IETF Logo Mail Archive

Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review

"Rob Wilton (rwilton)" <rwilton@cisco.com> Thu, 14 September 2023 12:00 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE381C15107D; Thu, 14 Sep 2023 05:00:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.604
X-Spam-Level:
X-Spam-Status: No, score=-9.604 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="j9MUerbE"; dkim=pass (1024-bit key) header.d=cisco.com header.b="Etl+TQ8W"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JT_cueLEsowT; Thu, 14 Sep 2023 05:00:15 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6ACEC14CE39; Thu, 14 Sep 2023 05:00:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14608; q=dns/txt; s=iport; t=1694692815; x=1695902415; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=DxuguTt098XDvDcni0iAOhCZGN1HyDdJKC3XQLONlN0=; b=j9MUerbETGKcQwaKIlZuaSLJKdO4s8lnXbxfrJUcZ7aNVpshEbkrjiL1 CzyWn19liZoPKSC4VFe38TR244sDjVwcTNTlbLi7zUzjd1Js56/hy/N5/ hwIr4KRu3RZdn+I5metBrsWwKCw8NGIg4/CpRE+hFnWHCOYnGcvztinH7 I=;
X-CSE-ConnectionGUID: CfJu1PDkTGmIy8zFDZ8ISw==
X-CSE-MsgGUID: FeDIAXxPRWGBiQdfM5ykoA==
X-IPAS-Result: A0AJAACl9AJlmIkNJK1XAxsBAQEBAQEBAQUBAQESAQEBAwMBAQFAJYEWBgEBAQsBgWRSdgJZKhJHA4RPg0wDhE5fiGMDmmmDEoElA1YPAQEBDQEBOQsEAQGFBwIWhmECJjQJDgECAgIBAQEBAwIDAQEBAQEBAQIBAQUBAQECAQcEFAEBAQEBAQEBHhkFDhAnhWgNhkcBAQEBAQEBEhEEDQwBATcBCwQCAQYCDgMEAQEBAgImAgICMBUICAIEAQ0FCBqCXAGCOyMDARAGP5IAj00BgUACiih6fzOBAYIJAQEGBAWybAmBGi4Bh24aAWhNG4NpGIQ1JxuBSUSBFUN5gW8+gmICAQGBNioKCwomgxQ5gi6FL4QYgnWCBgcRLgcygQwMCYEFgn04J4l7CSGBCAhegWo9Ag1UCwtdgRFROIE7AgIRORNHcRsDBwOBAhArBwQvGwcGCRYsJQZRBC0kCRMSPgSBZ4FRCoEGPxEOEYJFIgIHNjYZS4JgCRUMNQRKdhArBBQYbCcEagUaFR43ERIZDQMIdh0CESM8AwUDBDYKFQ0LIQUUQwNHBkwLAwIcBQMDBIE2BQ8eAhAaBg4rAwMZUAIRFAM2A0QdQAMLbT0UIQYOGwUEPSlZBaAuPDKBbHERBhQTJgQNGgEFAgECEQ4BARR8CAgtEQEGHQYLAQ8JPA+SQBGDCUesZ4EtCoQLjACVOxeEAYFWixgEhmmKa4Npgk1ilzR5II1BlHMrBIUZAgQCBAUCDgEBBoEyMTqBW3AVO4JnCUkZD4EbjQUMDQkWg0CFFIpldgIBCi4CBwEKAQEDCYhvgloBAQ
IronPort-PHdr: A9a23:BufprBBju7RedN7nMm31UyQVoxdPi9zP1kY9454jjfdJaqu8usikN 03E7vIrh1jMDs3X6PNB3vLfqLuoGXcB7pCIrG0YfdRSWgUEh8Qbk01oAMOMBUDhav+/Ryc7B 89FElRi+iLzKlBbTf73fEaauXiu9XgXExT7OxByI7HvBY/Wk8Ox/+uz4JbUJQ5PgWn1bbZ7N h7jtQzKrYFWmd57N68rwx3Vo31FM+hX3jZuIlSe3l7ws8yx55VktS9Xvpoc
IronPort-Data: A9a23:oNS/Ka5W1XVtAaqbJ1fNjAxRtPbHchMFZxGqfqrLsTDasY5as4F+v moYCDqOMviIajCgL9ElPYjl9UsF65XcmtJjTAVl+ywyZn8b8sCt6fZ1gavT04J+CuWZESqLO u1HMoGowPgcFyKa/lH1dOG58RGQ7InQLpLkEunIJyttcgFtTSYlmHpLlvUw6mJSqYDR7zil5 5Wq+aUzBHf/g2QvajNNt/rYwP9SlK2aVA0w7wRWic9j5Dcyp1FNZLoDKKe4KWfPQ4U8NoZWk M6akdlVVkuAl/scIovNfoTTKyXmcZaOVeS6sUe6boD56vR0SoPe5Y5gXBYUQR8/ZzxkBLmdw v0V3XC7YV9B0qEhBI3xXjEAexySM5Gq95fsL1qi6PS/zHHpdlr9k+dAIHNmHLYHr7Mf7WFmr ZT0KRgEahSFwumx2r/+Fq9nh98oK4/gO4Z3VnNIlG6CS614B8mYBfyRure03x9o7ixKNezBZ s4FbjxHZxXbaBoJMVASYH47tL723yahL2UI8jp5o4IZ7kTy5Txh6ILSH/DUQ9CEYJhEnUGx8 zeuE2PRW0FGa4P3JSC+2nuxmu+TzSrhU4ITCrCQ7PBhxVCfx3AUElsRT1TTieO3gQuzV9NDL FY84CQl6KU+9VCsVJ/6RRLQnZKflhcYX9wVGOog5UTRjKHV+A2eQGMDS1atdeDKqucdSx43j 2elnO/GAB1+4K+7ZUDN14yL+Gba1TcuEUcOYioNTA0g6tbloZ0ugh+ncjqFOPPp5jESMWytq w1mvBTSlJ1I1pZajfXTEUTvxmPy+MSUEmbZ8y2KBgqYAhVFiJlJjmBCwXHf6ftGRGpyZgbc5 CBe8yRyARxnMH1gvCWJRONIF7az6rPZdjbdmlVoWZIm8lxBGkJPn6gOuFmSx28wba7onAMFh meI6Wu9A7cIbROXgVdfOd7ZNijT5fGI+S7Zfv7VdMFSRZN6aRWK+ipjDWbJgTGxzhJ9wfpka M7GGSpJMZr8Ifo/pNZRb7lFuYLHOghirY8ubcmhlk/+geb2iIC9EOhaazNikdzVHIvd8FmKr L6zxuOByg5UV6XlczLL/IsIRW3m3lBlba0aX/d/L7bZSiI/QTlJI6aIndsJJdc/94wLzbigw 51IchICoLYJrSeZeVzih7EKQO6HYKuTWlpiY3F8Ygn4hyZ+CWtthY9GH6YKkXAc3LUL5dZ/T uIOfIOLBfEnd9gN0291gUXVxGC6SCmWuA==
IronPort-HdrOrdr: A9a23:1VYnH6sXfrAwMeoYcQwwk1AI7skCM4Aji2hC6mlwRA09TyXGrb HMoB1L73/JYWgqOU3IwerwSZVoIUmxyXZ0ibNhRItKLzOWyFdAS7sSo7cKogeQVBEWk9Qtt5 uIHJIOdeEYYWIK6voSpTPIberIo+P3sZxA592us0uFJDsCA8oPnmIJbjpzUHcGOzWubqBJbK Z0k/A33QZIDk5nFfhTaEN1OdTrlpngrr6jSxgAABIs9QmJih2VyJOSKXKl9yZbeQlihZM5/0 b4syGR3MieWveApSP05iv21dB7idHhwtxMCIinkc4OMAjhjQ6uecBIR6CClCpdmpDt1H8a1P 335zswNcV67H3cOkuvpwH25gXm2DEyr1f/1F6jh2f5q8CRfkN5NyMBv/MdTvLq0TtmgDhO6t MM44tfjesPMfr0plW42zEPbWAzqqP7mwt4rQdZtQ0tbWJXUs4ikWVYxjIULH/FdxiKtbzO14 JVfZvhzecTflWAY3/DuG5zhNSqQ3QoBx+DBlMPo8qPzlFt7TpEJmYjtYQid007hdkAYogB4/ 6BPrVjlblIQMNTZaVhBP0ZSc/yDmDWWxrDPG+bPFyiTcg8Sj7wgo+y5K9w6PCheZQOwpd3kJ PdUElAvWp3f071E8WB0JBC7xiISmSgWjbmzN1Y+vFCy/DBbauuNTfGREElksOmrflaCsrHW+ yrMJYTGPPnJXuGI/cB4+Q/YeglFZAzarxjhj9gYSP6niviEPyfitDm
X-Talos-CUID: 9a23:1mmLSmPXzQNSh+5DcydF6RcsNsMZXXj83SfCDWOKWUdSV+jA
X-Talos-MUID: 9a23:XfL/jgvGxWDPO4FuwM2nqjxOFe5Y85yUN28nkKwKtezZJC93EmLI
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-1.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 12:00:14 +0000
Received: from alln-opgw-4.cisco.com (alln-opgw-4.cisco.com [173.37.147.252]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 38EC0C9G032445 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 14 Sep 2023 12:00:14 GMT
X-CSE-ConnectionGUID: CNwZuccWRsiai6etvHe9WA==
X-CSE-MsgGUID: +b90Hre/RnaycbZLTwZJdA==
Authentication-Results: alln-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=rwilton@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.02,146,1688428800"; d="scan'208";a="1647626"
Received: from mail-mw2nam10lp2106.outbound.protection.outlook.com (HELO NAM10-MW2-obe.outbound.protection.outlook.com) ([104.47.55.106]) by alln-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2023 12:00:10 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fvqU26mr+lLx8TwnRiivPk0uwa452FVoJcFkOQ/Il3JeIJWCinVpmNztu79KdjwdNMQLb4uVXN9XIuAWXWFcsvxDBl4NIDEgwe0+lmnOgKPDSbaBfRJDTHktc1fCebYneoRKkvUiFzBOc981OP2+96BNJTAZs3JUPx4tMF/zuCVCAECZghrIMzTrzlXkkvFN+/bgMjtH6kZeoH8qEZWIooQigCSKkF/Bi6ULSd2PJy5t87uuJLebnlWj80c/ael3a3lgMyDd1XwyelVsg58Ozn+b9IIiwMfRZR0U3LU0IEOWz1Py00Y12+RUbIgAilz18pYhRLXWPHGr2FO0+66ZeA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DxuguTt098XDvDcni0iAOhCZGN1HyDdJKC3XQLONlN0=; b=e0KdMgvuarJ0yexvFNmOYt/p/B//Zvih/03KKjv+8xFl3B0L4V6raxDo2pvC3A4V8rHELvD1hzlL/qctmxhLtxwncNgdl2D4x3YmYn/RX+uXPXPmHXpWREulZnt5tqc89XryG2IniUcZBPfGbb69Zz7PqkrIHQNlcoYPOMVnbH5K1RmUYb1Q25nmlm42MgtjvmZVbtufv4TZh/0OSKyAS6QoaEzplMi6NtpQ0q71qAtjOK+ish8YBaKfHwwMSEdbD4os+Is0Xkvhs9v5lJq8cRi2R5ONr2Btm3dWAua8ylwRj2z657eaOhi/tb/nIZErz/0LUyLTg+WNbMP9eNTuCA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DxuguTt098XDvDcni0iAOhCZGN1HyDdJKC3XQLONlN0=; b=Etl+TQ8WzViUpOfKYKYGG9QR2LqyDoEHg/lQCUmuBCjoEsCgNYlJyrzD5VpsS4vEI2q36Q00f/kgThVBPkDxa4NZRmAtnAOmwZjjdMjSk3nMP6InsLyhphw414on45XGaqz0zXhYCMI8YR0Wd3LEHOCOeZbDaiOzifMcS4LqOlA=
Received: from BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) by CY8PR11MB6844.namprd11.prod.outlook.com (2603:10b6:930:5f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.34; Thu, 14 Sep 2023 12:00:08 +0000
Received: from BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::b2b2:e22e:3d6c:14de]) by BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::b2b2:e22e:3d6c:14de%6]) with mapi id 15.20.6792.019; Thu, 14 Sep 2023 12:00:07 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Sarah Tarrant <starrant@amsl.com>, "Rose, Scott W. (Fed)" <scott.rose@nist.gov>, Eliot Lear <lear=40cisco.com@dmarc.ietf.org>
CC: RFC Editor <rfc-editor@rfc-editor.org>, "opsawg-ads@ietf.org" <opsawg-ads@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "bill.wu@huawei.com" <bill.wu@huawei.com>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>
Thread-Topic: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
Thread-Index: AQHZ5NSybSekSgrQ6kuaNpw/6MgwuLAXim8AgADQAwCAAGQ6AIAAew8AgAEBDsA=
Date: Thu, 14 Sep 2023 12:00:07 +0000
Message-ID: <BY5PR11MB4196DE4DB8FF4436F15EB830B5F7A@BY5PR11MB4196.namprd11.prod.outlook.com>
References: <20230908232621.2FE7CE5EA7@rfcpa.amsl.com> <BE129746-6B47-4FA8-A918-44B728F347C3@nist.gov> <2F1A389E-ABED-4C37-B41A-79A9E15D59CA@amsl.com> <1D2F40E4-3276-49E3-B70C-D6FC5FAC0430@cisco.com> <621E366B-9EC0-4783-B075-8EAD78A75CD6@nist.gov> <96C191BF-2D68-47CF-9672-9DD33EACB4C0@amsl.com>
In-Reply-To: <96C191BF-2D68-47CF-9672-9DD33EACB4C0@amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR11MB4196:EE_|CY8PR11MB6844:EE_
x-ms-office365-filtering-correlation-id: 3346e3c8-7b7e-479c-3cf2-08dbb51a2386
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eK+zrKSYuUyU7lNnU9yAhIAUDg3LEvJJRPW0phlaFaig9uYJTETj0qzJeld8/CtppYEbFkI0kbB0fPsPKkWBZW4mvKMUZBOq9k7N6SLiFBh8pmHc/vPGO5cGR/XcsB3KfaP4Jok0vqZeU+8ziZ7YLYZKqljfT2ffsquTavuWdID9i5uJx7VQGpWl9ID3UORmXz2AGlfByzc9LVwDcpmC7KbP7ZTtZOjhxrY+BSuGQhE6LV4s0enqBkwuf37KMBgoKkQEJo0NC+aX8Lh8fHYxu/kxBDs9ax1IVxNfZYtoxuaNJbhaocya8bugxb9+8V2Z6chAJGuACWYzz0swak1KFfhLoqHon20cIXOc0wo2qKcRWXwahfqe3eQqEGV3hs81pjcCE+KLLy2/zOI0mUblD7OG6S7nrxswx22iuNBl8yZYzUfrOQuFoDCH1p14SaO2DLZSYOdHCJtFYLviVqa4oXLzgZdyJu5c2lltLj06yfhrVIYlV4Bionq65Fkai2hrkvcgIiufZh6ZFB8Ip5zVMGL3mqph1O4RkKQ5/l+Sp7TGbHw30J6mDfJGYYMUJYhJOUsqJEkr2PoNnTBrc7G1sNBMVG7nlY8co8FKSD22zcEe1RkriizJZb46p1fuZAuVscZCpHRdQe83z5L8v0lj0+jTTpZYZz2dVFV/vmav2oxyHZ4+oR3U5stedUCgfAd89aMgIn55Uu6/DLAtm6+GOg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4196.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(39860400002)(396003)(376002)(346002)(136003)(451199024)(186009)(1800799009)(40140700001)(122000001)(38100700002)(38070700005)(55016003)(33656002)(86362001)(966005)(4326008)(316002)(7696005)(6506007)(53546011)(5660300002)(52536014)(71200400001)(478600001)(54906003)(110136005)(66556008)(64756008)(83380400001)(66574015)(9686003)(66446008)(66946007)(8676002)(41300700001)(76116006)(66476007)(2906002)(8936002)(562404015)(19607625013); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zt07bNfOM34FKxqnvtLaOVNmxWqyIiQA0hJCePmju6dxKKzx3dxS9QWWt36AAvooo6RRVn0smjG1HSvUb7fD8gKvO5g2UJZeIx5cEtkEawIbvYEi1m4nlBj3c9g7HnuPwsY1zT0X02/ucAYRyP8YyqSmnmAQeHSibaSYRzgiGkYPVFF4T5Ugi4UGc8ZksL9KYxZPYVN0uPnrmS6xsS4tZKb+r6JvuDB4eODAmr2ARLXKfPtOFJ9rhXeWOGeZ0pKqAzE7cXqaqk1d8niuUqjq+nQXoDjGliH8LN/V/mvJ9Rz1vy0cie8FJdcKRiOcX7cRitE+WDTWOyMJVxI4ODpDcfpa38/v7gVLeEXCVLb2+Y4hUyKvOGh4uiH8MfAg4qMnAuvu2sh6mARFCsTk2ic45lJRsf0eNQI0QYtRGs9wJbTNedN1ndRVH7LRDhrTtN7GlY2/wweNrWtffurxMTlifwvvmfM44EFab/G8qAP45c4jDTRnt8U6RLSec6p2bWky6+FhBOSPddjVND3mlrzaSb6AFoAU58liMP4/MzQ8wmtpcGN8iALfuMhft2KvdSpEfC8ohB7QeIl+7iZw7oqr5lop1eUnW/uMVy/2YHW/fbBlM0Je3uygI3ILhCwItYR9rLVQi7CGaDiA5ELuPzSYzRHnOVOgXX2kfDXitclUyZ9S2HuGrAH4NWgLlVKr1k2WtuFVAZfRfcRXXltxKX5XfajNAWBmAvP7aBDOOAd8zLfPrUe6eIPpQ/YHqZSfUjOfdZA0uGUVTWe86D58ks5WD5rAFiq8hWmcSyp7m7E2MSdzTcH8eVSinc36KOAi/Tpi+i3xxdnm8JiM5aYSOXQA/HzPEf5v1ap9vXzltNSgJH/iOOULUxmUGEvaUFpWdvcCa5+UXXm8IWkp2BNWRdaAet53swur8z7D3jZJx2YqLYwG+uWMQTtrLXQg5qofaBYAaYjWHcMzcvDrVCUOzqvF9EmZ92iZGy1UkZK+zEB5lf7jlf9Um9FA881bSm7oQ1BOkCerZdEizJcV7EeaZiCVEnIiNbLRf3Y0lleJ2Oh7in1ndXY58B0G32P/E2NPsa/wu3nHdnuoueKElGnMZGgZFSL5rJfhXt2+Z4j9Nf1xkyHOo1mbM2LByaklU7KLTNc00xIXWt7RilrGhKBDDz6OGB25DNGbwrAN7VzwZMj0tQNkbIq8OJ9m6/ZnUQmNA5hfQgOpMd/0JSNU17lHR7cb6ZV5tA29QwmE3otxLqi6Ms6oEeg7BBah+J6eakZFxZ0j2IjdsRsQgQD25CHry+g2dO7rA0C6mGIv0+mG4GciDpFiBxw7apUeEIVTg9P2wFeNSYCb3w3FFoMzR91e0sMcTXuXLILPJijn5Eo3lzeeMMeWbLyRMCe0lSHIQhrVuZpwY9MfM0T+use94oy3GRu6pPKZYZhaJkbmiNqkn8qNbQp0OrmU5KyiF97u/DzBrdwYwN2fzLoYMUM8OnaY1L3DE9Kss/gQq1NCHPlZZzeR31jVexzsc3qcSbakCrIUyTgfszxPLleKvgF367GSH3aXln4WSWXN0WxYY0fCcd9iGqoD50JMBbrCMU9NnqDsQrS9o1G8jKthdk3SUZiYNcTNax5UE0LxtJu+9xhIwT739ws=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4196.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3346e3c8-7b7e-479c-3cf2-08dbb51a2386
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2023 12:00:07.2304 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vXEjXZnl4OYQPXlUZhq+0WAtrHawnxXfb5t8/IM1/wkpslPOXK86rYNddeAoyfyxwIvlMkyHi+RH2Fwa2zd0dA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB6844
X-Outbound-SMTP-Client: 173.37.147.252, alln-opgw-4.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/-ABvRKRT4QdEmKB-MEdg2I_WiWk>
Subject: Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2023 12:00:20 -0000

Hi Sarah,

The rewording on section 1.3 is fine with me.

For question 10, I approve of the current security text.  I have flagged this previously with the authors and there are good reasons for the text to deviate from the standard YANG security considerations template.

Regards,
Rob


> -----Original Message-----
> From: Sarah Tarrant <starrant@amsl.com>
> Sent: 13 September 2023 21:35
> To: Rose, Scott W. (Fed) <scott.rose@nist.gov>; Eliot Lear
> <lear=40cisco.com@dmarc.ietf.org>
> Cc: Rob Wilton (rwilton) <rwilton@cisco.com>; RFC Editor <rfc-editor@rfc-
> editor.org>; opsawg-ads@ietf.org; opsawg-chairs@ietf.org;
> bill.wu@huawei.com; auth48archive@rfc-editor.org
> Subject: Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18>
> for your review
> 
> Hello Eliot and Scott,
> 
> Thank you for your replies. We have updated the document accordingly, and all
> of our questions for the authors have been addressed.
> 
> Please review the document carefully to ensure satisfaction as we do not make
> changes once it has been published as an RFC. Contact us with any further
> updates or with your approval of the document in its current form. We will
> await approvals from each author prior to moving forward in the publication
> process. We also need Rob’s AD approval of the change in Section 1.3 and
> review of question #10 prior to moving forward.
> 
> Updated XML file:
> http://www.rfc-editor.org/authors/rfc9472.xml
> 
> Updated output files:
> https://www.rfc-editor.org/authors/rfc9472.html
> https://www.rfc-editor.org/authors/rfc9472.txt
> https://www.rfc-editor.org/authors/rfc9472.pdf
> 
> Diff file showing all changes made during AUTH48:
> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
> 
> Diff files showing all changes:
> https://www.rfc-editor.org/authors/rfc9472-diff.html
> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side diff)
> 
> Note that it may be necessary for you to refresh your browser to view the most
> recent version.
> 
> For the AUTH48 status of this document, please see:
> https://www.rfc-editor.org/auth48/rfc9472
> 
> Thank you,
> 
> RFC Editor/st
> 
> > On Sep 13, 2023, at 8:14 AM, Rose, Scott W. (Fed) <scott.rose@nist.gov>
> wrote:
> >
> > Sarah,
> > I am generally fine with the changes, specific replies below:
> >
> > Thanks,
> > Scott
> >
> > On 13 Sep 2023, at 3:15, Eliot Lear wrote:
> >
> >> Hi Sarah and thanks!  Please see below.
> >>
> >>> On 12 Sep 2023, at 20:50, Sarah Tarrant <starrant@amsl.com> wrote:
> >>>
> >>> Hello Eliot, Scott, and Rob*,
> >>>
> >>> *Rob, as AD, please review the change in the last paragraph of Section 1.3
> and let us know if you approve. The change is best viewed in this diff file:
> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html. Also, please let us
> know your thoughts on this question (note that RFCs 6242, 8341, and 8446 are
> included in the template at https://trac.ietf.org/trac/ops/wiki/yang-security-
> guidelines):
> >>>
> >>>> 10) <!-- [rfced] *[AD] Section 6: The Security Considerations section does
> not
> >>>> follow the requirements listed on
> >>>> https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines, which says
> >>>> "This section MUST be patterned after the latest approved template."
> >>>> Please confirm if the current text is acceptable per the context of the
> >>>> document or if any further updates are needed in order to follow the
> >>>> template.
> >>>>
> >>>> Also, please confirm if it is acceptable that RFCs 6242, 8341, and
> >>>> 8446 are not listed in the Normative References section or if they
> >>>> should be added.
> >>>> —>
> >>>
> >>>
> >>> Eliot and Scott, thank you for your replies; we have updated the document
> accordingly. We have a few followup questions:
> >>>
> >>> 1) We added the sentence in ii) per your reply to this question. We also
> added RFC 7231 as a normative reference. Please confirm that this is correct.
> Or should it be informative instead?
> >>
> >> That’s correct.
> >>
> >>>
> >>>>> e) We note that RFCs 6991 and 7231 are only referenced in the YANG
> >>>>> module and not in the running text. In order to have a 1:1 matchup
> >>>>> between the references section and the text, may we add an
> introductory
> >>>>> sentence before the YANG module that includes these citations (option
> i)?
> >>>>> Alternatively, you may reference all of the RFCs that are mentioned
> >>>>> (option ii). Please let us know your preference.
> >>>>>
> >>>>> Perhaps:
> >>>>> i)  This YANG module references [RFC6991] and [RFC7231].
> >>>>> or
> >>>>> ii) This YANG module references [RFC6991], [RFC7231], [RFC7252],
> >>>>>  [RFC8520], and [RFC9110].
> >>>>
> >>>>
> >>>> ii seems complete.
> >>>
> >>>
> >>> 2) Regarding this question:
> >>>
> >>>>> 11) <!--[rfced] Is this sentence intended to be an ordered list (option A)
> >>>>> or are "any change in a URL" and "any change to the authority
> >>>>> section" the 2 risks that are being referred to (option B)?
> >>>>>
> >>>>> Original:
> >>>>> To address either risk, any change in a URL, and in particular to the
> >>>>> authority section, two approaches may be used:
> >>>>>
> >>>>> Perhaps:
> >>>>> A) To address either risk, any change in a URL, and particularly any
> change
> >>>>> to the authority section, two approaches may be used:
> >>>>>
> >>>>> or
> >>>>>
> >>>>> B) To address either risk, i.e., any change in a URL and, in particular, to
> >>>>> the authority section, two approaches may be used:
> >>>>> -->
> >>>>
> >>>> How about:
> >>>>
> >>>>> (C)  To address either risk, any change in a URL, and in particular to the
> >>>>> authority section; two approaches may be used:
> >>>>
> >>>> ?
> >>>
> >>> We are still having trouble understanding this sentence. (Note that the text
> before the semicolon in (C) is not a complete sentence.) Would something like
> the following work?
> >>>
> >>> Perhaps:
> >>> Two approaches may be used to address these risks and any change in a
> URL (particularly in the
> >>> authority section):
> >>>
> >>
> >> Ok, having re-read the context, the authority section phrase is redundant, so
> we can say:
> >>
> >>> To address either of these risks or any tampering of a URL:
> >>
> >
> > This seems fine.
> >
> >>
> >>
> >>>
> >>> 3) Regarding this question:
> >>>
> >>>>> 15) <!-- [rfced] The following lines exceed the 72-character limit for
> >>>>> sourcecode. Please let us know how these lines can be modified.
> >>>>>
> >>>>> Section 5.1 (1 character over):
> >>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
> >>>>>
> >>>>> Section 5.2 (1 character over):
> >>>>> "systeminfo": "mixed example: SBOM on device, vuln info in cloud",
> >>>>>
> >>>>> Section 5.3 (2 characters over):
> >>>>> "contact-info": "https://iot-device.example.com/contact-info.html",
> >>>>>
> >>>>> Section 5.3 (1 character over):
> >>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
> >>>>> -->
> >>>>>
> >>>>
> >>>> Would you mind out-denting these lines?
> >>>
> >>> Please confirm that we updated these correctly. We moved the lines in
> each example mentioned above one or two spaces (as appropriate) to the left
> to meet the character limit, though we couldn’t not move the “{“ at the
> beginning and end of each example as these were already at the left margin.
> >>
> >>
> >> That’s okay.
> >>
> >> Aside: this 72 character limit was VERY important when printers could only
> print 80 columns, but that was on its way out even when *I* was a student in
> the 80s (I never saw an actual line printer after college).
> >>
> >> Regards,
> >>
> >> Eliot
> >>
> >>>
> >>> ______________
> >>>
> >>> Updated XML file:
> >>> http://www.rfc-editor.org/authors/rfc9472.xml
> >>>
> >>> Updated output files:
> >>> https://www.rfc-editor.org/authors/rfc9472.html
> >>> https://www.rfc-editor.org/authors/rfc9472.txt
> >>> https://www.rfc-editor.org/authors/rfc9472.pdf
> >>>
> >>> Diff file showing all changes made during AUTH48:
> >>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
> >>>
> >>> Diff files showing all changes:
> >>> https://www.rfc-editor.org/authors/rfc9472-diff.html
> >>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side diff)
> >>>
> >>> Note that it may be necessary for you to refresh your browser to view the
> most recent version.
> >>>
> >>> For the AUTH48 status of this document, please see:
> >>> https://www.rfc-editor.org/auth48/rfc9472
> >>>
> >>> Thank you,
> >>>
> >>> RFC Editor/st
> >>>
> >>>> On Sep 11, 2023, at 12:23 PM, Rose, Scott W. (Fed)
> <scott.rose=40nist.gov@dmarc.ietf.org> wrote:
> >>>>
> >>>> On 8 Sep 2023, at 19:26, rfc-editor@rfc-editor.org wrote:
> >>>>
> >>>>> Authors and *AD,
> >>>>>
> >>>>> While reviewing this document during AUTH48, please resolve (as
> necessary) the following questions, which are also in the XML file.
> >>>>>
> >>>>
> >>>>>
> >>>>> 17) <!-- [rfced] FYI: We have added expansions for the following
> abbreviations
> >>>>> per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review each
> >>>>> expansion in the document carefully to ensure correctness.
> >>>>>
> >>>>> Access Control Lists (ACLs)
> >>>>> Constrained Application Protocol (CoAP)
> >>>>> Internet of Things (IoT)
> >>>>> -->
> >>>>>
> >>>>>
> >>>>> 18) <!-- [rfced] Please review the "Inclusive Language" portion of the
> online
> >>>>> Style Guide <https://www.rfc-
> editor.org/styleguide/part2/#inclusive_language>
> >>>>> and let us know if any changes are needed.
> >>>>>
> >>>>> Note that our script did not flag any words in particular, but this should
> >>>>> still be reviewed as a best practice.
> >>>>> -->
> >>>>>
> >>>>
> >>>> FWIW, I did a pass through to match against the NIST inclusive language
> guidance and did not find anything that needed to be addressed.  Future
> changes may change that (not likely, but maybe).
> >>>>
> >>>> Thanks
> >>>> Scott
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> ==================================
> >>>> Scott Rose NIST/CTL
> >>>> scott.rose@nist.gov
> >>>> ph: +1-301-975-8439 (w)
> >>>> +1-571-249-3761 (GoogleVoice)
> >>>> ==================================
> >>>
> >
> >
> > ==================================
> > Scott Rose NIST/CTL
> > scott.rose@nist.gov
> > ph: +1-301-975-8439 (w)
> >    +1-571-249-3761 (GoogleVoice)
> > ==================================
>

v2.23.0 | Report a Bug | By Email