Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
Eliot Lear <lear@cisco.com> Mon, 11 September 2023 11:56 UTC
Return-Path: <lear@cisco.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D19CC151994; Mon, 11 Sep 2023 04:56:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.607
X-Spam-Level:
X-Spam-Status: No, score=-14.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id loyjpAYoW4tv; Mon, 11 Sep 2023 04:56:47 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD1EEC151077; Mon, 11 Sep 2023 04:56:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=52150; q=dns/txt; s=iport; t=1694433407; x=1695643007; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=v7po/Cd8aTcyOYQDhjywXzwfFIXx8BkKv0WHTLUBe3U=; b=FWaoBSvmybCS/LxNm35/udNnyw9HA0J7Ch1SNUmkwZtBRJkKVtHjG+Mp 5yd5Dbf0u8223aS3RvOwP2IB2/6LAS8uwbBviRZEQISADFmBTwm0E+1kG O41qD8M/nAQtYzTSX8D+SgYp7SUUOQCdXtUVcaBoRPmQbGy89DfbNkibS E=;
X-CSE-ConnectionGUID: DFH07ybmSgWjBuxhMV971Q==
X-CSE-MsgGUID: QUQQ/dX3QrCbAbR09Cd/pg==
X-Files: signature.asc : 488
X-IronPort-AV: E=Sophos;i="6.02,244,1688428800"; d="asc'?scan'208,217";a="8871410"
Received: from aer-iport-nat.cisco.com (HELO aer-core-7.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Sep 2023 11:56:45 +0000
Received: from smtpclient.apple ([10.61.156.21]) by aer-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 38BBuhJI080036 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Mon, 11 Sep 2023 11:56:44 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <8B56C7CE-0268-45FE-A343-493D04D3ADD5@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_41A7C1AE-C294-4E76-AA17-6F3ED9C937E9"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Mon, 11 Sep 2023 13:56:33 +0200
In-Reply-To: <20230908232621.2FE7CE5EA7@rfcpa.amsl.com>
Cc: "Rose, Scott W." <scott.rose@nist.gov>, opsawg-ads@ietf.org, opsawg-chairs@ietf.org, bill.wu@huawei.com, rwilton@cisco.com, auth48archive@rfc-editor.org
To: rfc-editor@rfc-editor.org
References: <20230908232621.2FE7CE5EA7@rfcpa.amsl.com>
X-Mailer: Apple Mail (2.3731.700.6)
X-Outbound-SMTP-Client: 10.61.156.21, [10.61.156.21]
X-Outbound-Node: aer-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/N5tdtyQq4hM36KMd3yMpOiy735o>
Subject: Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2023 11:56:52 -0000
[One for Rob Wilton below] Hi RFC Editor! > On 9 Sep 2023, at 01:26, rfc-editor@rfc-editor.org wrote: > > Authors and *AD, > > While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file. > > *AD, please review question #10 (re: Section 6). > > 1) <!-- [rfced] This document's title and short title (that spans the > header of the pdf) do not follow the style of other YANG RFCs > (although we see that RFCs 8783 and 9132 are exceptions). For > example: > > RFC 9094 - A YANG Data Model for Wavelength Switched Optical Networks > (WSONs) > RFC 9093 - A YANG Data Model for Layer 0 Types > RFC 9067 - A YANG Data Model for Routing Policy > > Please consider the suggested updates below and let us know if one of > these options is agreeable or if you prefer otherwise. > > Document title > Original: > Discovering and Retrieving Software Transparency and Vulnerability > Information > > Perhaps: > a) A YANG Data Model for Reporting Software Bills of Materials > (SBOMs) and Vulnerability Information > or > > b) A YANG Data Model Augmentation for Reporting Software Bills > of Materials (SBOMs) and Vulnerability Information I like (a). > > ... > Short title > Original: > Discovering SBOMs and Vuln. Info > > Perhaps: > A YANG Data Model for SBOMs and Vuln. Info > --> That’s fine. > > > 2) <!-- [rfced] Please insert any keywords (beyond those that appear in the > title) for use on https://www.rfc-editor.org/search. > --> > I propose: sbom, discovery, mud, vex, chaff > > 3) <!--[rfced] Please clarify "A number of activities have been working > to". Have the activities improved visibility (option A) or is > this a work in progress (option B)? > > Original: > A number of activities have been working to improve visibility to > what software is running on a system, and what vulnerabilities that > software may have [EO2021]. > > Perhaps: > A) A number of activities have been effective in improving the visibility > of what software is running on a system and what vulnerabilities that > software may have [EO2021]. > > or > > B) A number of activities are being implemented to improve the visibility > of what software is running on a system and what vulnerabilities that > software may have [EO2021]. > --> How about (C) > > C)) A number of activities taken place to improve the visibility > of what software is running on a system and what vulnerabilities that > software may have [EO2021]. > --> > > > 4) <!--[rfced] May we replace "vulnerable" with "open" as follows to > avoid redundancy? > > Original: > * Is this system vulnerable to a particular vulnerability? > > Perhaps: > * Is this system open to a particular vulnerability? > —> I think a better word is “susceptible". > > > 5) <!--[rfced] Would you like to create a new section for the > requirements language instead of including it at the end of > Section 1? It would become Section 1.1 as follows: > > Original: > Further queries may be necessary based on the content and structure of the > response. > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in > BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all > capitals, as shown here. > > Perhaps: > Further queries may be necessary based on the content and structure of the > response. > > Section 1.1 Requirements Language > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in > BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all > capitals, as shown here. > --> > > That would be fine. > 6) <!--[rfced] May we change "rather than retrieving it twice" to "rather > than the resource being retrieved twice" for clarity? Please let > us know if this retains the intended meaning. > > Original: > Network management systems retrieving this information MUST > take note that the identical resource is being retrieved > rather than retrieving it twice. > > Perhaps: > Network management systems retrieving this information MUST > take note that the identical resource is being retrieved > rather than the resource being retrieved twice. > --> Hmm. I suggest the following: > Network management systems MUST take note of when the SBOM > and vulnerability information are accessible via the same resource, > and not retrieve the resource a second time. > > > 7) <!--[rfced] Could the title of Section 3 be updated slightly to reduce > redundancy? Please let us know if option A or B may be preferable. > > Original: > The mud-transparency Extension Model Extension > > Perhaps: > A) The mud-transparency Extension > > or > > B) The mud-transparency Model Extension > --> > Let’s go for A. > > 8) <!-- [rfced] For the benefit of international readership, may we update "N.B." > to "Note that" as follows? > > Original: > N.B., this schema extension is intended to be used wherever it might > be appropriate (e.g., not just MUD). > > Perhaps: > Note that this schema extension is intended to be used wherever it > might be appropriate (e.g., not just with MUD). > --> That’s fine. > > > 9) <!-- [rfced] Section 4. Please review the following questions about > the YANG module and section title. > > a) FYI: We updated one instance of "YANG model" to "YANG Data Model" > in this section's title per guidance from Benoit Claise and the > YANG Doctors, as "YANG module" and "YANG data model" are preferred. > Please review. > > Original: > The mud-sbom augmentation to the MUD YANG model > > Current: > The mud-sbom Augmentation to the MUD YANG Data Model That’s fine. > > > b) Note that the YANG module has been updated per the formatting > option of pyang. Please let us know any concerns. > > c) FYI: We added titles to the reference entries for RFCs 6991 > and 8520 for consistency. > > d) May we include reference entries in the YANG module for > RFCs 7231, 7252, and 9110 since these RFCs are mentioned in > the description clauses? All good with b, c, and d. > > e) We note that RFCs 6991 and 7231 are only referenced in the YANG > module and not in the running text. In order to have a 1:1 matchup > between the references section and the text, may we add an introductory > sentence before the YANG module that includes these citations (option i)? > Alternatively, you may reference all of the RFCs that are mentioned > (option ii). Please let us know your preference. > > Perhaps: > i) This YANG module references [RFC6991] and [RFC7231]. > or > ii) This YANG module references [RFC6991], [RFC7231], [RFC7252], > [RFC8520], and [RFC9110]. ii seems complete. > > f) We note that RFC 7231 has been obsoleted by RFC 9110. May we replace > RFC 7231 with RFC 9110 in the following instance? > > Current: > "Use http (RFC 7231) (insecure) to retrieve SBOM information. > This method is NOT RECOMMENDED but may be unavoidable for > certain classes of deployment where TLS has not or > cannot be implemented."; > --> > > I think in this case, it is best to leave it as is, because we are indeed recommending against its use ;-) > 10) <!-- [rfced] *[AD] Section 6: The Security Considerations section does not > follow the requirements listed on > https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines, which says > "This section MUST be patterned after the latest approved template." > Please confirm if the current text is acceptable per the context of the > document or if any further updates are needed in order to follow the > template. Rob, would you mind staring at this? > > Also, please confirm if it is acceptable that RFCs 6242, 8341, and > 8446 are not listed in the Normative References section or if they > should be added. > --> > I don’t see them referenced in the text. > > 11) <!--[rfced] Is this sentence intended to be an ordered list (option A) > or are "any change in a URL" and "any change to the authority > section" the 2 risks that are being referred to (option B)? > > Original: > To address either risk, any change in a URL, and in particular to the > authority section, two approaches may be used: > > Perhaps: > A) To address either risk, any change in a URL, and particularly any change > to the authority section, two approaches may be used: > > or > > B) To address either risk, i.e., any change in a URL and, in particular, to > the authority section, two approaches may be used: > --> How about: > (C) To address either risk, any change in a URL, and in particular to the > authority section; two approaches may be used: ? > > > 12) <!-- [rfced] We have included some clarifications about the IANA > text below. In addition to reviewing those, please review all > of the IANA-related updates carefully and let us know if any > further updates are needed. > > a) Section 7.2. FYI: We have added the defining RFCs for each of the registries > as follows and have added the corresponding reference entries to the > Normative References section. > > Original: > The IANA is requested to add "transparency" to the MUD extensions > registry as follows: > > Current: > IANA has added "transparency" to the "MUD Extensions" registry [RFC8520] > as follows: > > ... > Original: > The following YANG module should be registered in the "YANG Module > Names" registry: > > Current: > IANA has registered the following YANG module in the "YANG Module > Names" registry [RFC6020]: > > ... > Original: > The following XML registration is requested: > > Current: > The following URI has been registered in the "IETF XML Registry" > [RFC3688]: All good. > > b) Section 7.2. FYI: In the entry under the "YANG Module Names" > registry, we removed "Registration Contact" since it is not listed > in the registry, and we added "Maintained by IANA: N" since it is > listed in the registry; please see > https://www.iana.org/assignments/yang-parameters/. > > Original: > Name: ietf-mud > URN: urn:ietf:params:xml:ns:yang:ietf-mud-transparency > Prefix: mudtx > Registrant contact: The IESG > Reference: This memo > > Current: > Name: ietf-mud > URN: urn:ietf:params:xml:ns:yang:ietf-mud-transparency > Maintained by IANA: N > Prefix: mudtx > Reference: RFC 9472 Ok > > c) Section 7.3. FYI: We have added "Status: permanent" to the entry > for the "Well-Known URIs" registry to match the IANA > registry at https://www.iana.org/assignments/well-known-uris/. > > Original: > URI suffix: "sbom" > Change controller: "IETF" > Specification document: This memo > Related information: See ISO/IEC 5962:2021 and SPDX.org > > Current: > URI Suffix: sbom > Change Controller: IETF > Reference: RFC 9472 > Status: permanent > Related information: See ISO/IEC 5962:2021 and SPDX.org > --> > > Ok > 13) <!-- [rfced] References > > a) We updated the title for reference [EO2021] to match the following > URL: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/ > executive-order-on-improving-the-nations-cybersecurity/. Please let us know > if this is correct or if the intension is to point to a different article > (perhaps https://www.nist.gov/itl/executive-order-14028-improving-nations- > cybersecurity). > > Original: > [EO2021] Biden, J., "Executive Order 14028, Improving the Nations > Cybersecurity", May 2021. > > Current: > [EO2021] Biden, J., "Executive Order on Improving the Nation's > Cybersecurity", EO 14028, May 2021. > > Ok > b) FYI: We updated the title of the reference [CycloneDX12] to match the > title at "https://cyclonedx.org/docs/1.2/xml" and included a direct URL. > Please let us know of any objections. > > Original: > [CycloneDX12] > cyclonedx.org, "CycloneDX XML Reference v1.2", May 2020. > > Current: > [CycloneDX12] > CycloneDX, "CycloneDX v1.2 XML Reference", Version 1.2.1, > <https://cyclonedx.org/docs/1.2/xml/>. > --> Ok, this one needs updating. The reference should now be [CycloneDX15] CycloneDX, “CycloneDX v1.5 JSON Reference”, Version 1.5, <https://cyclonedx.org/docs/1.5/json> And this will need updating in the introduction. Time passes, eh? > > > 14) <!-- [rfced] Throughout the text, the following terminology appears to be capitalized > inconsistently. May we update to "Content-Type" to match past RFCs, including use in > RFCs 7252, 8615, 8040, 9110? > > Content-Type vs. Content-type vs. content-type > Yes. > > 15) <!-- [rfced] The following lines exceed the 72-character limit for > sourcecode. Please let us know how these lines can be modified. > > Section 5.1 (1 character over): > "systeminfo": "retrieving vuln and SBOM info via a cloud service", > > Section 5.2 (1 character over): > "systeminfo": "mixed example: SBOM on device, vuln info in cloud", > > Section 5.3 (2 characters over): > "contact-info": "https://iot-device.example.com/contact-info.html", > > Section 5.3 (1 character over): > "systeminfo": "retrieving vuln and SBOM info via a cloud service", > --> > Would you mind out-denting these lines? > 16) <!-- [rfced] Please review the "type" attributes for the sourcecode elements > in the XML file for correctness. If the current list of preferred values for > "type" (https://www.rfc-editor.org/materials/sourcecode-types.txt) does not > contain an applicable type, then feel free to suggest a new one. Also, > it is acceptable to leave the "type" attribute not set. > --> > You can use “json” for examples, yang tree for the yang tree, and yang for the yang. > > 17) <!-- [rfced] FYI: We have added expansions for the following abbreviations > per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review each > expansion in the document carefully to ensure correctness. > > Access Control Lists (ACLs) > Constrained Application Protocol (CoAP) > Internet of Things (IoT) > —> > > All good. > 18) <!-- [rfced] Please review the "Inclusive Language" portion of the online > Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> > and let us know if any changes are needed. Ok. I’ll do this on the next pass. Thanks, Eliot > > Note that our script did not flag any words in particular, but this should > still be reviewed as a best practice. > --> > > > Thank you. > > RFC Editor/st/kc > > > On Sep 8, 2023, at 4:23 PM, rfc-editor@rfc-editor.org wrote: > > *****IMPORTANT***** > > Updated 2023/09/08 > > RFC Author(s): > -------------- > > Instructions for Completing AUTH48 > > Your document has now entered AUTH48. Once it has been reviewed and > approved by you and all coauthors, it will be published as an RFC. > If an author is no longer available, there are several remedies > available as listed in the FAQ (https://www.rfc-editor.org/faq/). > > You and you coauthors are responsible for engaging other parties > (e.g., Contributors or Working Group) as necessary before providing > your approval. > > Planning your review > --------------------- > > Please review the following aspects of your document: > > * RFC Editor questions > > Please review and resolve any questions raised by the RFC Editor > that have been included in the XML file as comments marked as > follows: > > <!-- [rfced] ... --> > > These questions will also be sent in a subsequent email. > > * Changes submitted by coauthors > > Please ensure that you review any changes submitted by your > coauthors. We assume that if you do not speak up that you > agree to changes submitted by your coauthors. > > * Content > > Please review the full content of the document, as this cannot > change once the RFC is published. Please pay particular attention to: > - IANA considerations updates (if applicable) > - contact information > - references > > * Copyright notices and legends > > Please review the copyright notice and legends as defined in > RFC 5378 and the Trust Legal Provisions > (TLP – https://trustee.ietf.org/license-info/). > > * Semantic markup > > Please review the markup in the XML file to ensure that elements of > content are correctly tagged. For example, ensure that <sourcecode> > and <artwork> are set correctly. See details at > <https://authors.ietf.org/rfcxml-vocabulary>. > > * Formatted output > > Please review the PDF, HTML, and TXT files to ensure that the > formatted output, as generated from the markup in the XML file, is > reasonable. Please note that the TXT will have formatting > limitations compared to the PDF and HTML. > > > Submitting changes > ------------------ > > To submit changes, please reply to this email using ‘REPLY ALL’ as all > the parties CCed on this message need to see your changes. The parties > include: > > * your coauthors > > * rfc-editor@rfc-editor.org (the RPC team) > > * other document participants, depending on the stream (e.g., > IETF Stream participants are your working group chairs, the > responsible ADs, and the document shepherd). > > * auth48archive@rfc-editor.org, which is a new archival mailing list > to preserve AUTH48 conversations; it is not an active discussion > list: > > * More info: > https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > > * The archive itself: > https://mailarchive.ietf.org/arch/browse/auth48archive/ > > * Note: If only absolutely necessary, you may temporarily opt out > of the archiving of messages (e.g., to discuss a sensitive matter). > If needed, please add a note at the top of the message that you > have dropped the address. When the discussion is concluded, > auth48archive@rfc-editor.org will be re-added to the CC list and > its addition will be noted at the top of the message. > > You may submit your changes in one of two ways: > > An update to the provided XML file > — OR — > An explicit list of changes in this format > > Section # (or indicate Global) > > OLD: > old text > > NEW: > new text > > You do not need to reply with both an updated XML file and an explicit > list of changes, as either form is sufficient. > > We will ask a stream manager to review and approve any changes that seem > beyond editorial in nature, e.g., addition of new text, deletion of text, > and technical changes. Information about stream managers can be found in > the FAQ. Editorial changes do not require approval from a stream manager. > > > Approving for publication > -------------------------- > > To approve your RFC for publication, please reply to this email stating > that you approve this RFC for publication. Please use ‘REPLY ALL’, > as all the parties CCed on this message need to see your approval. > > > Files > ----- > > The files are available here: > https://www.rfc-editor.org/authors/rfc9472.xml > https://www.rfc-editor.org/authors/rfc9472.html > https://www.rfc-editor.org/authors/rfc9472.pdf > https://www.rfc-editor.org/authors/rfc9472.txt > > Diff file of the text: > https://www.rfc-editor.org/authors/rfc9472-diff.html > https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side by side) > > Diff of the XML: > https://www.rfc-editor.org/authors/rfc9472-xmldiff1.html > > The following files are provided to facilitate creation of your own > diff files of the XML. > > Initial XMLv3 created using XMLv2 as input: > https://www.rfc-editor.org/authors/rfc9472.original.v2v3.xml > > XMLv3 file that is a best effort to capture v3-related format updates > only: > https://www.rfc-editor.org/authors/rfc9472.form.xml > > > Tracking progress > ----------------- > > The details of the AUTH48 status of your document are here: > https://www.rfc-editor.org/auth48/rfc9472 > > Please let us know if you have any questions. > > Thank you for your cooperation, > > RFC Editor > > -------------------------------------- > RFC9472 (draft-ietf-opsawg-sbom-access-18) > > Title : Discovering and Retrieving Software Transparency and Vulnerability Information > Author(s) : E. Lear, S. Rose > WG Chair(s) : Henk Birkholz, Joe Clarke, Tianran Zhou > Area Director(s) : Warren Kumari, Robert Wilton > > >
- [auth48] AUTH48: RFC-to-be 9472 <draft-ietf-opsaw… rfc-editor
- [auth48] [AD] Re: AUTH48: RFC-to-be 9472 <draft-i… rfc-editor
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- [auth48] [IANA] Re: [AD] AUTH48: RFC-to-be 9472 <… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- [auth48] Fwd: [IANA #1282204] [IANA] Re: [AD] AUT… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant