Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
Eliot Lear <lear@cisco.com> Tue, 03 October 2023 05:50 UTC
Return-Path: <lear@cisco.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 377C7C14CE2E; Mon, 2 Oct 2023 22:50:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.607
X-Spam-Level:
X-Spam-Status: No, score=-9.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xLe7DuSIR9fh; Mon, 2 Oct 2023 22:50:15 -0700 (PDT)
Received: from aer-iport-6.cisco.com (aer-iport-6.cisco.com [173.38.203.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A2DCC14CE44; Mon, 2 Oct 2023 22:50:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=26306; q=dns/txt; s=iport; t=1696312215; x=1697521815; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=3EE0P/toIh/blu3Ws/Nk6TBt60p200X3gWWfrknqS9U=; b=llDk3c877U3XK/YJq2PfBdXknvTC9sj100ch4/n43aJpDOIQadWGy6tR 8tKNlByCilEdqLfnQCVto9jLbNsFEgWkKD9BTICEj1vqQflkfcXZRskbC njG6wGLwMK+s6CsQ0+kYUgD4MGbWlli4igCw2e2sX0z+vVKNGMnDrOG27 E=;
X-CSE-ConnectionGUID: MAoTeA4SRoGTUr4kyNgt6A==
X-CSE-MsgGUID: tvoysDqTS423VyNe68APYQ==
X-IronPort-AV: E=Sophos;i="6.03,196,1694736000"; d="scan'208";a="6734299"
Received: from aer-iport-nat.cisco.com (HELO aer-core-6.cisco.com) ([173.38.203.22]) by aer-iport-6.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Oct 2023 05:50:13 +0000
Received: from smtpclient.apple ([10.61.156.35]) by aer-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 3935oCST023241 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Tue, 3 Oct 2023 05:50:12 GMT
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
From: Eliot Lear <lear@cisco.com>
In-Reply-To: <MN2PR11MB4207CC7CDEF777CC23C74014B5C5A@MN2PR11MB4207.namprd11.prod.outlook.com>
Date: Tue, 03 Oct 2023 07:50:01 +0200
Cc: Sarah Tarrant <starrant@amsl.com>, "Rose, Scott W. (Fed)" <scott.rose@nist.gov>, RFC Editor <rfc-editor@rfc-editor.org>, "opsawg-ads@ietf.org" <opsawg-ads@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "bill.wu@huawei.com" <bill.wu@huawei.com>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <86F54FB4-2959-4EDE-BAE7-8F24CFCE544C@cisco.com>
References: <20230908232621.2FE7CE5EA7@rfcpa.amsl.com> <BE129746-6B47-4FA8-A918-44B728F347C3@nist.gov> <2F1A389E-ABED-4C37-B41A-79A9E15D59CA@amsl.com> <1D2F40E4-3276-49E3-B70C-D6FC5FAC0430@cisco.com> <621E366B-9EC0-4783-B075-8EAD78A75CD6@nist.gov> <96C191BF-2D68-47CF-9672-9DD33EACB4C0@amsl.com> <4F18F944-A918-4AFE-B56D-606E48497E32@cisco.com> <6ED283CE-8A6F-4AF3-BF24-86EC4F088DA2@amsl.com> <7E392C5B-CA0D-440A-9C10-9668D7AD4F79@cisco.com> <0A4B2338-BBB0-41B0-8DA9-BC76B0CE5666@amsl.com> <93975E7A-00F5-4F8C-99DB-D1BD27868B0B@cisco.com> <C862785F-B36C-4CB8-84EA-F86EE7C099B3@amsl.com> <BY5PR11MB419611B1FE3E5481D270D3C3B5C2A@BY5PR11MB4196.namprd11.prod.outlook.com> <FFA1DBCC-1012-4E5D-B0EA-BC0B8C1E5B39@cisco.com> <MN2PR11MB4207CC7CDEF777CC23C74014B5C5A@MN2PR11MB4207.namprd11.prod.outlook.com>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
X-Outbound-SMTP-Client: 10.61.156.35, [10.61.156.35]
X-Outbound-Node: aer-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/MiIMJMHUDscjXd_9lVdzSfOyu6c>
Subject: Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Oct 2023 05:50:20 -0000
Ok. Sarah, do you have what you need? Eliot > On Oct 2, 2023, at 11:49, Rob Wilton (rwilton) <rwilton@cisco.com> wrote: > > Hi Eliot, > > That is fine. > > Regards, > Rob > > >> -----Original Message----- >> From: Eliot Lear <lear@cisco.com> >> Sent: Thursday, September 28, 2023 3:05 PM >> To: Rob Wilton (rwilton) <rwilton@cisco.com> >> Cc: Sarah Tarrant <starrant@amsl.com>; Rose, Scott W. (Fed) >> <scott.rose@nist.gov>; RFC Editor <rfc-editor@rfc-editor.org>; opsawg- >> ads@ietf.org; opsawg-chairs@ietf.org; bill.wu@huawei.com; >> auth48archive@rfc-editor.org >> Subject: Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> >> for your review >> >> Ok, I’ve reviewed this. I think in this instance, since we are talking about a JSON >> example, and the JSON document ignores spaces and still parses, we can just >> leave it as is. I don’t think it’s necessary to reflow. Are you okay with that Rob? >> >> Eliot >> >>> On Sep 27, 2023, at 12:32, Rob Wilton (rwilton) <rwilton@cisco.com> wrote: >>> >>> Hi Sarah, Eliot, >>> >>> Sorry for the delay. >>> >>> Regarding the changes in 5.1 and 5.3: >>> >>> Rather than outdenting, did we consider leveraging RFC 8792? E.g., to cite a >> random specific example, see the end of section 2.2.2 of >> https://datatracker.ietf.org/doc/draft-ietf-netconf-crypto-types/ >>> >>> Example: >>> =============== NOTE: '\' line wrapping per RFC 8792 ================ >>> >>> <rpc-reply message-id="101" >>> xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> >>> <p10-csr xmlns="http://example.com/ns/example-crypto-types-usage">\ >>> BASE64VALUE=</p10-csr> >>> </rpc-reply> >>> >>> The advantage of this is that tooling can extract the example from the RFC >> and still give a completely normal properly indented example. I'm not sure >> how many recent YANG RFCs have started to do this, but I think that this is what >> I'm starting to more commonly see. >>> >>> Thanks, >>> Rob >>> >>> >>>> -----Original Message----- >>>> From: Sarah Tarrant <starrant@amsl.com> >>>> Sent: Friday, September 22, 2023 3:15 PM >>>> To: Eliot Lear <lear@cisco.com> >>>> Cc: Rob Wilton (rwilton) <rwilton@cisco.com>; Rose, Scott W. (Fed) >>>> <scott.rose@nist.gov>; RFC Editor <rfc-editor@rfc-editor.org>; opsawg- >>>> ads@ietf.org; opsawg-chairs@ietf.org; bill.wu@huawei.com; >>>> auth48archive@rfc-editor.org >>>> Subject: Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access- >> 18> >>>> for your review >>>> >>>> Hi Eliot, >>>> >>>> Thank you for your reply. We have marked your approval on the AUTH48 >> status >>>> page for this document (see https://www.rfc-editor.org/auth48/rfc9472). >>>> >>>> IANA has completed the update to the “YANG Module Names” registry. >>>> >>>> We will move this document forward in the publication process once we >> receive >>>> approval from Rob on the changes to the sourcecode in Sections 5.1 and 5.3. >>>> >>>> Thank you, >>>> RFC Editor/st >>>> >>>>> On Sep 21, 2023, at 1:32 AM, Eliot Lear <lear@cisco.com> wrote: >>>>> >>>>> Hi Sarah, >>>>> >>>>> I approve publication. Thanks to you and the RPC for your work on this >>>> document. >>>>> >>>>> Eliot >>>>> >>>>>> On 20 Sep 2023, at 22:59, Sarah Tarrant <starrant@amsl.com> wrote: >>>>>> >>>>>> Hi Eliot, >>>>>> >>>>>> Thank you for spotting the issue with Section 7.2 and the IANA registry. >> We >>>> agree that "ietf-mud” should be updated to "ietf-mud-transparency” in >> Section >>>> 7.2 and have made that change. In a separate email, we will request that >> IANA >>>> update the “YANG Module Names” registry accordingly. >>>>>> >>>>>> Updated XML file: >>>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>>> >>>>>> Updated output files: >>>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>>> >>>>>> Diff file showing all changes made during AUTH48: >>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>>> >>>>>> Diff files showing all changes: >>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side diff) >>>>>> >>>>>> Note that it may be necessary for you to refresh your browser to view the >>>> most recent version. >>>>>> >>>>>> For the AUTH48 status of this document, please see: >>>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>>> >>>>>> Thank you, >>>>>> RFC Editor/st >>>>>> >>>>>>> On Sep 19, 2023, at 12:42 AM, Eliot Lear <lear@cisco.com> wrote: >>>>>>> >>>>>>> Hi Sarah, >>>>>>> >>>>>>> I think I’ve caught one more small issue, but this is with the IANA registry. >>>> Could you please check with them on the following: >>>>>>> >>>>>>> In 7.2, I think the name field is supposed to be ietf-mud-transparency and >>>> not ietf-mud. >>>>>>> >>>>>>> After this matter is resolved, I can approve publication. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Eliot >>>>>>> >>>>>>> >>>>>>>> On 18 Sep 2023, at 20:37, Sarah Tarrant <starrant@amsl.com> wrote: >>>>>>>> >>>>>>>> Hello Eliot and Rob*, >>>>>>>> >>>>>>>> Elliot, thank you for your reply. We have updated the document >>>> accordingly. >>>>>>>> >>>>>>>> *Rob, as AD, please review and approve the changes to the sourcecode >> in >>>> Sections 5.1 and 5.3. These changes are best viewed in this diff file: >>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html. >>>>>>>> >>>>>>>> We will await approvals from each of the parties listed above prior to >>>> moving this document forward in the publication process. >>>>>>>> >>>>>>>> Updated XML file: >>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>>>>> >>>>>>>> Updated output files: >>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>>>>> >>>>>>>> Diff file showing all changes made during AUTH48: >>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>>>>> >>>>>>>> Diff files showing all changes: >>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side >> diff) >>>>>>>> >>>>>>>> Note that it may be necessary for you to refresh your browser to view >> the >>>> most recent version. >>>>>>>> >>>>>>>> For the AUTH48 status of this document, please see: >>>>>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>>>>> >>>>>>>> Thank you, >>>>>>>> >>>>>>>> RFC Editor/st >>>>>>>> >>>>>>>>> On Sep 16, 2023, at 9:04 AM, Eliot Lear <lear@cisco.com> wrote: >>>>>>>>> >>>>>>>>> Sarah, >>>>>>>>> >>>>>>>>> I believe that I have found several errors in the examples. There are >> two >>>> problems: >>>>>>>>> >>>>>>>>> 1. sbom-url should appear as part of an array of objects, and is not. >>>>>>>>> 2. There is one case where mudtx wasn’t used where it should have >>>> been. >>>>>>>>> @Rob, please check me on this. This should correspond to "list sboms” >>>> in the model. >>>>>>>>> >>>>>>>>> In Section 5.1, first example, the change is adding the sboms array: >>>>>>>>> >>>>>>>>> OLD: >>>>>>>>> { >>>>>>>>> "ietf-mud:mud": { >>>>>>>>> "mud-version": 1, >>>>>>>>> "extensions": [ >>>>>>>>> "transparency" >>>>>>>>> ], >>>>>>>>> "mudtx:transparency": { >>>>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json", >>>>>>>>> "vuln-url" : [ >>>>>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>>>>> ] >>>>>>>>> }, >>>>>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>>>>> "cache-validity": 48, >>>>>>>>> "is-supported": true, >>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>>>> "mfg-name": "Example, Inc.", >>>>>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>>>>> "model-name": "modelX" >>>>>>>>> } >>>>>>>>> } >>>>>>>>> NEW: >>>>>>>>> { >>>>>>>>> "ietf-mud:mud": { >>>>>>>>> "mud-version": 1, >>>>>>>>> "extensions": [ >>>>>>>>> "transparency" >>>>>>>>> ], >>>>>>>>> "mudtx:transparency": { >>>>>>>>> sboms: [ { >>>>>>>>> "version-info": "1.2", >>>>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json" >>>>>>>>> } ], >>>>>>>>> "vuln-url" : [ >>>>>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>>>>> ] >>>>>>>>> }, >>>>>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>>>>> "cache-validity": 48, >>>>>>>>> "is-supported": true, >>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>>>> "mfg-name": "Example, Inc.", >>>>>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>>>>> "model-name": "modelX" >>>>>>>>> } >>>>>>>>> } >>>>>>>>> >>>>>>>>> Section 5.1, 2nd Example, same change: >>>>>>>>> >>>>>>>>> >>>>>>>>> OLD: >>>>>>>>> >>>>>>>>> { >>>>>>>>> "ietf-mud:mud": { >>>>>>>>> "mud-version": 1, >>>>>>>>> "extensions": [ >>>>>>>>> "transparency" >>>>>>>>> ], >>>>>>>>> "mudtx:transparency": { >>>>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json" >>>>>>>>> }, >>>>>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>>>>> "cache-validity": 48, >>>>>>>>> "is-supported": true, >>>>>>>>> "systeminfo": "retrieving only SBOM info via a cloud service", >>>>>>>>> "mfg-name": "Example, Inc.", >>>>>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>>>>> "model-name": "modelX" >>>>>>>>> } >>>>>>>>> } >>>>>>>>> NEW: >>>>>>>>> { >>>>>>>>> "ietf-mud:mud": { >>>>>>>>> "mud-version": 1, >>>>>>>>> "extensions": [ >>>>>>>>> "transparency" >>>>>>>>> ], >>>>>>>>> "mudtx:transparency": { >>>>>>>>> sboms: [ { >>>>>>>>> "version-info": "1.2", >>>>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json" >>>>>>>>> } ], >>>>>>>>> }, >>>>>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>>>>> "cache-validity": 48, >>>>>>>>> "is-supported": true, >>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>>>> "mfg-name": "Example, Inc.", >>>>>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>>>>> "model-name": "modelX" >>>>>>>>> } >>>>>>>>> } >>>>>>>>> >>>>>>>>> Section 5.3: >>>>>>>>> >>>>>>>>> OLD: >>>>>>>>> { >>>>>>>>> "ietf-mud:mud": { >>>>>>>>> "mud-version": 1, >>>>>>>>> "extensions": [ >>>>>>>>> "transparency" >>>>>>>>> ], >>>>>>>>> "ietf-mud-transparency:transparency": { >>>>>>>>> "contact-info": "https://iot-device.example.com/contact-info.html", >>>>>>>>> "vuln-url" : [ >>>>>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>>>>> ] >>>>>>>>> }, >>>>>>>>> "mud-url": "https://iot-device.example.com/modelX.json", >>>>>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s", >>>>>>>>> "last-update": "2021-07-09T06:16:42+00:00", >>>>>>>>> "cache-validity": 48, >>>>>>>>> "is-supported": true, >>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>>>> "mfg-name": "Example, Inc.", >>>>>>>>> "documentation": "https://iot-device.example.com/doc/modelX", >>>>>>>>> "model-name": "modelX" >>>>>>>>> } >>>>>>>>> } >>>>>>>>> NEW: >>>>>>>>> { >>>>>>>>> "ietf-mud:mud": { >>>>>>>>> "mud-version": 1, >>>>>>>>> "extensions": [ >>>>>>>>> "transparency" >>>>>>>>> ], >>>>>>>>> "mudtx:transparency": { >>>>>>>>> "contact-info": "https://iot-device.example.com/contact-info.html", >>>>>>>>> "vuln-url" : [ >>>>>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>>>>> ] >>>>>>>>> }, >>>>>>>>> "mud-url": "https://iot-device.example.com/modelX.json", >>>>>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s", >>>>>>>>> "last-update": "2021-07-09T06:16:42+00:00", >>>>>>>>> "cache-validity": 48, >>>>>>>>> "is-supported": true, >>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>>>>> "mfg-name": "Example, Inc.", >>>>>>>>> "documentation": "https://iot-device.example.com/doc/modelX", >>>>>>>>> "model-name": "modelX" >>>>>>>>> } >>>>>>>>> } >>>>>>>>> Eliot >>>>>>>>>> On 13 Sep 2023, at 22:34, Sarah Tarrant <starrant@amsl.com> wrote: >>>>>>>>>> >>>>>>>>>> Hello Eliot and Scott, >>>>>>>>>> >>>>>>>>>> Thank you for your replies. We have updated the document >> accordingly, >>>> and all of our questions for the authors have been addressed. >>>>>>>>>> >>>>>>>>>> Please review the document carefully to ensure satisfaction as we do >>>> not make changes once it has been published as an RFC. Contact us with any >>>> further updates or with your approval of the document in its current form. >> We >>>> will await approvals from each author prior to moving forward in the >>>> publication process. We also need Rob’s AD approval of the change in Section >>>> 1.3 and review of question #10 prior to moving forward. >>>>>>>>>> >>>>>>>>>> Updated XML file: >>>>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>>>>>>> >>>>>>>>>> Updated output files: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>>>>>>> >>>>>>>>>> Diff file showing all changes made during AUTH48: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>>>>>>> >>>>>>>>>> Diff files showing all changes: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side >>>> diff) >>>>>>>>>> >>>>>>>>>> Note that it may be necessary for you to refresh your browser to view >>>> the most recent version. >>>>>>>>>> >>>>>>>>>> For the AUTH48 status of this document, please see: >>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>>>>>>> >>>>>>>>>> Thank you, >>>>>>>>>> >>>>>>>>>> RFC Editor/st >>>>>>>>>> >>>>>>>>>>> On Sep 13, 2023, at 8:14 AM, Rose, Scott W. (Fed) >>>> <scott.rose@nist.gov> wrote: >>>>>>>>>>> >>>>>>>>>>> Sarah, >>>>>>>>>>> I am generally fine with the changes, specific replies below: >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Scott >>>>>>>>>>> >>>>>>>>>>> On 13 Sep 2023, at 3:15, Eliot Lear wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Sarah and thanks! Please see below. >>>>>>>>>>>> >>>>>>>>>>>>> On 12 Sep 2023, at 20:50, Sarah Tarrant <starrant@amsl.com> >>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Hello Eliot, Scott, and Rob*, >>>>>>>>>>>>> >>>>>>>>>>>>> *Rob, as AD, please review the change in the last paragraph of >>>> Section 1.3 and let us know if you approve. The change is best viewed in this >> diff >>>> file: https://www.rfc-editor.org/authors/rfc9472-auth48diff.html. Also, please >> let >>>> us know your thoughts on this question (note that RFCs 6242, 8341, and 8446 >>>> are included in the template at https://trac.ietf.org/trac/ops/wiki/yang- >> security- >>>> guidelines): >>>>>>>>>>>>> >>>>>>>>>>>>>> 10) <!-- [rfced] *[AD] Section 6: The Security Considerations >>>> section does not >>>>>>>>>>>>>> follow the requirements listed on >>>>>>>>>>>>>> https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines, >> which >>>> says >>>>>>>>>>>>>> "This section MUST be patterned after the latest approved >>>> template." >>>>>>>>>>>>>> Please confirm if the current text is acceptable per the context >> of >>>> the >>>>>>>>>>>>>> document or if any further updates are needed in order to >> follow >>>> the >>>>>>>>>>>>>> template. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Also, please confirm if it is acceptable that RFCs 6242, 8341, and >>>>>>>>>>>>>> 8446 are not listed in the Normative References section or if >> they >>>>>>>>>>>>>> should be added. >>>>>>>>>>>>>> —> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Eliot and Scott, thank you for your replies; we have updated the >>>> document accordingly. We have a few followup questions: >>>>>>>>>>>>> >>>>>>>>>>>>> 1) We added the sentence in ii) per your reply to this question. >> We >>>> also added RFC 7231 as a normative reference. Please confirm that this is >>>> correct. Or should it be informative instead? >>>>>>>>>>>> >>>>>>>>>>>> That’s correct. >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>>> e) We note that RFCs 6991 and 7231 are only referenced in the >>>> YANG >>>>>>>>>>>>>>> module and not in the running text. In order to have a 1:1 >>>> matchup >>>>>>>>>>>>>>> between the references section and the text, may we add an >>>> introductory >>>>>>>>>>>>>>> sentence before the YANG module that includes these citations >>>> (option i)? >>>>>>>>>>>>>>> Alternatively, you may reference all of the RFCs that are >>>> mentioned >>>>>>>>>>>>>>> (option ii). Please let us know your preference. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Perhaps: >>>>>>>>>>>>>>> i) This YANG module references [RFC6991] and [RFC7231]. >>>>>>>>>>>>>>> or >>>>>>>>>>>>>>> ii) This YANG module references [RFC6991], [RFC7231], >>>> [RFC7252], >>>>>>>>>>>>>>> [RFC8520], and [RFC9110]. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ii seems complete. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> 2) Regarding this question: >>>>>>>>>>>>> >>>>>>>>>>>>>>> 11) <!--[rfced] Is this sentence intended to be an ordered list >>>> (option A) >>>>>>>>>>>>>>> or are "any change in a URL" and "any change to the authority >>>>>>>>>>>>>>> section" the 2 risks that are being referred to (option B)? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Original: >>>>>>>>>>>>>>> To address either risk, any change in a URL, and in particular to >>>> the >>>>>>>>>>>>>>> authority section, two approaches may be used: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Perhaps: >>>>>>>>>>>>>>> A) To address either risk, any change in a URL, and particularly >>>> any change >>>>>>>>>>>>>>> to the authority section, two approaches may be used: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> or >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> B) To address either risk, i.e., any change in a URL and, in >>>> particular, to >>>>>>>>>>>>>>> the authority section, two approaches may be used: >>>>>>>>>>>>>>> --> >>>>>>>>>>>>>> >>>>>>>>>>>>>> How about: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> (C) To address either risk, any change in a URL, and in >> particular >>>> to the >>>>>>>>>>>>>>> authority section; two approaches may be used: >>>>>>>>>>>>>> >>>>>>>>>>>>>> ? >>>>>>>>>>>>> >>>>>>>>>>>>> We are still having trouble understanding this sentence. (Note >> that >>>> the text before the semicolon in (C) is not a complete sentence.) Would >>>> something like the following work? >>>>>>>>>>>>> >>>>>>>>>>>>> Perhaps: >>>>>>>>>>>>> Two approaches may be used to address these risks and any >> change >>>> in a URL (particularly in the >>>>>>>>>>>>> authority section): >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Ok, having re-read the context, the authority section phrase is >>>> redundant, so we can say: >>>>>>>>>>>> >>>>>>>>>>>>> To address either of these risks or any tampering of a URL: >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This seems fine. >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> 3) Regarding this question: >>>>>>>>>>>>> >>>>>>>>>>>>>>> 15) <!-- [rfced] The following lines exceed the 72-character >> limit >>>> for >>>>>>>>>>>>>>> sourcecode. Please let us know how these lines can be >> modified. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Section 5.1 (1 character over): >>>>>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud >> service", >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Section 5.2 (1 character over): >>>>>>>>>>>>>>> "systeminfo": "mixed example: SBOM on device, vuln info in >>>> cloud", >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Section 5.3 (2 characters over): >>>>>>>>>>>>>>> "contact-info": "https://iot-device.example.com/contact- >>>> info.html", >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Section 5.3 (1 character over): >>>>>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud >> service", >>>>>>>>>>>>>>> --> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Would you mind out-denting these lines? >>>>>>>>>>>>> >>>>>>>>>>>>> Please confirm that we updated these correctly. We moved the >> lines >>>> in each example mentioned above one or two spaces (as appropriate) to the >>>> left to meet the character limit, though we couldn’t not move the “{“ at the >>>> beginning and end of each example as these were already at the left margin. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> That’s okay. >>>>>>>>>>>> >>>>>>>>>>>> Aside: this 72 character limit was VERY important when printers >>>> could only print 80 columns, but that was on its way out even when *I* was a >>>> student in the 80s (I never saw an actual line printer after college). >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> >>>>>>>>>>>> Eliot >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ______________ >>>>>>>>>>>>> >>>>>>>>>>>>> Updated XML file: >>>>>>>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>>>>>>>>>> >>>>>>>>>>>>> Updated output files: >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>>>>>>>>>> >>>>>>>>>>>>> Diff file showing all changes made during AUTH48: >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>>>>>>>>>> >>>>>>>>>>>>> Diff files showing all changes: >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by- >>>> side diff) >>>>>>>>>>>>> >>>>>>>>>>>>> Note that it may be necessary for you to refresh your browser to >>>> view the most recent version. >>>>>>>>>>>>> >>>>>>>>>>>>> For the AUTH48 status of this document, please see: >>>>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>>>>>>>>>> >>>>>>>>>>>>> Thank you, >>>>>>>>>>>>> >>>>>>>>>>>>> RFC Editor/st >>>>>>>>>>>>> >>>>>>>>>>>>>> On Sep 11, 2023, at 12:23 PM, Rose, Scott W. (Fed) >>>> <scott.rose=40nist.gov@dmarc.ietf.org> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> On 8 Sep 2023, at 19:26, rfc-editor@rfc-editor.org wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Authors and *AD, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> While reviewing this document during AUTH48, please resolve >> (as >>>> necessary) the following questions, which are also in the XML file. >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 17) <!-- [rfced] FYI: We have added expansions for the >> following >>>> abbreviations >>>>>>>>>>>>>>> per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review >>>> each >>>>>>>>>>>>>>> expansion in the document carefully to ensure correctness. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Access Control Lists (ACLs) >>>>>>>>>>>>>>> Constrained Application Protocol (CoAP) >>>>>>>>>>>>>>> Internet of Things (IoT) >>>>>>>>>>>>>>> --> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 18) <!-- [rfced] Please review the "Inclusive Language" portion >> of >>>> the online >>>>>>>>>>>>>>> Style Guide <https://www.rfc- >>>> editor.org/styleguide/part2/#inclusive_language> >>>>>>>>>>>>>>> and let us know if any changes are needed. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Note that our script did not flag any words in particular, but this >>>> should >>>>>>>>>>>>>>> still be reviewed as a best practice. >>>>>>>>>>>>>>> --> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> FWIW, I did a pass through to match against the NIST inclusive >>>> language guidance and did not find anything that needed to be addressed. >>>> Future changes may change that (not likely, but maybe). >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>> Scott >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ================================== >>>>>>>>>>>>>> Scott Rose NIST/CTL >>>>>>>>>>>>>> scott.rose@nist.gov >>>>>>>>>>>>>> ph: +1-301-975-8439 (w) >>>>>>>>>>>>>> +1-571-249-3761 (GoogleVoice) >>>>>>>>>>>>>> ================================== >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ================================== >>>>>>>>>>> Scott Rose NIST/CTL >>>>>>>>>>> scott.rose@nist.gov >>>>>>>>>>> ph: +1-301-975-8439 (w) >>>>>>>>>>> +1-571-249-3761 (GoogleVoice) >>>>>>>>>>> ================================== >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>> >
- [auth48] AUTH48: RFC-to-be 9472 <draft-ietf-opsaw… rfc-editor
- [auth48] [AD] Re: AUTH48: RFC-to-be 9472 <draft-i… rfc-editor
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- [auth48] [IANA] Re: [AD] AUTH48: RFC-to-be 9472 <… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- [auth48] Fwd: [IANA #1282204] [IANA] Re: [AD] AUT… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant