Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
"Rob Wilton (rwilton)" <rwilton@cisco.com> Thu, 14 September 2023 12:00 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE381C15107D; Thu, 14 Sep 2023 05:00:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.604
X-Spam-Level:
X-Spam-Status: No, score=-9.604 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="j9MUerbE"; dkim=pass (1024-bit key) header.d=cisco.com header.b="Etl+TQ8W"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JT_cueLEsowT; Thu, 14 Sep 2023 05:00:15 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6ACEC14CE39; Thu, 14 Sep 2023 05:00:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14608; q=dns/txt; s=iport; t=1694692815; x=1695902415; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=DxuguTt098XDvDcni0iAOhCZGN1HyDdJKC3XQLONlN0=; b=j9MUerbETGKcQwaKIlZuaSLJKdO4s8lnXbxfrJUcZ7aNVpshEbkrjiL1 CzyWn19liZoPKSC4VFe38TR244sDjVwcTNTlbLi7zUzjd1Js56/hy/N5/ hwIr4KRu3RZdn+I5metBrsWwKCw8NGIg4/CpRE+hFnWHCOYnGcvztinH7 I=;
X-CSE-ConnectionGUID: CfJu1PDkTGmIy8zFDZ8ISw==
X-CSE-MsgGUID: FeDIAXxPRWGBiQdfM5ykoA==
X-IPAS-Result: A0AJAACl9AJlmIkNJK1XAxsBAQEBAQEBAQUBAQESAQEBAwMBAQFAJYEWBgEBAQsBgWRSdgJZKhJHA4RPg0wDhE5fiGMDmmmDEoElA1YPAQEBDQEBOQsEAQGFBwIWhmECJjQJDgECAgIBAQEBAwIDAQEBAQEBAQIBAQUBAQECAQcEFAEBAQEBAQEBHhkFDhAnhWgNhkcBAQEBAQEBEhEEDQwBATcBCwQCAQYCDgMEAQEBAgImAgICMBUICAIEAQ0FCBqCXAGCOyMDARAGP5IAj00BgUACiih6fzOBAYIJAQEGBAWybAmBGi4Bh24aAWhNG4NpGIQ1JxuBSUSBFUN5gW8+gmICAQGBNioKCwomgxQ5gi6FL4QYgnWCBgcRLgcygQwMCYEFgn04J4l7CSGBCAhegWo9Ag1UCwtdgRFROIE7AgIRORNHcRsDBwOBAhArBwQvGwcGCRYsJQZRBC0kCRMSPgSBZ4FRCoEGPxEOEYJFIgIHNjYZS4JgCRUMNQRKdhArBBQYbCcEagUaFR43ERIZDQMIdh0CESM8AwUDBDYKFQ0LIQUUQwNHBkwLAwIcBQMDBIE2BQ8eAhAaBg4rAwMZUAIRFAM2A0QdQAMLbT0UIQYOGwUEPSlZBaAuPDKBbHERBhQTJgQNGgEFAgECEQ4BARR8CAgtEQEGHQYLAQ8JPA+SQBGDCUesZ4EtCoQLjACVOxeEAYFWixgEhmmKa4Npgk1ilzR5II1BlHMrBIUZAgQCBAUCDgEBBoEyMTqBW3AVO4JnCUkZD4EbjQUMDQkWg0CFFIpldgIBCi4CBwEKAQEDCYhvgloBAQ
IronPort-PHdr: A9a23:BufprBBju7RedN7nMm31UyQVoxdPi9zP1kY9454jjfdJaqu8usikN 03E7vIrh1jMDs3X6PNB3vLfqLuoGXcB7pCIrG0YfdRSWgUEh8Qbk01oAMOMBUDhav+/Ryc7B 89FElRi+iLzKlBbTf73fEaauXiu9XgXExT7OxByI7HvBY/Wk8Ox/+uz4JbUJQ5PgWn1bbZ7N h7jtQzKrYFWmd57N68rwx3Vo31FM+hX3jZuIlSe3l7ws8yx55VktS9Xvpoc
IronPort-Data: A9a23:oNS/Ka5W1XVtAaqbJ1fNjAxRtPbHchMFZxGqfqrLsTDasY5as4F+v moYCDqOMviIajCgL9ElPYjl9UsF65XcmtJjTAVl+ywyZn8b8sCt6fZ1gavT04J+CuWZESqLO u1HMoGowPgcFyKa/lH1dOG58RGQ7InQLpLkEunIJyttcgFtTSYlmHpLlvUw6mJSqYDR7zil5 5Wq+aUzBHf/g2QvajNNt/rYwP9SlK2aVA0w7wRWic9j5Dcyp1FNZLoDKKe4KWfPQ4U8NoZWk M6akdlVVkuAl/scIovNfoTTKyXmcZaOVeS6sUe6boD56vR0SoPe5Y5gXBYUQR8/ZzxkBLmdw v0V3XC7YV9B0qEhBI3xXjEAexySM5Gq95fsL1qi6PS/zHHpdlr9k+dAIHNmHLYHr7Mf7WFmr ZT0KRgEahSFwumx2r/+Fq9nh98oK4/gO4Z3VnNIlG6CS614B8mYBfyRure03x9o7ixKNezBZ s4FbjxHZxXbaBoJMVASYH47tL723yahL2UI8jp5o4IZ7kTy5Txh6ILSH/DUQ9CEYJhEnUGx8 zeuE2PRW0FGa4P3JSC+2nuxmu+TzSrhU4ITCrCQ7PBhxVCfx3AUElsRT1TTieO3gQuzV9NDL FY84CQl6KU+9VCsVJ/6RRLQnZKflhcYX9wVGOog5UTRjKHV+A2eQGMDS1atdeDKqucdSx43j 2elnO/GAB1+4K+7ZUDN14yL+Gba1TcuEUcOYioNTA0g6tbloZ0ugh+ncjqFOPPp5jESMWytq w1mvBTSlJ1I1pZajfXTEUTvxmPy+MSUEmbZ8y2KBgqYAhVFiJlJjmBCwXHf6ftGRGpyZgbc5 CBe8yRyARxnMH1gvCWJRONIF7az6rPZdjbdmlVoWZIm8lxBGkJPn6gOuFmSx28wba7onAMFh meI6Wu9A7cIbROXgVdfOd7ZNijT5fGI+S7Zfv7VdMFSRZN6aRWK+ipjDWbJgTGxzhJ9wfpka M7GGSpJMZr8Ifo/pNZRb7lFuYLHOghirY8ubcmhlk/+geb2iIC9EOhaazNikdzVHIvd8FmKr L6zxuOByg5UV6XlczLL/IsIRW3m3lBlba0aX/d/L7bZSiI/QTlJI6aIndsJJdc/94wLzbigw 51IchICoLYJrSeZeVzih7EKQO6HYKuTWlpiY3F8Ygn4hyZ+CWtthY9GH6YKkXAc3LUL5dZ/T uIOfIOLBfEnd9gN0291gUXVxGC6SCmWuA==
IronPort-HdrOrdr: A9a23:1VYnH6sXfrAwMeoYcQwwk1AI7skCM4Aji2hC6mlwRA09TyXGrb HMoB1L73/JYWgqOU3IwerwSZVoIUmxyXZ0ibNhRItKLzOWyFdAS7sSo7cKogeQVBEWk9Qtt5 uIHJIOdeEYYWIK6voSpTPIberIo+P3sZxA592us0uFJDsCA8oPnmIJbjpzUHcGOzWubqBJbK Z0k/A33QZIDk5nFfhTaEN1OdTrlpngrr6jSxgAABIs9QmJih2VyJOSKXKl9yZbeQlihZM5/0 b4syGR3MieWveApSP05iv21dB7idHhwtxMCIinkc4OMAjhjQ6uecBIR6CClCpdmpDt1H8a1P 335zswNcV67H3cOkuvpwH25gXm2DEyr1f/1F6jh2f5q8CRfkN5NyMBv/MdTvLq0TtmgDhO6t MM44tfjesPMfr0plW42zEPbWAzqqP7mwt4rQdZtQ0tbWJXUs4ikWVYxjIULH/FdxiKtbzO14 JVfZvhzecTflWAY3/DuG5zhNSqQ3QoBx+DBlMPo8qPzlFt7TpEJmYjtYQid007hdkAYogB4/ 6BPrVjlblIQMNTZaVhBP0ZSc/yDmDWWxrDPG+bPFyiTcg8Sj7wgo+y5K9w6PCheZQOwpd3kJ PdUElAvWp3f071E8WB0JBC7xiISmSgWjbmzN1Y+vFCy/DBbauuNTfGREElksOmrflaCsrHW+ yrMJYTGPPnJXuGI/cB4+Q/YeglFZAzarxjhj9gYSP6niviEPyfitDm
X-Talos-CUID: 9a23:1mmLSmPXzQNSh+5DcydF6RcsNsMZXXj83SfCDWOKWUdSV+jA
X-Talos-MUID: 9a23:XfL/jgvGxWDPO4FuwM2nqjxOFe5Y85yUN28nkKwKtezZJC93EmLI
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-1.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 12:00:14 +0000
Received: from alln-opgw-4.cisco.com (alln-opgw-4.cisco.com [173.37.147.252]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 38EC0C9G032445 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 14 Sep 2023 12:00:14 GMT
X-CSE-ConnectionGUID: CNwZuccWRsiai6etvHe9WA==
X-CSE-MsgGUID: +b90Hre/RnaycbZLTwZJdA==
Authentication-Results: alln-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=rwilton@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.02,146,1688428800"; d="scan'208";a="1647626"
Received: from mail-mw2nam10lp2106.outbound.protection.outlook.com (HELO NAM10-MW2-obe.outbound.protection.outlook.com) ([104.47.55.106]) by alln-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 12:00:10 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fvqU26mr+lLx8TwnRiivPk0uwa452FVoJcFkOQ/Il3JeIJWCinVpmNztu79KdjwdNMQLb4uVXN9XIuAWXWFcsvxDBl4NIDEgwe0+lmnOgKPDSbaBfRJDTHktc1fCebYneoRKkvUiFzBOc981OP2+96BNJTAZs3JUPx4tMF/zuCVCAECZghrIMzTrzlXkkvFN+/bgMjtH6kZeoH8qEZWIooQigCSKkF/Bi6ULSd2PJy5t87uuJLebnlWj80c/ael3a3lgMyDd1XwyelVsg58Ozn+b9IIiwMfRZR0U3LU0IEOWz1Py00Y12+RUbIgAilz18pYhRLXWPHGr2FO0+66ZeA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DxuguTt098XDvDcni0iAOhCZGN1HyDdJKC3XQLONlN0=; b=e0KdMgvuarJ0yexvFNmOYt/p/B//Zvih/03KKjv+8xFl3B0L4V6raxDo2pvC3A4V8rHELvD1hzlL/qctmxhLtxwncNgdl2D4x3YmYn/RX+uXPXPmHXpWREulZnt5tqc89XryG2IniUcZBPfGbb69Zz7PqkrIHQNlcoYPOMVnbH5K1RmUYb1Q25nmlm42MgtjvmZVbtufv4TZh/0OSKyAS6QoaEzplMi6NtpQ0q71qAtjOK+ish8YBaKfHwwMSEdbD4os+Is0Xkvhs9v5lJq8cRi2R5ONr2Btm3dWAua8ylwRj2z657eaOhi/tb/nIZErz/0LUyLTg+WNbMP9eNTuCA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DxuguTt098XDvDcni0iAOhCZGN1HyDdJKC3XQLONlN0=; b=Etl+TQ8WzViUpOfKYKYGG9QR2LqyDoEHg/lQCUmuBCjoEsCgNYlJyrzD5VpsS4vEI2q36Q00f/kgThVBPkDxa4NZRmAtnAOmwZjjdMjSk3nMP6InsLyhphw414on45XGaqz0zXhYCMI8YR0Wd3LEHOCOeZbDaiOzifMcS4LqOlA=
Received: from BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) by CY8PR11MB6844.namprd11.prod.outlook.com (2603:10b6:930:5f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.34; Thu, 14 Sep 2023 12:00:08 +0000
Received: from BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::b2b2:e22e:3d6c:14de]) by BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::b2b2:e22e:3d6c:14de%6]) with mapi id 15.20.6792.019; Thu, 14 Sep 2023 12:00:07 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Sarah Tarrant <starrant@amsl.com>, "Rose, Scott W. (Fed)" <scott.rose@nist.gov>, Eliot Lear <lear=40cisco.com@dmarc.ietf.org>
CC: RFC Editor <rfc-editor@rfc-editor.org>, "opsawg-ads@ietf.org" <opsawg-ads@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "bill.wu@huawei.com" <bill.wu@huawei.com>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>
Thread-Topic: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
Thread-Index: AQHZ5NSybSekSgrQ6kuaNpw/6MgwuLAXim8AgADQAwCAAGQ6AIAAew8AgAEBDsA=
Date: Thu, 14 Sep 2023 12:00:07 +0000
Message-ID: <BY5PR11MB4196DE4DB8FF4436F15EB830B5F7A@BY5PR11MB4196.namprd11.prod.outlook.com>
References: <20230908232621.2FE7CE5EA7@rfcpa.amsl.com> <BE129746-6B47-4FA8-A918-44B728F347C3@nist.gov> <2F1A389E-ABED-4C37-B41A-79A9E15D59CA@amsl.com> <1D2F40E4-3276-49E3-B70C-D6FC5FAC0430@cisco.com> <621E366B-9EC0-4783-B075-8EAD78A75CD6@nist.gov> <96C191BF-2D68-47CF-9672-9DD33EACB4C0@amsl.com>
In-Reply-To: <96C191BF-2D68-47CF-9672-9DD33EACB4C0@amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR11MB4196:EE_|CY8PR11MB6844:EE_
x-ms-office365-filtering-correlation-id: 3346e3c8-7b7e-479c-3cf2-08dbb51a2386
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eK+zrKSYuUyU7lNnU9yAhIAUDg3LEvJJRPW0phlaFaig9uYJTETj0qzJeld8/CtppYEbFkI0kbB0fPsPKkWBZW4mvKMUZBOq9k7N6SLiFBh8pmHc/vPGO5cGR/XcsB3KfaP4Jok0vqZeU+8ziZ7YLYZKqljfT2ffsquTavuWdID9i5uJx7VQGpWl9ID3UORmXz2AGlfByzc9LVwDcpmC7KbP7ZTtZOjhxrY+BSuGQhE6LV4s0enqBkwuf37KMBgoKkQEJo0NC+aX8Lh8fHYxu/kxBDs9ax1IVxNfZYtoxuaNJbhaocya8bugxb9+8V2Z6chAJGuACWYzz0swak1KFfhLoqHon20cIXOc0wo2qKcRWXwahfqe3eQqEGV3hs81pjcCE+KLLy2/zOI0mUblD7OG6S7nrxswx22iuNBl8yZYzUfrOQuFoDCH1p14SaO2DLZSYOdHCJtFYLviVqa4oXLzgZdyJu5c2lltLj06yfhrVIYlV4Bionq65Fkai2hrkvcgIiufZh6ZFB8Ip5zVMGL3mqph1O4RkKQ5/l+Sp7TGbHw30J6mDfJGYYMUJYhJOUsqJEkr2PoNnTBrc7G1sNBMVG7nlY8co8FKSD22zcEe1RkriizJZb46p1fuZAuVscZCpHRdQe83z5L8v0lj0+jTTpZYZz2dVFV/vmav2oxyHZ4+oR3U5stedUCgfAd89aMgIn55Uu6/DLAtm6+GOg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4196.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(39860400002)(396003)(376002)(346002)(136003)(451199024)(186009)(1800799009)(40140700001)(122000001)(38100700002)(38070700005)(55016003)(33656002)(86362001)(966005)(4326008)(316002)(7696005)(6506007)(53546011)(5660300002)(52536014)(71200400001)(478600001)(54906003)(110136005)(66556008)(64756008)(83380400001)(66574015)(9686003)(66446008)(66946007)(8676002)(41300700001)(76116006)(66476007)(2906002)(8936002)(562404015)(19607625013); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zt07bNfOM34FKxqnvtLaOVNmxWqyIiQA0hJCePmju6dxKKzx3dxS9QWWt36AAvooo6RRVn0smjG1HSvUb7fD8gKvO5g2UJZeIx5cEtkEawIbvYEi1m4nlBj3c9g7HnuPwsY1zT0X02/ucAYRyP8YyqSmnmAQeHSibaSYRzgiGkYPVFF4T5Ugi4UGc8ZksL9KYxZPYVN0uPnrmS6xsS4tZKb+r6JvuDB4eODAmr2ARLXKfPtOFJ9rhXeWOGeZ0pKqAzE7cXqaqk1d8niuUqjq+nQXoDjGliH8LN/V/mvJ9Rz1vy0cie8FJdcKRiOcX7cRitE+WDTWOyMJVxI4ODpDcfpa38/v7gVLeEXCVLb2+Y4hUyKvOGh4uiH8MfAg4qMnAuvu2sh6mARFCsTk2ic45lJRsf0eNQI0QYtRGs9wJbTNedN1ndRVH7LRDhrTtN7GlY2/wweNrWtffurxMTlifwvvmfM44EFab/G8qAP45c4jDTRnt8U6RLSec6p2bWky6+FhBOSPddjVND3mlrzaSb6AFoAU58liMP4/MzQ8wmtpcGN8iALfuMhft2KvdSpEfC8ohB7QeIl+7iZw7oqr5lop1eUnW/uMVy/2YHW/fbBlM0Je3uygI3ILhCwItYR9rLVQi7CGaDiA5ELuPzSYzRHnOVOgXX2kfDXitclUyZ9S2HuGrAH4NWgLlVKr1k2WtuFVAZfRfcRXXltxKX5XfajNAWBmAvP7aBDOOAd8zLfPrUe6eIPpQ/YHqZSfUjOfdZA0uGUVTWe86D58ks5WD5rAFiq8hWmcSyp7m7E2MSdzTcH8eVSinc36KOAi/Tpi+i3xxdnm8JiM5aYSOXQA/HzPEf5v1ap9vXzltNSgJH/iOOULUxmUGEvaUFpWdvcCa5+UXXm8IWkp2BNWRdaAet53swur8z7D3jZJx2YqLYwG+uWMQTtrLXQg5qofaBYAaYjWHcMzcvDrVCUOzqvF9EmZ92iZGy1UkZK+zEB5lf7jlf9Um9FA881bSm7oQ1BOkCerZdEizJcV7EeaZiCVEnIiNbLRf3Y0lleJ2Oh7in1ndXY58B0G32P/E2NPsa/wu3nHdnuoueKElGnMZGgZFSL5rJfhXt2+Z4j9Nf1xkyHOo1mbM2LByaklU7KLTNc00xIXWt7RilrGhKBDDz6OGB25DNGbwrAN7VzwZMj0tQNkbIq8OJ9m6/ZnUQmNA5hfQgOpMd/0JSNU17lHR7cb6ZV5tA29QwmE3otxLqi6Ms6oEeg7BBah+J6eakZFxZ0j2IjdsRsQgQD25CHry+g2dO7rA0C6mGIv0+mG4GciDpFiBxw7apUeEIVTg9P2wFeNSYCb3w3FFoMzR91e0sMcTXuXLILPJijn5Eo3lzeeMMeWbLyRMCe0lSHIQhrVuZpwY9MfM0T+use94oy3GRu6pPKZYZhaJkbmiNqkn8qNbQp0OrmU5KyiF97u/DzBrdwYwN2fzLoYMUM8OnaY1L3DE9Kss/gQq1NCHPlZZzeR31jVexzsc3qcSbakCrIUyTgfszxPLleKvgF367GSH3aXln4WSWXN0WxYY0fCcd9iGqoD50JMBbrCMU9NnqDsQrS9o1G8jKthdk3SUZiYNcTNax5UE0LxtJu+9xhIwT739ws=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4196.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3346e3c8-7b7e-479c-3cf2-08dbb51a2386
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2023 12:00:07.2304 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vXEjXZnl4OYQPXlUZhq+0WAtrHawnxXfb5t8/IM1/wkpslPOXK86rYNddeAoyfyxwIvlMkyHi+RH2Fwa2zd0dA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB6844
X-Outbound-SMTP-Client: 173.37.147.252, alln-opgw-4.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/-ABvRKRT4QdEmKB-MEdg2I_WiWk>
Subject: Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2023 12:00:20 -0000
Hi Sarah, The rewording on section 1.3 is fine with me. For question 10, I approve of the current security text. I have flagged this previously with the authors and there are good reasons for the text to deviate from the standard YANG security considerations template. Regards, Rob > -----Original Message----- > From: Sarah Tarrant <starrant@amsl.com> > Sent: 13 September 2023 21:35 > To: Rose, Scott W. (Fed) <scott.rose@nist.gov>; Eliot Lear > <lear=40cisco.com@dmarc.ietf.org> > Cc: Rob Wilton (rwilton) <rwilton@cisco.com>; RFC Editor <rfc-editor@rfc- > editor.org>; opsawg-ads@ietf.org; opsawg-chairs@ietf.org; > bill.wu@huawei.com; auth48archive@rfc-editor.org > Subject: Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> > for your review > > Hello Eliot and Scott, > > Thank you for your replies. We have updated the document accordingly, and all > of our questions for the authors have been addressed. > > Please review the document carefully to ensure satisfaction as we do not make > changes once it has been published as an RFC. Contact us with any further > updates or with your approval of the document in its current form. We will > await approvals from each author prior to moving forward in the publication > process. We also need Rob’s AD approval of the change in Section 1.3 and > review of question #10 prior to moving forward. > > Updated XML file: > http://www.rfc-editor.org/authors/rfc9472.xml > > Updated output files: > https://www.rfc-editor.org/authors/rfc9472.html > https://www.rfc-editor.org/authors/rfc9472.txt > https://www.rfc-editor.org/authors/rfc9472.pdf > > Diff file showing all changes made during AUTH48: > https://www.rfc-editor.org/authors/rfc9472-auth48diff.html > > Diff files showing all changes: > https://www.rfc-editor.org/authors/rfc9472-diff.html > https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side diff) > > Note that it may be necessary for you to refresh your browser to view the most > recent version. > > For the AUTH48 status of this document, please see: > https://www.rfc-editor.org/auth48/rfc9472 > > Thank you, > > RFC Editor/st > > > On Sep 13, 2023, at 8:14 AM, Rose, Scott W. (Fed) <scott.rose@nist.gov> > wrote: > > > > Sarah, > > I am generally fine with the changes, specific replies below: > > > > Thanks, > > Scott > > > > On 13 Sep 2023, at 3:15, Eliot Lear wrote: > > > >> Hi Sarah and thanks! Please see below. > >> > >>> On 12 Sep 2023, at 20:50, Sarah Tarrant <starrant@amsl.com> wrote: > >>> > >>> Hello Eliot, Scott, and Rob*, > >>> > >>> *Rob, as AD, please review the change in the last paragraph of Section 1.3 > and let us know if you approve. The change is best viewed in this diff file: > https://www.rfc-editor.org/authors/rfc9472-auth48diff.html. Also, please let us > know your thoughts on this question (note that RFCs 6242, 8341, and 8446 are > included in the template at https://trac.ietf.org/trac/ops/wiki/yang-security- > guidelines): > >>> > >>>> 10) <!-- [rfced] *[AD] Section 6: The Security Considerations section does > not > >>>> follow the requirements listed on > >>>> https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines, which says > >>>> "This section MUST be patterned after the latest approved template." > >>>> Please confirm if the current text is acceptable per the context of the > >>>> document or if any further updates are needed in order to follow the > >>>> template. > >>>> > >>>> Also, please confirm if it is acceptable that RFCs 6242, 8341, and > >>>> 8446 are not listed in the Normative References section or if they > >>>> should be added. > >>>> —> > >>> > >>> > >>> Eliot and Scott, thank you for your replies; we have updated the document > accordingly. We have a few followup questions: > >>> > >>> 1) We added the sentence in ii) per your reply to this question. We also > added RFC 7231 as a normative reference. Please confirm that this is correct. > Or should it be informative instead? > >> > >> That’s correct. > >> > >>> > >>>>> e) We note that RFCs 6991 and 7231 are only referenced in the YANG > >>>>> module and not in the running text. In order to have a 1:1 matchup > >>>>> between the references section and the text, may we add an > introductory > >>>>> sentence before the YANG module that includes these citations (option > i)? > >>>>> Alternatively, you may reference all of the RFCs that are mentioned > >>>>> (option ii). Please let us know your preference. > >>>>> > >>>>> Perhaps: > >>>>> i) This YANG module references [RFC6991] and [RFC7231]. > >>>>> or > >>>>> ii) This YANG module references [RFC6991], [RFC7231], [RFC7252], > >>>>> [RFC8520], and [RFC9110]. > >>>> > >>>> > >>>> ii seems complete. > >>> > >>> > >>> 2) Regarding this question: > >>> > >>>>> 11) <!