Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review

[Eliot Lear <lear@cisco.com>]

Ok.  Sarah, do you have what you need?

Eliot

> On Oct 2, 2023, at 11:49, Rob Wilton (rwilton) <rwilton@cisco.com> wrote:
> 
> Hi Eliot,
> 
> That is fine.
> 
> Regards,
> Rob
> 
> 
>> -----Original Message-----
>> From: Eliot Lear <lear@cisco.com>
>> Sent: Thursday, September 28, 2023 3:05 PM
>> To: Rob Wilton (rwilton) <rwilton@cisco.com>
>> Cc: Sarah Tarrant <starrant@amsl.com>; Rose, Scott W. (Fed)
>> <scott.rose@nist.gov>; RFC Editor <rfc-editor@rfc-editor.org>; opsawg-
>> ads@ietf.org; opsawg-chairs@ietf.org; bill.wu@huawei.com;
>> auth48archive@rfc-editor.org
>> Subject: Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18>
>> for your review
>> 
>> Ok, I’ve reviewed this.  I think in this instance, since we are talking about a JSON
>> example, and the JSON document ignores spaces and still parses, we can just
>> leave it as is.  I don’t think it’s necessary to reflow.  Are you okay with that Rob?
>> 
>> Eliot
>> 
>>> On Sep 27, 2023, at 12:32, Rob Wilton (rwilton) <rwilton@cisco.com> wrote:
>>> 
>>> Hi Sarah, Eliot,
>>> 
>>> Sorry for the delay.
>>> 
>>> Regarding the changes in 5.1 and 5.3:
>>> 
>>> Rather than outdenting, did we consider leveraging RFC 8792?  E.g., to cite a
>> random specific example, see the end of section 2.2.2 of
>> https://datatracker.ietf.org/doc/draft-ietf-netconf-crypto-types/
>>> 
>>> Example:
>>>  =============== NOTE: '\' line wrapping per RFC 8792 ================
>>> 
>>>  <rpc-reply message-id="101"
>>>    xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
>>>    <p10-csr xmlns="http://example.com/ns/example-crypto-types-usage">\
>>>  BASE64VALUE=</p10-csr>
>>>  </rpc-reply>
>>> 
>>> The advantage of this is that tooling can extract the example from the RFC
>> and still give a completely normal properly indented example.  I'm not sure
>> how many recent YANG RFCs have started to do this, but I think that this is what
>> I'm starting to more commonly see.
>>> 
>>> Thanks,
>>> Rob
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: Sarah Tarrant <starrant@amsl.com>
>>>> Sent: Friday, September 22, 2023 3:15 PM
>>>> To: Eliot Lear <lear@cisco.com>
>>>> Cc: Rob Wilton (rwilton) <rwilton@cisco.com>; Rose, Scott W. (Fed)
>>>> <scott.rose@nist.gov>; RFC Editor <rfc-editor@rfc-editor.org>; opsawg-
>>>> ads@ietf.org; opsawg-chairs@ietf.org; bill.wu@huawei.com;
>>>> auth48archive@rfc-editor.org
>>>> Subject: Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-
>> 18>
>>>> for your review
>>>> 
>>>> Hi Eliot,
>>>> 
>>>> Thank you for your reply. We have marked your approval on the AUTH48
>> status
>>>> page for this document (see https://www.rfc-editor.org/auth48/rfc9472).
>>>> 
>>>> IANA has completed the update to the “YANG Module Names” registry.
>>>> 
>>>> We will move this document forward in the publication process once we
>> receive
>>>> approval from Rob on the changes to the sourcecode in Sections 5.1 and 5.3.
>>>> 
>>>> Thank you,
>>>> RFC Editor/st
>>>> 
>>>>> On Sep 21, 2023, at 1:32 AM, Eliot Lear <lear@cisco.com> wrote:
>>>>> 
>>>>> Hi Sarah,
>>>>> 
>>>>> I approve publication.  Thanks to you and the RPC for your work on this
>>>> document.
>>>>> 
>>>>> Eliot
>>>>> 
>>>>>> On 20 Sep 2023, at 22:59, Sarah Tarrant <starrant@amsl.com> wrote:
>>>>>> 
>>>>>> Hi Eliot,
>>>>>> 
>>>>>> Thank you for spotting the issue with Section 7.2 and the IANA registry.
>> We
>>>> agree that "ietf-mud” should be updated to "ietf-mud-transparency” in
>> Section
>>>> 7.2 and have made that change. In a separate email, we will request that
>> IANA
>>>> update the “YANG Module Names” registry accordingly.
>>>>>> 
>>>>>> Updated XML file:
>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml
>>>>>> 
>>>>>> Updated output files:
>>>>>> https://www.rfc-editor.org/authors/rfc9472.html
>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt
>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf
>>>>>> 
>>>>>> Diff file showing all changes made during AUTH48:
>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
>>>>>> 
>>>>>> Diff files showing all changes:
>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html
>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side diff)
>>>>>> 
>>>>>> Note that it may be necessary for you to refresh your browser to view the
>>>> most recent version.
>>>>>> 
>>>>>> For the AUTH48 status of this document, please see:
>>>>>> https://www.rfc-editor.org/auth48/rfc9472
>>>>>> 
>>>>>> Thank you,
>>>>>> RFC Editor/st
>>>>>> 
>>>>>>> On Sep 19, 2023, at 12:42 AM, Eliot Lear <lear@cisco.com> wrote:
>>>>>>> 
>>>>>>> Hi Sarah,
>>>>>>> 
>>>>>>> I think I’ve caught one more small issue, but this is with the IANA registry.
>>>> Could you please check with them on the following:
>>>>>>> 
>>>>>>> In 7.2, I think the name field is supposed to be ietf-mud-transparency and
>>>> not ietf-mud.
>>>>>>> 
>>>>>>> After this matter is resolved, I can approve publication.
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> 
>>>>>>> Eliot
>>>>>>> 
>>>>>>> 
>>>>>>>> On 18 Sep 2023, at 20:37, Sarah Tarrant <starrant@amsl.com> wrote:
>>>>>>>> 
>>>>>>>> Hello Eliot and Rob*,
>>>>>>>> 
>>>>>>>> Elliot, thank you for your reply. We have updated the document
>>>> accordingly.
>>>>>>>> 
>>>>>>>> *Rob, as AD, please review and approve the changes to the sourcecode
>> in
>>>> Sections 5.1 and 5.3. These changes are best viewed in this diff file:
>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html.
>>>>>>>> 
>>>>>>>> We will await approvals from each of the parties listed above prior to
>>>> moving this document forward in the publication process.
>>>>>>>> 
>>>>>>>> Updated XML file:
>>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml
>>>>>>>> 
>>>>>>>> Updated output files:
>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html
>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt
>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf
>>>>>>>> 
>>>>>>>> Diff file showing all changes made during AUTH48:
>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
>>>>>>>> 
>>>>>>>> Diff files showing all changes:
>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html
>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side
>> diff)
>>>>>>>> 
>>>>>>>> Note that it may be necessary for you to refresh your browser to view
>> the
>>>> most recent version.
>>>>>>>> 
>>>>>>>> For the AUTH48 status of this document, please see:
>>>>>>>> https://www.rfc-editor.org/auth48/rfc9472
>>>>>>>> 
>>>>>>>> Thank you,
>>>>>>>> 
>>>>>>>> RFC Editor/st
>>>>>>>> 
>>>>>>>>> On Sep 16, 2023, at 9:04 AM, Eliot Lear <lear@cisco.com> wrote:
>>>>>>>>> 
>>>>>>>>> Sarah,
>>>>>>>>> 
>>>>>>>>> I believe that I have found several errors in the examples.  There are
>> two
>>>> problems:
>>>>>>>>> 
>>>>>>>>> 1.  sbom-url should appear as part of an array of objects, and is not.
>>>>>>>>> 2.  There is one case where mudtx wasn’t used where it should have
>>>> been.
>>>>>>>>> @Rob, please check me on this.  This should correspond to "list sboms”
>>>> in the model.
>>>>>>>>> 
>>>>>>>>> In Section 5.1, first example, the change is adding the sboms array:
>>>>>>>>> 
>>>>>>>>> OLD:
>>>>>>>>> {
>>>>>>>>> "ietf-mud:mud": {
>>>>>>>>> "mud-version": 1,
>>>>>>>>> "extensions": [
>>>>>>>>> "transparency"
>>>>>>>>> ],
>>>>>>>>> "mudtx:transparency": {
>>>>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json",
>>>>>>>>> "vuln-url" : [
>>>>>>>>> "https://iotd.example.com/info/modelX/csaf.json"
>>>>>>>>> ]
>>>>>>>>> },
>>>>>>>>> "mud-url": "https://iot.example.com/modelX.json",
>>>>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s",
>>>>>>>>> "last-update": "2022-01-05T13:29:12+00:00",
>>>>>>>>> "cache-validity": 48,
>>>>>>>>> "is-supported": true,
>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
>>>>>>>>> "mfg-name": "Example, Inc.",
>>>>>>>>> "documentation": "https://iot.example.com/doc/modelX",
>>>>>>>>> "model-name": "modelX"
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>> NEW:
>>>>>>>>> {
>>>>>>>>> "ietf-mud:mud": {
>>>>>>>>> "mud-version": 1,
>>>>>>>>> "extensions": [
>>>>>>>>> "transparency"
>>>>>>>>> ],
>>>>>>>>> "mudtx:transparency": {
>>>>>>>>> sboms: [ {
>>>>>>>>> "version-info": "1.2",
>>>>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json"
>>>>>>>>> } ],
>>>>>>>>> "vuln-url" : [
>>>>>>>>> "https://iotd.example.com/info/modelX/csaf.json"
>>>>>>>>> ]
>>>>>>>>> },
>>>>>>>>> "mud-url": "https://iot.example.com/modelX.json",
>>>>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s",
>>>>>>>>> "last-update": "2022-01-05T13:29:12+00:00",
>>>>>>>>> "cache-validity": 48,
>>>>>>>>> "is-supported": true,
>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
>>>>>>>>> "mfg-name": "Example, Inc.",
>>>>>>>>> "documentation": "https://iot.example.com/doc/modelX",
>>>>>>>>> "model-name": "modelX"
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>> 
>>>>>>>>> Section 5.1, 2nd Example, same change:
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> OLD:
>>>>>>>>> 
>>>>>>>>> {
>>>>>>>>> "ietf-mud:mud": {
>>>>>>>>> "mud-version": 1,
>>>>>>>>> "extensions": [
>>>>>>>>> "transparency"
>>>>>>>>> ],
>>>>>>>>> "mudtx:transparency": {
>>>>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json"
>>>>>>>>> },
>>>>>>>>> "mud-url": "https://iot.example.com/modelX.json",
>>>>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s",
>>>>>>>>> "last-update": "2022-01-05T13:29:12+00:00",
>>>>>>>>> "cache-validity": 48,
>>>>>>>>> "is-supported": true,
>>>>>>>>> "systeminfo": "retrieving only SBOM info via a cloud service",
>>>>>>>>> "mfg-name": "Example, Inc.",
>>>>>>>>> "documentation": "https://iot.example.com/doc/modelX",
>>>>>>>>> "model-name": "modelX"
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>> NEW:
>>>>>>>>> {
>>>>>>>>> "ietf-mud:mud": {
>>>>>>>>> "mud-version": 1,
>>>>>>>>> "extensions": [
>>>>>>>>> "transparency"
>>>>>>>>> ],
>>>>>>>>> "mudtx:transparency": {
>>>>>>>>> sboms: [ {
>>>>>>>>> "version-info": "1.2",
>>>>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json"
>>>>>>>>> } ],
>>>>>>>>> },
>>>>>>>>> "mud-url": "https://iot.example.com/modelX.json",
>>>>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s",
>>>>>>>>> "last-update": "2022-01-05T13:29:12+00:00",
>>>>>>>>> "cache-validity": 48,
>>>>>>>>> "is-supported": true,
>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
>>>>>>>>> "mfg-name": "Example, Inc.",
>>>>>>>>> "documentation": "https://iot.example.com/doc/modelX",
>>>>>>>>> "model-name": "modelX"
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>> 
>>>>>>>>> Section 5.3:
>>>>>>>>> 
>>>>>>>>> OLD:
>>>>>>>>> {
>>>>>>>>> "ietf-mud:mud": {
>>>>>>>>> "mud-version": 1,
>>>>>>>>> "extensions": [
>>>>>>>>> "transparency"
>>>>>>>>> ],
