Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
Eliot Lear <lear@cisco.com> Thu, 28 September 2023 14:04 UTC
Return-Path: <lear@cisco.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F683C13AE29; Thu, 28 Sep 2023 07:04:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.607
X-Spam-Level:
X-Spam-Status: No, score=-9.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9rW5m_-Au5QY; Thu, 28 Sep 2023 07:04:47 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2990C15199B; Thu, 28 Sep 2023 07:04:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24159; q=dns/txt; s=iport; t=1695909887; x=1697119487; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=bgrzvLSunB3YZ/0MozPvWprgO0xkbDhEEp4og1Ebj4w=; b=JY8fSp1e1rLLqLXGon2t90kEr7PXbqRiikgePgoDXoGT/e+T6S283fVc jMd38MrbHQw5/Z3OD70qymW6jIRN0bRkm/ZAPSjCdLXkdqGgKZW0QV2l1 9/Z+jXlxmZ0hOJ65Slzezi3qT/j03V5tff7UH/Abjs7Hi8foYq0Rj5TA3 8=;
X-CSE-ConnectionGUID: mKpbffoCTWeuIebtP2lpPg==
X-CSE-MsgGUID: +BV9zesIRBudthdtCP2iCg==
X-IronPort-AV: E=Sophos;i="6.03,184,1694736000"; d="scan'208";a="9066096"
Received: from aer-iport-nat.cisco.com (HELO aer-core-12.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Sep 2023 14:04:45 +0000
Received: from smtpclient.apple ([10.61.156.34]) by aer-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 38SE4hPQ020511 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Thu, 28 Sep 2023 14:04:44 GMT
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
From: Eliot Lear <lear@cisco.com>
In-Reply-To: <BY5PR11MB419611B1FE3E5481D270D3C3B5C2A@BY5PR11MB4196.namprd11.prod.outlook.com>
Date: Thu, 28 Sep 2023 16:04:33 +0200
Cc: Sarah Tarrant <starrant@amsl.com>, "Rose, Scott W. (Fed)" <scott.rose@nist.gov>, RFC Editor <rfc-editor@rfc-editor.org>, "opsawg-ads@ietf.org" <opsawg-ads@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "bill.wu@huawei.com" <bill.wu@huawei.com>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FFA1DBCC-1012-4E5D-B0EA-BC0B8C1E5B39@cisco.com>
References: <20230908232621.2FE7CE5EA7@rfcpa.amsl.com> <BE129746-6B47-4FA8-A918-44B728F347C3@nist.gov> <2F1A389E-ABED-4C37-B41A-79A9E15D59CA@amsl.com> <1D2F40E4-3276-49E3-B70C-D6FC5FAC0430@cisco.com> <621E366B-9EC0-4783-B075-8EAD78A75CD6@nist.gov> <96C191BF-2D68-47CF-9672-9DD33EACB4C0@amsl.com> <4F18F944-A918-4AFE-B56D-606E48497E32@cisco.com> <6ED283CE-8A6F-4AF3-BF24-86EC4F088DA2@amsl.com> <7E392C5B-CA0D-440A-9C10-9668D7AD4F79@cisco.com> <0A4B2338-BBB0-41B0-8DA9-BC76B0CE5666@amsl.com> <93975E7A-00F5-4F8C-99DB-D1BD27868B0B@cisco.com> <C862785F-B36C-4CB8-84EA-F86EE7C099B3@amsl.com> <BY5PR11MB419611B1FE3E5481D270D3C3B5C2A@BY5PR11MB4196.namprd11.prod.outlook.com>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
X-Outbound-SMTP-Client: 10.61.156.34, [10.61.156.34]
X-Outbound-Node: aer-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/GQmcjVASkYIgC-ROid_q26AJH0c>
Subject: Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2023 14:04:52 -0000
Ok, I’ve reviewed this. I think in this instance, since we are talking about a JSON example, and the JSON document ignores spaces and still parses, we can just leave it as is. I don’t think it’s necessary to reflow. Are you okay with that Rob? Eliot > On Sep 27, 2023, at 12:32, Rob Wilton (rwilton) <rwilton@cisco.com> wrote: > > Hi Sarah, Eliot, > > Sorry for the delay. > > Regarding the changes in 5.1 and 5.3: > > Rather than outdenting, did we consider leveraging RFC 8792? E.g., to cite a random specific example, see the end of section 2.2.2 of https://datatracker.ietf.org/doc/draft-ietf-netconf-crypto-types/ > > Example: > =============== NOTE: '\' line wrapping per RFC 8792 ================ > > <rpc-reply message-id="101" > xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> > <p10-csr xmlns="http://example.com/ns/example-crypto-types-usage">\ > BASE64VALUE=</p10-csr> > </rpc-reply> > > The advantage of this is that tooling can extract the example from the RFC and still give a completely normal properly indented example. I'm not sure how many recent YANG RFCs have started to do this, but I think that this is what I'm starting to more commonly see. > > Thanks, > Rob > > >> -----Original Message----- >> From: Sarah Tarrant <starrant@amsl.com> >> Sent: Friday, September 22, 2023 3:15 PM >> To: Eliot Lear <lear@cisco.com> >> Cc: Rob Wilton (rwilton) <rwilton@cisco.com>; Rose, Scott W. (Fed) >> <scott.rose@nist.gov>; RFC Editor <rfc-editor@rfc-editor.org>; opsawg- >> ads@ietf.org; opsawg-chairs@ietf.org; bill.wu@huawei.com; >> auth48archive@rfc-editor.org >> Subject: Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> >> for your review >> >> Hi Eliot, >> >> Thank you for your reply. We have marked your approval on the AUTH48 status >> page for this document (see https://www.rfc-editor.org/auth48/rfc9472). >> >> IANA has completed the update to the “YANG Module Names” registry. >> >> We will move this document forward in the publication process once we receive >> approval from Rob on the changes to the sourcecode in Sections 5.1 and 5.3. >> >> Thank you, >> RFC Editor/st >> >>> On Sep 21, 2023, at 1:32 AM, Eliot Lear <lear@cisco.com> wrote: >>> >>> Hi Sarah, >>> >>> I approve publication. Thanks to you and the RPC for your work on this >> document. >>> >>> Eliot >>> >>>> On 20 Sep 2023, at 22:59, Sarah Tarrant <starrant@amsl.com> wrote: >>>> >>>> Hi Eliot, >>>> >>>> Thank you for spotting the issue with Section 7.2 and the IANA registry. We >> agree that "ietf-mud” should be updated to "ietf-mud-transparency” in Section >> 7.2 and have made that change. In a separate email, we will request that IANA >> update the “YANG Module Names” registry accordingly. >>>> >>>> Updated XML file: >>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>> >>>> Updated output files: >>>> https://www.rfc-editor.org/authors/rfc9472.html >>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>> >>>> Diff file showing all changes made during AUTH48: >>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>> >>>> Diff files showing all changes: >>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side diff) >>>> >>>> Note that it may be necessary for you to refresh your browser to view the >> most recent version. >>>> >>>> For the AUTH48 status of this document, please see: >>>> https://www.rfc-editor.org/auth48/rfc9472 >>>> >>>> Thank you, >>>> RFC Editor/st >>>> >>>>> On Sep 19, 2023, at 12:42 AM, Eliot Lear <lear@cisco.com> wrote: >>>>> >>>>> Hi Sarah, >>>>> >>>>> I think I’ve caught one more small issue, but this is with the IANA registry. >> Could you please check with them on the following: >>>>> >>>>> In 7.2, I think the name field is supposed to be ietf-mud-transparency and >> not ietf-mud. >>>>> >>>>> After this matter is resolved, I can approve publication. >>>>> >>>>> Thanks, >>>>> >>>>> Eliot >>>>> >>>>> >>>>>> On 18 Sep 2023, at 20:37, Sarah Tarrant <starrant@amsl.com> wrote: >>>>>> >>>>>> Hello Eliot and Rob*, >>>>>> >>>>>> Elliot, thank you for your reply. We have updated the document >> accordingly. >>>>>> >>>>>> *Rob, as AD, please review and approve the changes to the sourcecode in >> Sections 5.1 and 5.3. These changes are best viewed in this diff file: >> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html. >>>>>> >>>>>> We will await approvals from each of the parties listed above prior to >> moving this document forward in the publication process. >>>>>> >>>>>> Updated XML file: >>>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>>> >>>>>> Updated output files: >>>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>>> >>>>>> Diff file showing all changes made during AUTH48: >>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>>> >>>>>> Diff files showing all changes: >>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side diff) >>>>>> >>>>>> Note that it may be necessary for you to refresh your browser to view the >> most recent version. >>>>>> >>>>>> For the AUTH48 status of this document, please see: >>>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>>> >>>>>> Thank you, >>>>>> >>>>>> RFC Editor/st >>>>>> >>>>>>> On Sep 16, 2023, at 9:04 AM, Eliot Lear <lear@cisco.com> wrote: >>>>>>> >>>>>>> Sarah, >>>>>>> >>>>>>> I believe that I have found several errors in the examples. There are two >> problems: >>>>>>> >>>>>>> 1. sbom-url should appear as part of an array of objects, and is not. >>>>>>> 2. There is one case where mudtx wasn’t used where it should have >> been. >>>>>>> @Rob, please check me on this. This should correspond to "list sboms” >> in the model. >>>>>>> >>>>>>> In Section 5.1, first example, the change is adding the sboms array: >>>>>>> >>>>>>> OLD: >>>>>>> { >>>>>>> "ietf-mud:mud": { >>>>>>> "mud-version": 1, >>>>>>> "extensions": [ >>>>>>> "transparency" >>>>>>> ], >>>>>>> "mudtx:transparency": { >>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json", >>>>>>> "vuln-url" : [ >>>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>>> ] >>>>>>> }, >>>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>>> "cache-validity": 48, >>>>>>> "is-supported": true, >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>> "mfg-name": "Example, Inc.", >>>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>>> "model-name": "modelX" >>>>>>> } >>>>>>> } >>>>>>> NEW: >>>>>>> { >>>>>>> "ietf-mud:mud": { >>>>>>> "mud-version": 1, >>>>>>> "extensions": [ >>>>>>> "transparency" >>>>>>> ], >>>>>>> "mudtx:transparency": { >>>>>>> sboms: [ { >>>>>>> "version-info": "1.2", >>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json" >>>>>>> } ], >>>>>>> "vuln-url" : [ >>>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>>> ] >>>>>>> }, >>>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>>> "cache-validity": 48, >>>>>>> "is-supported": true, >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>> "mfg-name": "Example, Inc.", >>>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>>> "model-name": "modelX" >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> Section 5.1, 2nd Example, same change: >>>>>>> >>>>>>> >>>>>>> OLD: >>>>>>> >>>>>>> { >>>>>>> "ietf-mud:mud": { >>>>>>> "mud-version": 1, >>>>>>> "extensions": [ >>>>>>> "transparency" >>>>>>> ], >>>>>>> "mudtx:transparency": { >>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json" >>>>>>> }, >>>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>>> "cache-validity": 48, >>>>>>> "is-supported": true, >>>>>>> "systeminfo": "retrieving only SBOM info via a cloud service", >>>>>>> "mfg-name": "Example, Inc.", >>>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>>> "model-name": "modelX" >>>>>>> } >>>>>>> } >>>>>>> NEW: >>>>>>> { >>>>>>> "ietf-mud:mud": { >>>>>>> "mud-version": 1, >>>>>>> "extensions": [ >>>>>>> "transparency" >>>>>>> ], >>>>>>> "mudtx:transparency": { >>>>>>> sboms: [ { >>>>>>> "version-info": "1.2", >>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json" >>>>>>> } ], >>>>>>> }, >>>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>>> "cache-validity": 48, >>>>>>> "is-supported": true, >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>> "mfg-name": "Example, Inc.", >>>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>>> "model-name": "modelX" >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> Section 5.3: >>>>>>> >>>>>>> OLD: >>>>>>> { >>>>>>> "ietf-mud:mud": { >>>>>>> "mud-version": 1, >>>>>>> "extensions": [ >>>>>>> "transparency" >>>>>>> ], >>>>>>> "ietf-mud-transparency:transparency": { >>>>>>> "contact-info": "https://iot-device.example.com/contact-info.html", >>>>>>> "vuln-url" : [ >>>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>>> ] >>>>>>> }, >>>>>>> "mud-url": "https://iot-device.example.com/modelX.json", >>>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s", >>>>>>> "last-update": "2021-07-09T06:16:42+00:00", >>>>>>> "cache-validity": 48, >>>>>>> "is-supported": true, >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>> "mfg-name": "Example, Inc.", >>>>>>> "documentation": "https://iot-device.example.com/doc/modelX", >>>>>>> "model-name": "modelX" >>>>>>> } >>>>>>> } >>>>>>> NEW: >>>>>>> { >>>>>>> "ietf-mud:mud": { >>>>>>> "mud-version": 1, >>>>>>> "extensions": [ >>>>>>> "transparency" >>>>>>> ], >>>>>>> "mudtx:transparency": { >>>>>>> "contact-info": "https://iot-device.example.com/contact-info.html", >>>>>>> "vuln-url" : [ >>>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>>> ] >>>>>>> }, >>>>>>> "mud-url": "https://iot-device.example.com/modelX.json", >>>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s", >>>>>>> "last-update": "2021-07-09T06:16:42+00:00", >>>>>>> "cache-validity": 48, >>>>>>> "is-supported": true, >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>> "mfg-name": "Example, Inc.", >>>>>>> "documentation": "https://iot-device.example.com/doc/modelX", >>>>>>> "model-name": "modelX" >>>>>>> } >>>>>>> } >>>>>>> Eliot >>>>>>>> On 13 Sep 2023, at 22:34, Sarah Tarrant <starrant@amsl.com> wrote: >>>>>>>> >>>>>>>> Hello Eliot and Scott, >>>>>>>> >>>>>>>> Thank you for your replies. We have updated the document accordingly, >> and all of our questions for the authors have been addressed. >>>>>>>> >>>>>>>> Please review the document carefully to ensure satisfaction as we do >> not make changes once it has been published as an RFC. Contact us with any >> further updates or with your approval of the document in its current form. We >> will await approvals from each author prior to moving forward in the >> publication process. We also need Rob’s AD approval of the change in Section >> 1.3 and review of question #10 prior to moving forward. >>>>>>>> >>>>>>>> Updated XML file: >>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>>>>> >>>>>>>> Updated output files: >>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>>>>> >>>>>>>> Diff file showing all changes made during AUTH48: >>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>>>>> >>>>>>>> Diff files showing all changes: >>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side >> diff) >>>>>>>> >>>>>>>> Note that it may be necessary for you to refresh your browser to view >> the most recent version. >>>>>>>> >>>>>>>> For the AUTH48 status of this document, please see: >>>>>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>>>>> >>>>>>>> Thank you, >>>>>>>> >>>>>>>> RFC Editor/st >>>>>>>> >>>>>>>>> On Sep 13, 2023, at 8:14 AM, Rose, Scott W. (Fed) >> <scott.rose@nist.gov> wrote: >>>>>>>>> >>>>>>>>> Sarah, >>>>>>>>> I am generally fine with the changes, specific replies below: >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Scott >>>>>>>>> >>>>>>>>> On 13 Sep 2023, at 3:15, Eliot Lear wrote: >>>>>>>>> >>>>>>>>>> Hi Sarah and thanks! Please see below. >>>>>>>>>> >>>>>>>>>>> On 12 Sep 2023, at 20:50, Sarah Tarrant <starrant@amsl.com> >> wrote: >>>>>>>>>>> >>>>>>>>>>> Hello Eliot, Scott, and Rob*, >>>>>>>>>>> >>>>>>>>>>> *Rob, as AD, please review the change in the last paragraph of >> Section 1.3 and let us know if you approve. The change is best viewed in this diff >> file: https://www.rfc-editor.org/authors/rfc9472-auth48diff.html. Also, please let >> us know your thoughts on this question (note that RFCs 6242, 8341, and 8446 >> are included in the template at https://trac.ietf.org/trac/ops/wiki/yang-security- >> guidelines): >>>>>>>>>>> >>>>>>>>>>>> 10) <!-- [rfced] *[AD] Section 6: The Security Considerations >> section does not >>>>>>>>>>>> follow the requirements listed on >>>>>>>>>>>> https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines, which >> says >>>>>>>>>>>> "This section MUST be patterned after the latest approved >> template." >>>>>>>>>>>> Please confirm if the current text is acceptable per the context of >> the >>>>>>>>>>>> document or if any further updates are needed in order to follow >> the >>>>>>>>>>>> template. >>>>>>>>>>>> >>>>>>>>>>>> Also, please confirm if it is acceptable that RFCs 6242, 8341, and >>>>>>>>>>>> 8446 are not listed in the Normative References section or if they >>>>>>>>>>>> should be added. >>>>>>>>>>>> —> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Eliot and Scott, thank you for your replies; we have updated the >> document accordingly. We have a few followup questions: >>>>>>>>>>> >>>>>>>>>>> 1) We added the sentence in ii) per your reply to this question. We >> also added RFC 7231 as a normative reference. Please confirm that this is >> correct. Or should it be informative instead? >>>>>>>>>> >>>>>>>>>> That’s correct. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>>> e) We note that RFCs 6991 and 7231 are only referenced in the >> YANG >>>>>>>>>>>>> module and not in the running text. In order to have a 1:1 >> matchup >>>>>>>>>>>>> between the references section and the text, may we add an >> introductory >>>>>>>>>>>>> sentence before the YANG module that includes these citations >> (option i)? >>>>>>>>>>>>> Alternatively, you may reference all of the RFCs that are >> mentioned >>>>>>>>>>>>> (option ii). Please let us know your preference. >>>>>>>>>>>>> >>>>>>>>>>>>> Perhaps: >>>>>>>>>>>>> i) This YANG module references [RFC6991] and [RFC7231]. >>>>>>>>>>>>> or >>>>>>>>>>>>> ii) This YANG module references [RFC6991], [RFC7231], >> [RFC7252], >>>>>>>>>>>>> [RFC8520], and [RFC9110]. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ii seems complete. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 2) Regarding this question: >>>>>>>>>>> >>>>>>>>>>>>> 11) <!--[rfced] Is this sentence intended to be an ordered list >> (option A) >>>>>>>>>>>>> or are "any change in a URL" and "any change to the authority >>>>>>>>>>>>> section" the 2 risks that are being referred to (option B)? >>>>>>>>>>>>> >>>>>>>>>>>>> Original: >>>>>>>>>>>>> To address either risk, any change in a URL, and in particular to >> the >>>>>>>>>>>>> authority section, two approaches may be used: >>>>>>>>>>>>> >>>>>>>>>>>>> Perhaps: >>>>>>>>>>>>> A) To address either risk, any change in a URL, and particularly >> any change >>>>>>>>>>>>> to the authority section, two approaches may be used: >>>>>>>>>>>>> >>>>>>>>>>>>> or >>>>>>>>>>>>> >>>>>>>>>>>>> B) To address either risk, i.e., any change in a URL and, in >> particular, to >>>>>>>>>>>>> the authority section, two approaches may be used: >>>>>>>>>>>>> --> >>>>>>>>>>>> >>>>>>>>>>>> How about: >>>>>>>>>>>> >>>>>>>>>>>>> (C) To address either risk, any change in a URL, and in particular >> to the >>>>>>>>>>>>> authority section; two approaches may be used: >>>>>>>>>>>> >>>>>>>>>>>> ? >>>>>>>>>>> >>>>>>>>>>> We are still having trouble understanding this sentence. (Note that >> the text before the semicolon in (C) is not a complete sentence.) Would >> something like the following work? >>>>>>>>>>> >>>>>>>>>>> Perhaps: >>>>>>>>>>> Two approaches may be used to address these risks and any change >> in a URL (particularly in the >>>>>>>>>>> authority section): >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Ok, having re-read the context, the authority section phrase is >> redundant, so we can say: >>>>>>>>>> >>>>>>>>>>> To address either of these risks or any tampering of a URL: >>>>>>>>>> >>>>>>>>> >>>>>>>>> This seems fine. >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 3) Regarding this question: >>>>>>>>>>> >>>>>>>>>>>>> 15) <!-- [rfced] The following lines exceed the 72-character limit >> for >>>>>>>>>>>>> sourcecode. Please let us know how these lines can be modified. >>>>>>>>>>>>> >>>>>>>>>>>>> Section 5.1 (1 character over): >>>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>>>>>>>> >>>>>>>>>>>>> Section 5.2 (1 character over): >>>>>>>>>>>>> "systeminfo": "mixed example: SBOM on device, vuln info in >> cloud", >>>>>>>>>>>>> >>>>>>>>>>>>> Section 5.3 (2 characters over): >>>>>>>>>>>>> "contact-info": "https://iot-device.example.com/contact- >> info.html", >>>>>>>>>>>>> >>>>>>>>>>>>> Section 5.3 (1 character over): >>>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>>>>>>>> --> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Would you mind out-denting these lines? >>>>>>>>>>> >>>>>>>>>>> Please confirm that we updated these correctly. We moved the lines >> in each example mentioned above one or two spaces (as appropriate) to the >> left to meet the character limit, though we couldn’t not move the “{“ at the >> beginning and end of each example as these were already at the left margin. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> That’s okay. >>>>>>>>>> >>>>>>>>>> Aside: this 72 character limit was VERY important when printers >> could only print 80 columns, but that was on its way out even when *I* was a >> student in the 80s (I never saw an actual line printer after college). >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> >>>>>>>>>> Eliot >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ______________ >>>>>>>>>>> >>>>>>>>>>> Updated XML file: >>>>>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>>>>>>>> >>>>>>>>>>> Updated output files: >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>>>>>>>> >>>>>>>>>>> Diff file showing all changes made during AUTH48: >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>>>>>>>> >>>>>>>>>>> Diff files showing all changes: >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by- >> side diff) >>>>>>>>>>> >>>>>>>>>>> Note that it may be necessary for you to refresh your browser to >> view the most recent version. >>>>>>>>>>> >>>>>>>>>>> For the AUTH48 status of this document, please see: >>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>>>>>>>> >>>>>>>>>>> Thank you, >>>>>>>>>>> >>>>>>>>>>> RFC Editor/st >>>>>>>>>>> >>>>>>>>>>>> On Sep 11, 2023, at 12:23 PM, Rose, Scott W. (Fed) >> <scott.rose=40nist.gov@dmarc.ietf.org> wrote: >>>>>>>>>>>> >>>>>>>>>>>> On 8 Sep 2023, at 19:26, rfc-editor@rfc-editor.org wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Authors and *AD, >>>>>>>>>>>>> >>>>>>>>>>>>> While reviewing this document during AUTH48, please resolve (as >> necessary) the following questions, which are also in the XML file. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> 17) <!-- [rfced] FYI: We have added expansions for the following >> abbreviations >>>>>>>>>>>>> per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review >> each >>>>>>>>>>>>> expansion in the document carefully to ensure correctness. >>>>>>>>>>>>> >>>>>>>>>>>>> Access Control Lists (ACLs) >>>>>>>>>>>>> Constrained Application Protocol (CoAP) >>>>>>>>>>>>> Internet of Things (IoT) >>>>>>>>>>>>> --> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> 18) <!-- [rfced] Please review the "Inclusive Language" portion of >> the online >>>>>>>>>>>>> Style Guide <https://www.rfc- >> editor.org/styleguide/part2/#inclusive_language> >>>>>>>>>>>>> and let us know if any changes are needed. >>>>>>>>>>>>> >>>>>>>>>>>>> Note that our script did not flag any words in particular, but this >> should >>>>>>>>>>>>> still be reviewed as a best practice. >>>>>>>>>>>>> --> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> FWIW, I did a pass through to match against the NIST inclusive >> language guidance and did not find anything that needed to be addressed. >> Future changes may change that (not likely, but maybe). >>>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>>> Scott >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ================================== >>>>>>>>>>>> Scott Rose NIST/CTL >>>>>>>>>>>> scott.rose@nist.gov >>>>>>>>>>>> ph: +1-301-975-8439 (w) >>>>>>>>>>>> +1-571-249-3761 (GoogleVoice) >>>>>>>>>>>> ================================== >>>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ================================== >>>>>>>>> Scott Rose NIST/CTL >>>>>>>>> scott.rose@nist.gov >>>>>>>>> ph: +1-301-975-8439 (w) >>>>>>>>> +1-571-249-3761 (GoogleVoice) >>>>>>>>> ================================== >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >
- [auth48] AUTH48: RFC-to-be 9472 <draft-ietf-opsaw… rfc-editor
- [auth48] [AD] Re: AUTH48: RFC-to-be 9472 <draft-i… rfc-editor
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- [auth48] [IANA] Re: [AD] AUTH48: RFC-to-be 9472 <… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- [auth48] Fwd: [IANA #1282204] [IANA] Re: [AD] AUT… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant