineering Committee before the changes are implemented. The users should be consulted prior to making changes.

TIA Comment

• In situations affecting Engineering Committee operations, some Chairs of Engineering Committees are consulted with respect to Information Alerts

• Information Alerts are often issued to address timely matters in the most expedient way possible

• Information Alerts are most always issued “in beta”, and constructive comments are welcome


• TIA Information Alerts– TR-45 suggests that TIA maintain an online

repository of agreements with other SDOs (such as the agreement with the ITU to support links to TIA standards.) These agreements should be consulted prior to implementing changes such as Information Alert 003.

TIA Comment

• TIA Staff has taken action to identify existing agreements

• TIA Staff is collecting existing documents in a central repository (scanned and soft copies)

• TIA Legal has advised against creating an on-line repository– We can have an on-line list of organizations with

whom TIA has agreements


• TIA Information Alerts– TR-45 recommends that TIA rescind for further

study and refinement the TIA Standards Information Alert #002, “Changes to Online Document Forms and Process.”

TIA Comment

• While no justification was given for the requested removal of IA#002, it is noted that IA#002 describes processes implemented to address shortcomings in and improvements to ANSI compliance in the document process

Text from Information Alert #002As part of TIA’s positive effort to work with Engineering Committee leadership to facilitate and ensure compliance with the ANSI Essential Requirements and TIA Engineering Manual, some changes to the online document handling process will be implemented March 2, 2012.ANSI Essential Requirements include specific confirmation for actions related to project initiation, ballot authorization and publication. In all cases, this confirmation is to be documented in meeting reports (see additional guidance in Information Alert #001 on recording votes).To ensure that the requirements are being met on a continuous and consistent basis, the online forms for project initiation will allow the selection of the meeting where the vote for action was taken via a drop‐down menu. The meeting record will contain links to the meeting agenda and report. If documentation is missing, then an option to upload the documentation from the form page is available.

Text from Information Alert #002Additionally, new functions on the meeting management section have been created to facilitate the uploading of agendas and reports outside of the process for submitting project, ballot and publication requests. This process will streamline the approval process, as the Committee Administrators will be able to quickly confirm that the action was appropriately documented, and approve the form for continuation. It will also reduce the confusion resulting from an inaccurate entry of the meeting date, assist any efforts to verify the audit trail of any document or project, and reduce the number of requests to locate documents which have not been submitted.For documentation that was previously submitted, TIA staff has already begun the association process of meeting agendas and reports with meeting records.TIA Staff will be happy to work with the leadership and Secretaries of the committees and subcommittees to facilitate the completion of and submission of meeting reports for posting in an expeditious manner.


• TIA Information Alerts– TR-45 recommends that TIA rescind for further

study and refinement the TIA Standards Information Alert #003, “Use of Links in Standards.” Details are provided in Attachment-1.

TIA Comment

• TIA issued IA#003 in reaction to two sources of problems and as a preventative measure– Broken links from the website redesign – Notifications of virus, spam and phishing concerns

with html documents in /Public folders• TIA did not issue IA#003 and start taking action to

remove links and files without coordination with Engineering Committees– Ex: TR-45.3 html files were replaced with PDF

documents

Internap (1 of 2)From: Telecomia Notification Report [mailto:[email protected]] Sent: Tuesday, January 31, 2012 1:13 AMTo: Telecomia Notification ReportSubject: [ABUSE] Safe Browsing Report for ASN10910 (INTERNAP-BLK) on 01/30/2012 (72.5.155.228) [telecomia]

Internap has received an abuse complaint related to the possible distribution of unsolicited e-mail (spam) or a possible security violation from you or one of your customers. We are forwarding the complaint to you so that you may take appropriate measures to address the issue.

The purpose of this message is to inform you of a complaint we have received as if you had received the complaint directly. We have not verified the accuracy of the complaint nor is this an accusation that the said incident has occurred. Internap will not embark upon any punitive action regarding spam or security complaints without explicitly and formally contacting you regarding a clear, verified complaint, or a pattern of abuse. Please refer to http://www.internap.com/legal/acceptable-use-policy for general questions regarding Internap's stance on spam or abuse. Please direct any questions regarding this specific issue to [email protected].

Google Safe Browsing (1 of 2)---------- Forwarded message ----------Date: Tue, 31 Jan 2012 06:11:47 +0000Subject: Safe Browsing Report for ASN10910 (INTERNAP-BLK) on 01/30/2012From: Google Safe Browsing <<removed>@google.com>To: [email protected]

Google detected 1 suspicious URLs (space inserted to prevent accidental clicking in case your email client auto-links URLs):

http://ftp.tiaonline .org/TR-45/TR-45.3/PUBLIC/index.html (72.5.155.228)

Google detected 11 phishing URLs (space inserted to prevent accidental clicking in case your email client auto-links URLs):

http://4rsgold.webs .com/index.htmhttp://cancellation-blocking-your-accounts-facebook.webs .com/ http://confirmation-security-accounts-facebook.webs .com/ http://eddiemarine .com/products/imgs/xxsant/corpo.htmhttp://eddiemarine .com/products/imgs/xxsant/internet_banking.phphttp://eddiemarine .com/products/imgs/xxsant/internet_banking.php?txtAgencia=5467&txtConta=235600&button.x=50&button.y=15http://forum-runescape.webs .com/index.html http://mrktz.webs .com/luv.htm http://runescapejagexrs.webs .com/index.html http://webcam-mns3-on-facebook.webs .com/ http://www.freewebs .com/habsohack/homepage.html

Text from Information Alert #003

Due to the dynamic nature of websites, hosting services, URLs and links, the use of hyperlinks in TIA documents (Standards, TSBs, etc.) for reference documents is discouraged.In order to incorporate or reference an official document (e.g. a published standard), the complete title and authoring entity should be used. Information on the authoring entity should be included elsewhere in the document (e.g. in a bibliography).In order to incorporate or reference an unofficial document (e.g. a committee contribution) in a TIA document, the following guidance is provided.The referenced document and its complete, official title should be provided to TIA Staff for posting into the public folder of website‐accessible documents.

Text from Information Alert #003

These documents will be visible to the TIA website search engine and thus easily found by someone searching for that document.In the referencing document, the reference document should be listed by its complete title. An additional note, such as the one shown below, should be added to point the reader where to search.“NOTE: This document can be found via the site search function on the TIA website.”It is not expected that currently published documents with hyperlinks be revised specifically in reaction to this guidance. However, it is requested that documents be editorially modified to comply with this guidance during any current, next or routine revision project.

TR-45 Report – Attachment-1(TSSC-2012Apr24-028_TR-45_Report.pdf)

• ATTACHMENT-1– It appears that TIA staff holds the opinion that html

files represent a unique security risk. TR-45 suggests that html files represent no bigger a security risk than any other file type, and the root cause of the problem is insecure access to the site.

• TIA Comment: Security risk was reported to TIA from Internap and Google Safe Browsing

• Question: Insecure access to the /Public folder?


• ATTACHMENT-1– The implementation of TIA Standards Information

Alert #003 has resulted in broken lists and missing flies that have negatively impacted the work of Engineering Committee TR-45. Examples are provided below.

• Comment: Broken links were due to website redesign, not as a result of IA#003– Information Alert #003 issued to prevent similar

future occurrences


• ATTACHMENT-1 (continued)– (1) Broken Links– Example Impact in the International Community– For a number of years, Subcommittees TR-45.3 and TR-45.5 have provided updates to ITU-R

Recommendation M.1457 http://www.itu.int/rec/R-REC-M.1457/en . Under an agreement that dates back to 1998, Recommendation M.1457 contains references to SDO web sites for copies of Standards that are included by reference. Annex-1 shows an example of the CDMA-related and TDMA-related snippet from the Recommendation. While the TIA reference for the CDMA-related references appears to resolve correctly, the reference for the TDMA-related references redirects to the TIA Standards page.

– Prior to this action by TIA staff, the user accessing the TDMA-related files was presented with a very nice frame based webpage which had the links to the individual TIA/EIA-136 parts that make up each M.1457 transposition. The user is now presented with just a raw list of files, providing a much inferior user experience.

• TIA Comment: After agreeing to T&Cs, the link now takes user to the TIA Standards Store on the IHS website. Again, this issue was not created by IA#003.– Please work with TIA Staff to identify other potential broken links in documents (there is no

easy mechanism for doing this)


• ATTACHMENT-1 (continued)– (2) Missing files– It is our understanding that the TIA ftp site has

suffered some corruption of files, and in particular html files have been infected with potential malware. The TIA staff response has been to delete files.

• TIA Comment: Staff response was to contact the Chair and request the offending files be removed from the /Public folder


• ATTACHMENT-1 (continued)– Example Impact in TR-45.AHIMT– TR-45 participated in the evaluation of technologies that were submitted to ITU-R

WP5D as part of the IMTAdvanced program. In common with other evaluation groups around the world, the TR-45 Ad-Hoc on IMT provided a URL for their web site, which is referenced in ITU-R documentation and web site. As an example, TIA TSSC meeting the list of evaluation groups can be found on the ITU-R web page IMT-Advanced submission and evaluation process available at the following URL:

– http://www.itu.int/ITU-R/index.asp?category=study-groups&rlink=rsg5-imt-advanced&lang=en

– The URL for the TR-45.AHIMT web site is:– http://ftp.tiaonline.org/TR-45/TR-45_AHIMT/Public/

• TIA Comment: The public folder is still available. While no formal direction is documented on the use of /Public folders, events have shown that it may not be the best repository of documents for public access.

http://ftp.tiaonline.org/TR-45/TR-45_AHIMT/Public/


• ATTACHMENT-1– We also understand that such links in the Standards community are long-

lived, and such longevity requires great discipline in the design and re-design of the TIA site. However, other SDOs have successfully managed the longevity. And, we trust that TIA could mange the same longevity. PURLs (Persistent Uniform Resource Locators) which are Web addresses that act as permanent identifiers in the face of a dynamic and changing Web infrastructure is a suggested way to address longevity.

• TIA Comment: Information Alert #003 was issued in reaction to the realization that TIA does not currently have the great discipline necessary to prevent these problems. TIA is continuing to investigate options which may address the concerns. In the meantime, it is prudent to not create more potential problems, and IA#003 was issued as a preventative measure.


• ATTACHMENT-1– The entire directory for the TR-45.AHIMT web site is now empty. That directory contained sub-

directories that constituted the record of past activities of the evaluation groups under TR-45, including the original evaluation activities in the IMT-2000 process. The Chair of TR-45.AHIMT has requested recovery of these files.

– Example Impact in TR-45.3– Unfortunately, some of these files are referenced in published Standards, and those links are now

broken. For example: ANS 136-020 includes the following:– The information in the code tables is constantly being updated. To obtain the most recent

information, readers are advised to consult the following Uniform Resource Locator (URL):– http://ftp.tiaonline.org/TR-45/TR-453/public– Through the diligence of the Chair of TR-45.3, the html files have been replaced with similar pdf

versions. Unfortunately, the original index.html files provided clickable hyperlinks that are not replicated in the pdf files.

• TIA Comment: TIA appreciates the diligence of the Chair of TR-45.3 and apologizes for the inconvenience caused by the website redesign and malicious attacks resulting in the abuse warnings. TIA is willing to consider options, but is still of the opinion that referenced documents should be formalized and be made available via methods that protect TIA, the Engineering Committees, the participants and the users of these documents.

Information Alerts TR-45 Comments on IA#002 and IA#003.

Documents

Transcript of Information Alerts TR-45 Comments on IA#002 and IA#003.