>>>>>>>>> "ietf-mud-transparency:transparency": {
>>>>>>>>> "contact-info": "https://iot-device.example.com/contact-info.html",
>>>>>>>>> "vuln-url" : [
>>>>>>>>> "https://iotd.example.com/info/modelX/csaf.json"
>>>>>>>>> ]
>>>>>>>>> },
>>>>>>>>> "mud-url": "https://iot-device.example.com/modelX.json",
>>>>>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s",
>>>>>>>>> "last-update": "2021-07-09T06:16:42+00:00",
>>>>>>>>> "cache-validity": 48,
>>>>>>>>> "is-supported": true,
>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
>>>>>>>>> "mfg-name": "Example, Inc.",
>>>>>>>>> "documentation": "https://iot-device.example.com/doc/modelX",
>>>>>>>>> "model-name": "modelX"
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>> NEW:
>>>>>>>>> {
>>>>>>>>> "ietf-mud:mud": {
>>>>>>>>> "mud-version": 1,
>>>>>>>>> "extensions": [
>>>>>>>>> "transparency"
>>>>>>>>> ],
>>>>>>>>> "mudtx:transparency": {
>>>>>>>>> "contact-info": "https://iot-device.example.com/contact-info.html",
>>>>>>>>> "vuln-url" : [
>>>>>>>>> "https://iotd.example.com/info/modelX/csaf.json"
>>>>>>>>> ]
>>>>>>>>> },
>>>>>>>>> "mud-url": "https://iot-device.example.com/modelX.json",
>>>>>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s",
>>>>>>>>> "last-update": "2021-07-09T06:16:42+00:00",
>>>>>>>>> "cache-validity": 48,
>>>>>>>>> "is-supported": true,
>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
>>>>>>>>> "mfg-name": "Example, Inc.",
>>>>>>>>> "documentation": "https://iot-device.example.com/doc/modelX",
>>>>>>>>> "model-name": "modelX"
>>>>>>>>> }
>>>>>>>>> }
>>>>>>>>> Eliot
>>>>>>>>>> On 13 Sep 2023, at 22:34, Sarah Tarrant <starrant@amsl.com> wrote:
>>>>>>>>>> 
>>>>>>>>>> Hello Eliot and Scott,
>>>>>>>>>> 
>>>>>>>>>> Thank you for your replies. We have updated the document
>> accordingly,
>>>> and all of our questions for the authors have been addressed.
>>>>>>>>>> 
>>>>>>>>>> Please review the document carefully to ensure satisfaction as we do
>>>> not make changes once it has been published as an RFC. Contact us with any
>>>> further updates or with your approval of the document in its current form.
>> We
>>>> will await approvals from each author prior to moving forward in the
>>>> publication process. We also need Rob’s AD approval of the change in Section
>>>> 1.3 and review of question #10 prior to moving forward.
>>>>>>>>>> 
>>>>>>>>>> Updated XML file:
>>>>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml
>>>>>>>>>> 
>>>>>>>>>> Updated output files:
>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html
>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt
>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf
>>>>>>>>>> 
>>>>>>>>>> Diff file showing all changes made during AUTH48:
>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
>>>>>>>>>> 
>>>>>>>>>> Diff files showing all changes:
>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html
>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side
>>>> diff)
>>>>>>>>>> 
>>>>>>>>>> Note that it may be necessary for you to refresh your browser to view
>>>> the most recent version.
>>>>>>>>>> 
>>>>>>>>>> For the AUTH48 status of this document, please see:
>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9472
>>>>>>>>>> 
>>>>>>>>>> Thank you,
>>>>>>>>>> 
>>>>>>>>>> RFC Editor/st
>>>>>>>>>> 
>>>>>>>>>>> On Sep 13, 2023, at 8:14 AM, Rose, Scott W. (Fed)
>>>> <scott.rose@nist.gov> wrote:
>>>>>>>>>>> 
>>>>>>>>>>> Sarah,
>>>>>>>>>>> I am generally fine with the changes, specific replies below:
>>>>>>>>>>> 
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Scott
>>>>>>>>>>> 
>>>>>>>>>>> On 13 Sep 2023, at 3:15, Eliot Lear wrote:
>>>>>>>>>>> 
>>>>>>>>>>>> Hi Sarah and thanks!  Please see below.
>>>>>>>>>>>> 
>>>>>>>>>>>>> On 12 Sep 2023, at 20:50, Sarah Tarrant <starrant@amsl.com>
>>>> wrote:
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Hello Eliot, Scott, and Rob*,
>>>>>>>>>>>>> 
>>>>>>>>>>>>> *Rob, as AD, please review the change in the last paragraph of
>>>> Section 1.3 and let us know if you approve. The change is best viewed in this
>> diff
>>>> file: https://www.rfc-editor.org/authors/rfc9472-auth48diff.html. Also, please
>> let
>>>> us know your thoughts on this question (note that RFCs 6242, 8341, and 8446
>>>> are included in the template at https://trac.ietf.org/trac/ops/wiki/yang-
>> security-
>>>> guidelines):
>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 10) <!-- [rfced] *[AD] Section 6: The Security Considerations
>>>> section does not
>>>>>>>>>>>>>> follow the requirements listed on
>>>>>>>>>>>>>> https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines,
>> which
>>>> says
>>>>>>>>>>>>>> "This section MUST be patterned after the latest approved
>>>> template."
>>>>>>>>>>>>>> Please confirm if the current text is acceptable per the context
>> of
>>>> the
>>>>>>>>>>>>>> document or if any further updates are needed in order to
>> follow
>>>> the
>>>>>>>>>>>>>> template.
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Also, please confirm if it is acceptable that RFCs 6242, 8341, and
>>>>>>>>>>>>>> 8446 are not listed in the Normative References section or if
>> they
>>>>>>>>>>>>>> should be added.
>>>>>>>>>>>>>> —>
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Eliot and Scott, thank you for your replies; we have updated the
>>>> document accordingly. We have a few followup questions:
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 1) We added the sentence in ii) per your reply to this question.
>> We
>>>> also added RFC 7231 as a normative reference. Please confirm that this is
>>>> correct. Or should it be informative instead?
>>>>>>>>>>>> 
>>>>>>>>>>>> That’s correct.
>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> e) We note that RFCs 6991 and 7231 are only referenced in the
>>>> YANG
>>>>>>>>>>>>>>> module and not in the running text. In order to have a 1:1
>>>> matchup
>>>>>>>>>>>>>>> between the references section and the text, may we add an
>>>> introductory
>>>>>>>>>>>>>>> sentence before the YANG module that includes these citations
>>>> (option i)?
>>>>>>>>>>>>>>> Alternatively, you may reference all of the RFCs that are
>>>> mentioned
>>>>>>>>>>>>>>> (option ii). Please let us know your preference.
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Perhaps:
>>>>>>>>>>>>>>> i)  This YANG module references [RFC6991] and [RFC7231].
>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>> ii) This YANG module references [RFC6991], [RFC7231],
>>>> [RFC7252],
>>>>>>>>>>>>>>> [RFC8520], and [RFC9110].
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> ii seems complete.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 2) Regarding this question:
>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 11) <!--[rfced] Is this sentence intended to be an ordered list
>>>> (option A)
>>>>>>>>>>>>>>> or are "any change in a URL" and "any change to the authority
>>>>>>>>>>>>>>> section" the 2 risks that are being referred to (option B)?
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Original:
>>>>>>>>>>>>>>> To address either risk, any change in a URL, and in particular to
>>>> the
>>>>>>>>>>>>>>> authority section, two approaches may be used:
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Perhaps:
>>>>>>>>>>>>>>> A) To address either risk, any change in a URL, and particularly
>>>> any change
>>>>>>>>>>>>>>> to the authority section, two approaches may be used:
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> B) To address either risk, i.e., any change in a URL and, in
>>>> particular, to
>>>>>>>>>>>>>>> the authority section, two approaches may be used:
>>>>>>>>>>>>>>> -->
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> How about:
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> (C)  To address either risk, any change in a URL, and in
>> particular
>>>> to the
>>>>>>>>>>>>>>> authority section; two approaches may be used:
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> ?
>>>>>>>>>>>>> 
>>>>>>>>>>>>> We are still having trouble understanding this sentence. (Note
>> that
>>>> the text before the semicolon in (C) is not a complete sentence.) Would
>>>> something like the following work?
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Perhaps:
>>>>>>>>>>>>> Two approaches may be used to address these risks and any
>> change
>>>> in a URL (particularly in the
>>>>>>>>>>>>> authority section):
>>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> Ok, having re-read the context, the authority section phrase is
>>>> redundant, so we can say:
>>>>>>>>>>>> 
>>>>>>>>>>>>> To address either of these risks or any tampering of a URL:
>>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> This seems fine.
>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 3) Regarding this question:
>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 15) <!-- [rfced] The following lines exceed the 72-character
>> limit
>>>> for
>>>>>>>>>>>>>>> sourcecode. Please let us know how these lines can be
>> modified.
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Section 5.1 (1 character over):
>>>>>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud
>> service",
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Section 5.2 (1 character over):
>>>>>>>>>>>>>>> "systeminfo": "mixed example: SBOM on device, vuln info in
>>>> cloud",
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Section 5.3 (2 characters over):
>>>>>>>>>>>>>>> "contact-info": "https://iot-device.example.com/contact-
>>>> info.html",
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Section 5.3 (1 character over):
>>>>>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud
>> service",
>>>>>>>>>>>>>>> -->
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Would you mind out-denting these lines?
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Please confirm that we updated these correctly. We moved the
>> lines
>>>> in each example mentioned above one or two spaces (as appropriate) to the
>>>> left to meet the character limit, though we couldn’t not move the “{“ at the
>>>> beginning and end of each example as these were already at the left margin.
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> That’s okay.
>>>>>>>>>>>> 
>>>>>>>>>>>> Aside: this 72 character limit was VERY important when printers
>>>> could only print 80 columns, but that was on its way out even when *I* was a
>>>> student in the 80s (I never saw an actual line printer after college).
>>>>>>>>>>>> 
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> 
>>>>>>>>>>>> Eliot
>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> ______________
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Updated XML file:
>>>>>>>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Updated output files:
>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html
>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt
>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Diff file showing all changes made during AUTH48:
>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Diff files showing all changes:
>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html
>>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-
>>>> side diff)
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Note that it may be necessary for you to refresh your browser to
>>>> view the most recent version.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> For the AUTH48 status of this document, please see:
>>>>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9472
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Thank you,
>>>>>>>>>>>>> 
>>>>>>>>>>>>> RFC Editor/st
>>>>>>>>>>>>> 
>>>>>>>>>>>>>> On Sep 11, 2023, at 12:23 PM, Rose, Scott W. (Fed)
>>>> <scott.rose=40nist.gov@dmarc.ietf.org> wrote:
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> On 8 Sep 2023, at 19:26, rfc-editor@rfc-editor.org wrote:
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Authors and *AD,
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> While reviewing this document during AUTH48, please resolve
>> (as
>>>> necessary) the following questions, which are also in the XML file.
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 17) <!-- [rfced] FYI: We have added expansions for the
>> following
>>>> abbreviations
>>>>>>>>>>>>>>> per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review
>>>> each
>>>>>>>>>>>>>>> expansion in the document carefully to ensure correctness.
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Access Control Lists (ACLs)
>>>>>>>>>>>>>>> Constrained Application Protocol (CoAP)
>>>>>>>>>>>>>>> Internet of Things (IoT)
>>>>>>>>>>>>>>> -->
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 18) <!-- [rfced] Please review the "Inclusive Language" portion
>> of
>>>> the online
>>>>>>>>>>>>>>> Style Guide <https://www.rfc-
>>>> editor.org/styleguide/part2/#inclusive_language>
>>>>>>>>>>>>>>> and let us know if any changes are needed.
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> Note that our script did not flag any words in particular, but this
>>>> should
>>>>>>>>>>>>>>> still be reviewed as a best practice.
>>>>>>>>>>>>>>> -->
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> FWIW, I did a pass through to match against the NIST inclusive
>>>> language guidance and did not find anything that needed to be addressed.
>>>> Future changes may change that (not likely, but maybe).
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>> Scott
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> ==================================
>>>>>>>>>>>>>> Scott Rose NIST/CTL
>>>>>>>>>>>>>> scott.rose@nist.gov
>>>>>>>>>>>>>> ph: +1-301-975-8439 (w)
>>>>>>>>>>>>>> +1-571-249-3761 (GoogleVoice)
>>>>>>>>>>>>>> ==================================
>>>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> ==================================
>>>>>>>>>>> Scott Rose NIST/CTL
>>>>>>>>>>> scott.rose@nist.gov
>>>>>>>>>>> ph: +1-301-975-8439 (w)
>>>>>>>>>>> +1-571-249-3761 (GoogleVoice)
>>>>>>>>>>> ==================================
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>> 
>>> 
>