--[rfced] Is this sentence intended to be an ordered list (option A) > >>>>> or are "any change in a URL" and "any change to the authority > >>>>> section" the 2 risks that are being referred to (option B)? > >>>>> > >>>>> Original: > >>>>> To address either risk, any change in a URL, and in particular to the > >>>>> authority section, two approaches may be used: > >>>>> > >>>>> Perhaps: > >>>>> A) To address either risk, any change in a URL, and particularly any > change > >>>>> to the authority section, two approaches may be used: > >>>>> > >>>>> or > >>>>> > >>>>> B) To address either risk, i.e., any change in a URL and, in particular, to > >>>>> the authority section, two approaches may be used: > >>>>> --> > >>>> > >>>> How about: > >>>> > >>>>> (C) To address either risk, any change in a URL, and in particular to the > >>>>> authority section; two approaches may be used: > >>>> > >>>> ? > >>> > >>> We are still having trouble understanding this sentence. (Note that the text > before the semicolon in (C) is not a complete sentence.) Would something like > the following work? > >>> > >>> Perhaps: > >>> Two approaches may be used to address these risks and any change in a > URL (particularly in the > >>> authority section): > >>> > >> > >> Ok, having re-read the context, the authority section phrase is redundant, so > we can say: > >> > >>> To address either of these risks or any tampering of a URL: > >> > > > > This seems fine. > > > >> > >> > >>> > >>> 3) Regarding this question: > >>> > >>>>> 15) <!-- [rfced] The following lines exceed the 72-character limit for > >>>>> sourcecode. Please let us know how these lines can be modified. > >>>>> > >>>>> Section 5.1 (1 character over): > >>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", > >>>>> > >>>>> Section 5.2 (1 character over): > >>>>> "systeminfo": "mixed example: SBOM on device, vuln info in cloud", > >>>>> > >>>>> Section 5.3 (2 characters over): > >>>>> "contact-info": "https://iot-device.example.com/contact-info.html", > >>>>> > >>>>> Section 5.3 (1 character over): > >>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", > >>>>> --> > >>>>> > >>>> > >>>> Would you mind out-denting these lines? > >>> > >>> Please confirm that we updated these correctly. We moved the lines in > each example mentioned above one or two spaces (as appropriate) to the left > to meet the character limit, though we couldn’t not move the “{“ at the > beginning and end of each example as these were already at the left margin. > >> > >> > >> That’s okay. > >> > >> Aside: this 72 character limit was VERY important when printers could only > print 80 columns, but that was on its way out even when *I* was a student in > the 80s (I never saw an actual line printer after college). > >> > >> Regards, > >> > >> Eliot > >> > >>> > >>> ______________ > >>> > >>> Updated XML file: > >>> http://www.rfc-editor.org/authors/rfc9472.xml > >>> > >>> Updated output files: > >>> https://www.rfc-editor.org/authors/rfc9472.html > >>> https://www.rfc-editor.org/authors/rfc9472.txt > >>> https://www.rfc-editor.org/authors/rfc9472.pdf > >>> > >>> Diff file showing all changes made during AUTH48: > >>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html > >>> > >>> Diff files showing all changes: > >>> https://www.rfc-editor.org/authors/rfc9472-diff.html > >>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side diff) > >>> > >>> Note that it may be necessary for you to refresh your browser to view the > most recent version. > >>> > >>> For the AUTH48 status of this document, please see: > >>> https://www.rfc-editor.org/auth48/rfc9472 > >>> > >>> Thank you, > >>> > >>> RFC Editor/st > >>> > >>>> On Sep 11, 2023, at 12:23 PM, Rose, Scott W. (Fed) > <scott.rose=40nist.gov@dmarc.ietf.org> wrote: > >>>> > >>>> On 8 Sep 2023, at 19:26, rfc-editor@rfc-editor.org wrote: > >>>> > >>>>> Authors and *AD, > >>>>> > >>>>> While reviewing this document during AUTH48, please resolve (as > necessary) the following questions, which are also in the XML file. > >>>>> > >>>> > >>>>> > >>>>> 17) <!-- [rfced] FYI: We have added expansions for the following > abbreviations > >>>>> per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review each > >>>>> expansion in the document carefully to ensure correctness. > >>>>> > >>>>> Access Control Lists (ACLs) > >>>>> Constrained Application Protocol (CoAP) > >>>>> Internet of Things (IoT) > >>>>> --> > >>>>> > >>>>> > >>>>> 18) <!-- [rfced] Please review the "Inclusive Language" portion of the > online > >>>>> Style Guide <https://www.rfc- > editor.org/styleguide/part2/#inclusive_language> > >>>>> and let us know if any changes are needed. > >>>>> > >>>>> Note that our script did not flag any words in particular, but this should > >>>>> still be reviewed as a best practice. > >>>>> --> > >>>>> > >>>> > >>>> FWIW, I did a pass through to match against the NIST inclusive language > guidance and did not find anything that needed to be addressed. Future > changes may change that (not likely, but maybe). > >>>> > >>>> Thanks > >>>> Scott > >>>> > >>>> > >>>> > >>>> > >>>> ================================== > >>>> Scott Rose NIST/CTL > >>>> scott.rose@nist.gov > >>>> ph: +1-301-975-8439 (w) > >>>> +1-571-249-3761 (GoogleVoice) > >>>> ================================== > >>> > > > > > > ================================== > > Scott Rose NIST/CTL > > scott.rose@nist.gov > > ph: +1-301-975-8439 (w) > > +1-571-249-3761 (GoogleVoice) > > ================================== >
- [auth48] AUTH48: RFC-to-be 9472 <draft-ietf-opsaw… rfc-editor
- [auth48] [AD] Re: AUTH48: RFC-to-be 9472 <draft-i… rfc-editor
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- [auth48] [IANA] Re: [AD] AUTH48: RFC-to-be 9472 <… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- [auth48] Fwd: [IANA #1282204] [IANA] Re: [AD] AUT… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant