IETF Logo Mail Archive

Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review

"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 02 October 2023 09:49 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84EE4C1519BE; Mon, 2 Oct 2023 02:49:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.605
X-Spam-Level:
X-Spam-Status: No, score=-9.605 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="Oy+AQYFj"; dkim=pass (1024-bit key) header.d=cisco.com header.b="f4Cxf2gt"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H2ranzlt4WvM; Mon, 2 Oct 2023 02:49:37 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C1D4C1519BC; Mon, 2 Oct 2023 02:49:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=33956; q=dns/txt; s=iport; t=1696240177; x=1697449777; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=UVIiXpwOOUsUNDlZI3yL3FHeAwWJpT7deqz2M1PCxMg=; b=Oy+AQYFjDi9Nx19te7E6Mu0Cn+lm2CL0O6VYe/fW5Bhv/dKWPKbTkNVv 8wE9RELCyt0eOdXzX2r5gq3R2e+GhF592fLZ7UBcaG6fBMXq8feMvJm4A 5JRvk7nuK72MmhtKfyGRY/LuQYwAV2OmZrMvm0e1uC8+fSmxg6GqfoBSN Q=;
X-CSE-ConnectionGUID: QC2nk6RiSXmUS9G7az7Rsg==
X-CSE-MsgGUID: JDZGeVx6SCSW0CR7K3rZng==
X-IPAS-Result: A0AKAACtkRpl/4cNJK1XAxoBAQEBAQEBAQEBAwEBAQESAQEBAQICAQEBAUAlgRYFAQEBAQsBgWRSB3ACWSoSGS4DhE+DTAOETl+GQIIjA5E6iTCDEhSBEQNWDwEBAQ0BATkLBAEBhQcCFoZ1AiY0CQ4BAgICAQEBAQMCAwEBAQEBAQECAQEFAQEBAgEHBIEKE4VoDYZMAQEBAQEBARIICQQNDAEBNwELBAIBBgIRBAEBAQICJgICAjAVCAgCBA4FCBqCXYI7IwMBEAY/lk+PTQGBQAKKKHp/M4EBggkBAQYEBYFOQbBdCYEaLgGHbxoBaE0bg2mDLoEfJxuBSUSBFUN5gW8+gVOBDwIBAQGBKAEMBgEjCgsKJoMUOYIvhSuEGYJ0J4FdBw4uBzKBCwwJgQWCejgnizoJIYEICF2Baj0CDVQLC12BEYJEAgIRORNHcBsDBwOBBBArBwQvGwcGCRYtJQZRBC0kCRMSPgSBZ4FRCoEGPxEOEYJDIgIHNjYZS4JeCRUMNU52ECsEFBdsKARqBRoVHjcREhcNAwh2HQIRIzwDBQMENgoVDQshBRRDA0cGTAsDAhwFAwMEgTYFDx4CEBoGDicDAxlOAhAUAz4DAwYDCzIDMFdLDFoDRB1AAwttPRQhFBsFBDspWQWiDzwxMIFCEFsGAg8GFBMmBA0aAQcBAh8BARQMcAgILREBCRoGCwEPCTwPkkERgwlIi0CNdpM5gS4KhAyMAZU8F4QBgVaLGQSGaoY6hDGDaYJNYpc5eYJPixOUdSsEHIR9AgQCBAUCDgEBBoEyMTxpcHAVO4JnCQlAGQ+BG40FDBYWg0CFFIpldgIBCi4CBwEKAQEDCYhvgloBAQ
IronPort-PHdr: A9a23:lDDK2BE3rBacUN831sbRJZ1Gfu0Y04WdBeZdwpMjj7QLdbys4NG+e kfe/v5qylTOWNaT5/FFjr/Ourv7ESwb4JmHuWwfapEESRIfiMsXkgBhSM6IAEH2NrjrOgQxH d9JUxlu+HToeVNNFpPGbkbJ6ma38SZUHxz+MQRvIeGgAJHTi9iw0ci5+obYZENDgz/uKb93J Q+9+B3YrdJewZM3M7s40BLPvnpOdqxaxHg9I1WVkle06pK7/YVo9GJbvPdJyg==
IronPort-Data: A9a23:dINCuamLknzG4B6gFbUN6STo5gzWJ0RdPkR7XQ2eYbSJt1+Wr1Gzt xJKUWmBPvyJNmrzKN1wPtzj9E9V7ZbRy4RqHABqqi88QltH+JHPbTi7wugcHM8zwunrFh8PA xA2M4GYRCwMZiaB4E/rav65/CYUOZigHtLUEPTDNj16WThqQSIgjQMLs+Mii+aEu/Dha++2k Y20+5a31GONgWYuaTtMs/jb8XuDgdyr0N8mlg1mDRx0lAe2e0k9VPo3Oay3Jn3kdYhYdsbSq zHrlezREsvxpn/BO/v9+lrJWhRiro36YWBivkFrt52K2XCukMCdPpETb5LwYW8P49mAcksYJ N9l7fRcQi9xVkHAdXh0vxRwS0lD0aN6FLDvGFPlt8/N9Uz9Q37R+KRBU0gkYrcD9bMiaY1O3 aRwxDElZxSHgae9x6i2D7MqjcU4J86tN4Qa0p1i5WiGVrB9H9aaGOOTvoIwMDQY3qiiGd7Ee MsddT1pRB/BeBZIfFwQDfrSmc/x2yevL2AF+Qz9SawfwUTh4wFPwObWG+HqIvewGuYOhHSeq TeTl4j+KlRAXDCF8hKM726s2r/Ghyj7WZwfPKe2/btnjFyPwXZVDwcZPXOhr/L8h0K/R9VFA 1Ya8W8joaku81btScPyNyBUu1aNuhoaHtFXCeB/skeGy7Hf5ECSAW1soiN9VeHKffQeHFQC/ lSIhNjuQzdotdWopbi1rN94cRva1fApEFI/
IronPort-HdrOrdr: A9a23:Z072sqHbIWt5hIMDpLqFrZLXdLJyesId70hD6qkvc203TiXIra CTdaogtCMc0AxhKU3I+ertBEGBKUmsjKKdkrNhTYtKOzOW9ldATbsSorcKpgeQeREWmdQtqJ uIH5IOb+EYSGIK8/oSgzPIUurIouP3jJxA7N22pxwCPGQaD52IrT0JdTpzeXcGPDWucKBJbq Z0kfA33AZIF05nCPiTNz0uZcSGjdvNk57tfB4BADAayCTmt1mVwY+/OSK1mjMFXR1y4ZpKyw X4egrCiZmLgrWe8FvxxmXT55NZlJ/K0d1YHvGBjcATN3HFlhuoTJ4JYczAgBkF5MWUrHo6mt jFpBkte+5p7WnKQ22zqRzxnyH9zTcV7WP4w1PwuwqgnSW5fkN+NyNyv/MfTvLr0TtngDi66t MT44utjesSMfoHplWk2zGHbWAwqqP+mwtQrQdatQ0sbWJZUs4QkWTal3klTavp20nBmdoaOf grA8fG6PlMd1SGK3jfo2l02dSpGm8+BxGcXyE5y4aoOhVt7ThEJnEjtYcit2ZF8Ih4R4hP5u zCPKgtnLZSTtUOZaY4AOsaW8O4BmHEXBqJaQupUBjaPbBCP2iIp4/84b0z6u3vcJsUzIEqkJ CEVF9Dr2Y9d0/nFMXL1pxW9RLGRnm7QF3Wu4xjzok8vqe5SKvgMCWFRlxrm8y8o+8HCsmeQP q3MII+OY6rEYIvI/c+4+TTYegkFZBFarxhhj8SYSP7nv72
X-Talos-CUID: 9a23:BRvv8W9BCwd0bVofXGqVv3c/QMYmLEfc90fVHnTpJjlgWuKvUlDFrQ==
X-Talos-MUID: 9a23:03Nejw4dIx2sBkLzUAtZjiO7xoxKz5aBBX4dz64tgPbcHhYvGGyHvjK4F9o=
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-3.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Oct 2023 09:49:35 +0000
Received: from alln-opgw-4.cisco.com (alln-opgw-4.cisco.com [173.37.147.252]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 3929nX8p003284 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 2 Oct 2023 09:49:35 GMT
X-CSE-ConnectionGUID: RQfH5xRdQRCEyQyvoJEGHg==
X-CSE-MsgGUID: NXxfDnGjQAuUi57pnoixTg==
Authentication-Results: alln-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=rwilton@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.03,194,1694736000"; d="scan'208";a="3433384"
Received: from mail-bn8nam11lp2168.outbound.protection.outlook.com (HELO NAM11-BN8-obe.outbound.protection.outlook.com) ([104.47.58.168]) by alln-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Oct 2023 09:49:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GX+dcHz0xb9iNhLbphw/mMFN/SBC85w/iQT0PWp1Cod57TPzbJ0y1DqA3Lfj0mHnEB1+fFqp36nTQ/pU+MAdSt94qyKLP49rS/GwdipbTJ8zR334s+SiJ71YR9UG9MA7E44Pk/ps42rAs6Lgxy76YVM7Rea8oKizIyXPFrrytwgzJFOLsazuL/goX6owrE0aha8qdxBcs0GtMfcWYYTzTO8shPllpBaZyjNFuiEPJxctjZy0wdRCP1TpN7Ibs0J7YVamtLFDXtd9+Jpj+rJ7antMhuitqADfurmsGaEbFaCoVaV7ke22MAamjpM8nVNtalUqaCLxGaudJ80wKsPNAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UVIiXpwOOUsUNDlZI3yL3FHeAwWJpT7deqz2M1PCxMg=; b=OG8+O4EbR2YLHDqzT5NyrqlW9D6HMKRep3+jgkf58v3Tsh+CnElq7WavWywdu+tSdiPx0QIXEOXwbRSz8+Nb+qIyaV+O7H00nN/jTTTzubUra1S/uNLNuMdBDoEf+od/pOxgCMe7cKywokGp7CNdP2Rer4b7FOGFFu3ZlhlFvVJ7BNz8zJWHIVEYhLiPJrWPKz3f85dWwPgRrACfG8EXvRHAXXOn0qJ55E8AMxQYWEwYtep+VPcKvRUB6x+O+gYooz11dXByUOPVDTLN9JWhkfohxtA2UCWKZ3cxsAgywIATzcrMoNTnv4SOtK4bUEe0zgNfQJt+8UM89G5UEV3AeA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UVIiXpwOOUsUNDlZI3yL3FHeAwWJpT7deqz2M1PCxMg=; b=f4Cxf2gtsZuqGMfa/fdQIS80mj4wkuODFwuIGbMooUdQ6QOIMdbd9hV7AKsG/0vXT+aeIgtAtwSyirIRCVRWCm+Xo2vqAf1V28pyBwnfHUI1yglcZ6oRWz1veQGFOAt0RzgcXuQUCosw1ywSWQv3sbcL00H75iHm8gmMeIaRB4U=
Received: from MN2PR11MB4207.namprd11.prod.outlook.com (2603:10b6:208:18a::33) by PH7PR11MB8009.namprd11.prod.outlook.com (2603:10b6:510:248::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.29; Mon, 2 Oct 2023 09:49:30 +0000
Received: from MN2PR11MB4207.namprd11.prod.outlook.com ([fe80::a4f:93e7:a9f5:eadc]) by MN2PR11MB4207.namprd11.prod.outlook.com ([fe80::a4f:93e7:a9f5:eadc%5]) with mapi id 15.20.6838.030; Mon, 2 Oct 2023 09:49:29 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Eliot Lear <lear@cisco.com>
CC: Sarah Tarrant <starrant@amsl.com>, "Rose, Scott W. (Fed)" <scott.rose@nist.gov>, RFC Editor <rfc-editor@rfc-editor.org>, "opsawg-ads@ietf.org" <opsawg-ads@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "bill.wu@huawei.com" <bill.wu@huawei.com>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>
Thread-Topic: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
Thread-Index: AQHZ5NSybSekSgrQ6kuaNpw/6MgwuLAXim8AgADQAwCAAGQ6AIAAew8AgARKBoCAA3DSAIAAud+AgAKSiwCAAKA8AIACE40AgAeb2ECAAc8igIAGAZ/Q
Date: Mon, 02 Oct 2023 09:49:29 +0000
Message-ID: <MN2PR11MB4207CC7CDEF777CC23C74014B5C5A@MN2PR11MB4207.namprd11.prod.outlook.com>
References: <20230908232621.2FE7CE5EA7@rfcpa.amsl.com> <BE129746-6B47-4FA8-A918-44B728F347C3@nist.gov> <2F1A389E-ABED-4C37-B41A-79A9E15D59CA@amsl.com> <1D2F40E4-3276-49E3-B70C-D6FC5FAC0430@cisco.com> <621E366B-9EC0-4783-B075-8EAD78A75CD6@nist.gov> <96C191BF-2D68-47CF-9672-9DD33EACB4C0@amsl.com> <4F18F944-A918-4AFE-B56D-606E48497E32@cisco.com> <6ED283CE-8A6F-4AF3-BF24-86EC4F088DA2@amsl.com> <7E392C5B-CA0D-440A-9C10-9668D7AD4F79@cisco.com> <0A4B2338-BBB0-41B0-8DA9-BC76B0CE5666@amsl.com> <93975E7A-00F5-4F8C-99DB-D1BD27868B0B@cisco.com> <C862785F-B36C-4CB8-84EA-F86EE7C099B3@amsl.com> <BY5PR11MB419611B1FE3E5481D270D3C3B5C2A@BY5PR11MB4196.namprd11.prod.outlook.com> <FFA1DBCC-1012-4E5D-B0EA-BC0B8C1E5B39@cisco.com>
In-Reply-To: <FFA1DBCC-1012-4E5D-B0EA-BC0B8C1E5B39@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR11MB4207:EE_|PH7PR11MB8009:EE_
x-ms-office365-filtering-correlation-id: fa9fbf10-e818-4a6c-6f98-08dbc32cdf28
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: u7MEvoYwJ/QNomP/W5/14yfaNEFS1LysE71DmhdtREfszOc0tMKhccrxl/LeSxOlOntkuGR9IxCW+yOqN6GS/WdVXZYZPhqTcIkDwVG7JclUg921qgMcLPETk8BmilyX1KgwdrPKumYy5KnwM21LIDMgXyzfxEhBbJRTrjXRsejKS3kaM6UHOEFjq+RTBO6upR7JcUEQlId8sWKf7PxwAZGzkMet1CCMB3OCUcBfg5YnswsDgQgk89k7Szj8Mvt8OCmXNz6BLoenIihzCdlubAOo9jQRI56toJYczSkzQhZV+RCvbRuFAkF0QP23Js80TCSxkDbjmT0VWXDukHHxPxp/iEW0MRh0pfqx+ZZmrdblrPxYji2oudorBmzCAY5ZaaA+T2WrwPO6CA5xPsP23jnP1O+u2olN/vsYN1wLuxbVmcOQ0V0LcCfp0QoFiE3/jEktUlMZojw0h9ncGKLyn0U/67ljIy4ApPgnzcQ/L0oxa5wHUVVC+JDzsEkTaPx8569pPR6OiAEU49geU43spcOV93b4fzC2qTJm/Mgzehr4E4kt4+sOToYIUbtsxZenaFeK23Dg2Nm563f/Hyj6yS9sDd/tV7NGW9gQPOF8wvDmk7xhXUHOehzR0Lmpdhdj7K1JMp1nF7QS+jb26AaJSzTbnkpZ/Y3uCzCu2E+5JvKu0KKnpztc/uc2AQh2kYI7IpJxMnrB5/kSvxpvtc6/4A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(39860400002)(366004)(376002)(136003)(396003)(230922051799003)(451199024)(64100799003)(186009)(1800799009)(55016003)(7696005)(53546011)(6506007)(71200400001)(478600001)(966005)(122000001)(38070700005)(38100700002)(86362001)(2906002)(30864003)(83380400001)(66574015)(66946007)(9686003)(40140700001)(66476007)(64756008)(66446008)(76116006)(54906003)(5660300002)(41300700001)(316002)(33656002)(4326008)(6636002)(66556008)(8676002)(6862004)(8936002)(52536014)(562404015)(579004)(19607625013); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ohfMqDr8umRQfTJ2Vloa9sPtqDyXB2NjkOmjP+jwLt5mGmDIIxbf3BWmSUcXK3kqPOXtCMpSLN9rFP04U6g0m5z8xYhg811MZT1o7Y2pmYHyNsKcr8ht4tsBZHl0bMnl35CsTlw3pgH6NkD6c/aXlM4ueNHXkbNxnHJ6h7E4/ys8gq9JdTKwHM5hB7/LMJUHdiylKXQDooM5GviHlSrKHlbi7asSXQhdELsRa1D37lRNG3qAh+xA49WIzlSOyHrt31usS3LXuDk3MzlC43P9Wkd/4qChyYsHTCP3/cZRSQLIdLOoTi0hvk3QD4zDNg9e7OXdh3tLpy0sQQxepndkZcLaBbz2q+IQWqUFH0jY8LhCP+Dqu5qyTAUWOtxopSrTrctBnF5qNE3NbG4p1pJYYI+Zb1BMyf3tjp3FDBqC3w5No/G5k64FvAjUNnEjiLk1ZKUZhjpMKIzDR1qbENvCm+0LAUN/WxTw+z7ApeOR19vkkcH9oFOcDwN9mwGNlETfZm6vTgeOjKLWDnp8X5Zw66UPe7h1D9X83OaqmCLeQdwosq6oB5Q2QZ+U2/ysKfacuiZmvihDtmBK0AYtK/Jv6I8FZc1cyksvlkgqJpatGMDvMYrvqy9+U8W/WowZbfc04U1mzwAa7MlbJIFLvzrvsNpDLfFBnmAFKB+EGTeh+rbY+Dxar7BZ5Ae9nSH9YkhTvgUlfzCULO8RfvHT2HrCROL4wqbVlUpJzPghC65lFcNj6ma3Z92ZwaJJWwD9YebituAbMdNumsbRUv3bfXPIMxy7lluBaJp6+zBZDdpI5Wid6XtsA1dO2nQwnqzIMJDEm1U3bC+t7w5JYCYPjSQ0KRWBC09TiuKrDGz1DuQeZ7nDRUSj88YG9Dkzj/FMS1G6F/+2ALFtH75q1VxKFmK3QHBw4nRBeaC8fCe3ygyD6io5pqYhqW0IPmDAS68oTt50tt1MOSrRD3tP2M1xGopTnSGA8SopEsYEqoxRHXKjP7E5DEXTjJvx6YAROL0WfRX1MIKKcqa8Ph0iLNMwCwemX0F1UYaGAKHxBswUtqjEmK1o8DBERSQS0h7Xo8VtE2eLiYHCwJ9y1j7wATE/Mt3VV220Le59JNpzUuYvck0Kt6ALwbiGa1sIIdVBwF/fbvHWGrBIHVt90g/JA0IurgVprdU7ZvDH7IPtrKjJkBrbs35g69lBs/GcCQG2e6hctGA9+sVdv7DDHkgX3N1yi2QEMzGp0+ylI9lm5cAQ5tAJ73aOyb1KEf8mZjETAUWFZ0arrE6xgNyzcjRTWQ39qeoUdA1kxBsV41sJ3Li3RP3mf9aX+tfQSc4lX5DKjmOcOlk7ytcThXw+Zzjo+20GJGPNzx4MP3AIkwDY2tg3dRGea0bQc0dsqCVVsMmpi3K1J2doyE0pKW0PxPEAjJiC58Oq4Hpmlb1LjXL7FEC5so0g5fO4Qk9vDQRVYPFtJQAraNoIPqF4c/vrf9H693P4Hpm11fYTPtqsCEjoHGoc5+FWHz2CUEucL1K0fF/blTmHPqqKhukQN6lm5ZFqrjfAUJusCQ==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fa9fbf10-e818-4a6c-6f98-08dbc32cdf28
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Oct 2023 09:49:29.2388 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qsr85W0AJbpTZSkfXxHqcubVCANGIMm36Egd8al6I8ui1jtYH/oIdZROpwp+FmgPwje0cWstFhG5LPXPgeLXOw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB8009
X-Outbound-SMTP-Client: 173.37.147.252, alln-opgw-4.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/ftUQVNVQT1sENji9F9nosSAtzLg>
Subject: Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Oct 2023 09:49:41 -0000

Hi Eliot,

That is fine.

Regards,
Rob


> -----Original Message-----
> From: Eliot Lear <lear@cisco.com>
> Sent: Thursday, September 28, 2023 3:05 PM
> To: Rob Wilton (rwilton) <rwilton@cisco.com>
> Cc: Sarah Tarrant <starrant@amsl.com>; Rose, Scott W. (Fed)
> <scott.rose@nist.gov>; RFC Editor <rfc-editor@rfc-editor.org>; opsawg-
> ads@ietf.org; opsawg-chairs@ietf.org; bill.wu@huawei.com;
> auth48archive@rfc-editor.org
> Subject: Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18>
> for your review
> 
> Ok, I’ve reviewed this.  I think in this instance, since we are talking about a JSON
> example, and the JSON document ignores spaces and still parses, we can just
> leave it as is.  I don’t think it’s necessary to reflow.  Are you okay with that Rob?
> 
> Eliot
> 
> > On Sep 27, 2023, at 12:32, Rob Wilton (rwilton) <rwilton@cisco.com> wrote:
> >
> > Hi Sarah, Eliot,
> >
> > Sorry for the delay.
> >
> > Regarding the changes in 5.1 and 5.3:
> >
> > Rather than outdenting, did we consider leveraging RFC 8792?  E.g., to cite a
> random specific example, see the end of section 2.2.2 of
> https://datatracker.ietf.org/doc/draft-ietf-netconf-crypto-types/
> >
> > Example:
> >   =============== NOTE: '\' line wrapping per RFC 8792 ================
> >
> >   <rpc-reply message-id="101"
> >     xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
> >     <p10-csr xmlns="http://example.com/ns/example-crypto-types-usage">\
> >   BASE64VALUE=</p10-csr>
> >   </rpc-reply>
> >
> > The advantage of this is that tooling can extract the example from the RFC
> and still give a completely normal properly indented example.  I'm not sure
> how many recent YANG RFCs have started to do this, but I think that this is what
> I'm starting to more commonly see.
> >
> > Thanks,
> > Rob
> >
> >
> >> -----Original Message-----
> >> From: Sarah Tarrant <starrant@amsl.com>
> >> Sent: Friday, September 22, 2023 3:15 PM
> >> To: Eliot Lear <lear@cisco.com>
> >> Cc: Rob Wilton (rwilton) <rwilton@cisco.com>; Rose, Scott W. (Fed)
> >> <scott.rose@nist.gov>; RFC Editor <rfc-editor@rfc-editor.org>; opsawg-
> >> ads@ietf.org; opsawg-chairs@ietf.org; bill.wu@huawei.com;
> >> auth48archive@rfc-editor.org
> >> Subject: Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-
> 18>
> >> for your review
> >>
> >> Hi Eliot,
> >>
> >> Thank you for your reply. We have marked your approval on the AUTH48
> status
> >> page for this document (see https://www.rfc-editor.org/auth48/rfc9472).
> >>
> >> IANA has completed the update to the “YANG Module Names” registry.
> >>
> >> We will move this document forward in the publication process once we
> receive
> >> approval from Rob on the changes to the sourcecode in Sections 5.1 and 5.3.
> >>
> >> Thank you,
> >> RFC Editor/st
> >>
> >>> On Sep 21, 2023, at 1:32 AM, Eliot Lear <lear@cisco.com> wrote:
> >>>
> >>> Hi Sarah,
> >>>
> >>> I approve publication.  Thanks to you and the RPC for your work on this
> >> document.
> >>>
> >>> Eliot
> >>>
> >>>> On 20 Sep 2023, at 22:59, Sarah Tarrant <starrant@amsl.com> wrote:
> >>>>
> >>>> Hi Eliot,
> >>>>
> >>>> Thank you for spotting the issue with Section 7.2 and the IANA registry.
> We
> >> agree that "ietf-mud” should be updated to "ietf-mud-transparency” in
> Section
> >> 7.2 and have made that change. In a separate email, we will request that
> IANA
> >> update the “YANG Module Names” registry accordingly.
> >>>>
> >>>> Updated XML file:
> >>>> http://www.rfc-editor.org/authors/rfc9472.xml
> >>>>
> >>>> Updated output files:
> >>>> https://www.rfc-editor.org/authors/rfc9472.html
> >>>> https://www.rfc-editor.org/authors/rfc9472.txt
> >>>> https://www.rfc-editor.org/authors/rfc9472.pdf
> >>>>
> >>>> Diff file showing all changes made during AUTH48:
> >>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
> >>>>
> >>>> Diff files showing all changes:
> >>>> https://www.rfc-editor.org/authors/rfc9472-diff.html
> >>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side diff)
> >>>>
> >>>> Note that it may be necessary for you to refresh your browser to view the
> >> most recent version.
> >>>>
> >>>> For the AUTH48 status of this document, please see:
> >>>> https://www.rfc-editor.org/auth48/rfc9472
> >>>>
> >>>> Thank you,
> >>>> RFC Editor/st
> >>>>
> >>>>> On Sep 19, 2023, at 12:42 AM, Eliot Lear <lear@cisco.com> wrote:
> >>>>>
> >>>>> Hi Sarah,
> >>>>>
> >>>>> I think I’ve caught one more small issue, but this is with the IANA registry.
> >> Could you please check with them on the following:
> >>>>>
> >>>>> In 7.2, I think the name field is supposed to be ietf-mud-transparency and
> >> not ietf-mud.
> >>>>>
> >>>>> After this matter is resolved, I can approve publication.
> >>>>>
> >>>>> Thanks,
> >>>>>
> >>>>> Eliot
> >>>>>
> >>>>>
> >>>>>> On 18 Sep 2023, at 20:37, Sarah Tarrant <starrant@amsl.com> wrote:
> >>>>>>
> >>>>>> Hello Eliot and Rob*,
> >>>>>>
> >>>>>> Elliot, thank you for your reply. We have updated the document
> >> accordingly.
> >>>>>>
> >>>>>> *Rob, as AD, please review and approve the changes to the sourcecode
> in
> >> Sections 5.1 and 5.3. These changes are best viewed in this diff file:
> >> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html.
> >>>>>>
> >>>>>> We will await approvals from each of the parties listed above prior to
> >> moving this document forward in the publication process.
> >>>>>>
> >>>>>> Updated XML file:
> >>>>>> http://www.rfc-editor.org/authors/rfc9472.xml
> >>>>>>
> >>>>>> Updated output files:
> >>>>>> https://www.rfc-editor.org/authors/rfc9472.html
> >>>>>> https://www.rfc-editor.org/authors/rfc9472.txt
> >>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf
> >>>>>>
> >>>>>> Diff file showing all changes made during AUTH48:
> >>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
> >>>>>>
> >>>>>> Diff files showing all changes:
> >>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html
> >>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side
> diff)
> >>>>>>
> >>>>>> Note that it may be necessary for you to refresh your browser to view
> the
> >> most recent version.
> >>>>>>
> >>>>>> For the AUTH48 status of this document, please see:
> >>>>>> https://www.rfc-editor.org/auth48/rfc9472
> >>>>>>
> >>>>>> Thank you,
> >>>>>>
> >>>>>> RFC Editor/st
> >>>>>>
> >>>>>>> On Sep 16, 2023, at 9:04 AM, Eliot Lear <lear@cisco.com> wrote:
> >>>>>>>
> >>>>>>> Sarah,
> >>>>>>>
> >>>>>>> I believe that I have found several errors in the examples.  There are
> two
> >> problems:
> >>>>>>>
> >>>>>>> 1.  sbom-url should appear as part of an array of objects, and is not.
> >>>>>>> 2.  There is one case where mudtx wasn’t used where it should have
> >> been.
> >>>>>>> @Rob, please check me on this.  This should correspond to "list sboms”
> >> in the model.
> >>>>>>>
> >>>>>>> In Section 5.1, first example, the change is adding the sboms array:
> >>>>>>>
> >>>>>>> OLD:
> >>>>>>> {
> >>>>>>> "ietf-mud:mud": {
> >>>>>>> "mud-version": 1,
> >>>>>>> "extensions": [
> >>>>>>> "transparency"
> >>>>>>> ],
> >>>>>>> "mudtx:transparency": {
> >>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json",
> >>>>>>> "vuln-url" : [
> >>>>>>> "https://iotd.example.com/info/modelX/csaf.json"
> >>>>>>> ]
> >>>>>>> },
> >>>>>>> "mud-url": "https://iot.example.com/modelX.json",
> >>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s",
> >>>>>>> "last-update": "2022-01-05T13:29:12+00:00",
> >>>>>>> "cache-validity": 48,
> >>>>>>> "is-supported": true,
> >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
> >>>>>>> "mfg-name": "Example, Inc.",
> >>>>>>> "documentation": "https://iot.example.com/doc/modelX",
> >>>>>>> "model-name": "modelX"
> >>>>>>> }
> >>>>>>> }
> >>>>>>> NEW:
> >>>>>>> {
> >>>>>>> "ietf-mud:mud": {
> >>>>>>> "mud-version": 1,
> >>>>>>> "extensions": [
> >>>>>>> "transparency"
> >>>>>>> ],
> >>>>>>> "mudtx:transparency": {
> >>>>>>> sboms: [ {
> >>>>>>> "version-info": "1.2",
> >>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json"
> >>>>>>> } ],
> >>>>>>> "vuln-url" : [
> >>>>>>> "https://iotd.example.com/info/modelX/csaf.json"
> >>>>>>> ]
> >>>>>>> },
> >>>>>>> "mud-url": "https://iot.example.com/modelX.json",
> >>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s",
> >>>>>>> "last-update": "2022-01-05T13:29:12+00:00",
> >>>>>>> "cache-validity": 48,
> >>>>>>> "is-supported": true,
> >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
> >>>>>>> "mfg-name": "Example, Inc.",
> >>>>>>> "documentation": "https://iot.example.com/doc/modelX",
> >>>>>>> "model-name": "modelX"
> >>>>>>> }
> >>>>>>> }
> >>>>>>>
> >>>>>>> Section 5.1, 2nd Example, same change:
> >>>>>>>
> >>>>>>>
> >>>>>>> OLD:
> >>>>>>>
> >>>>>>> {
> >>>>>>> "ietf-mud:mud": {
> >>>>>>> "mud-version": 1,
> >>>>>>> "extensions": [
> >>>>>>> "transparency"
> >>>>>>> ],
> >>>>>>> "mudtx:transparency": {
> >>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json"
> >>>>>>> },
> >>>>>>> "mud-url": "https://iot.example.com/modelX.json",
> >>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s",
> >>>>>>> "last-update": "2022-01-05T13:29:12+00:00",
> >>>>>>> "cache-validity": 48,
> >>>>>>> "is-supported": true,
> >>>>>>> "systeminfo": "retrieving only SBOM info via a cloud service",
> >>>>>>> "mfg-name": "Example, Inc.",
> >>>>>>> "documentation": "https://iot.example.com/doc/modelX",
> >>>>>>> "model-name": "modelX"
> >>>>>>> }
> >>>>>>> }
> >>>>>>> NEW:
> >>>>>>> {
> >>>>>>> "ietf-mud:mud": {
> >>>>>>> "mud-version": 1,
> >>>>>>> "extensions": [
> >>>>>>> "transparency"
> >>>>>>> ],
> >>>>>>> "mudtx:transparency": {
> >>>>>>> sboms: [ {
> >>>>>>> "version-info": "1.2",
> >>>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json"
> >>>>>>> } ],
> >>>>>>> },
> >>>>>>> "mud-url": "https://iot.example.com/modelX.json",
> >>>>>>> "mud-signature": "https://iot.example.com/modelX.p7s",
> >>>>>>> "last-update": "2022-01-05T13:29:12+00:00",
> >>>>>>> "cache-validity": 48,
> >>>>>>> "is-supported": true,
> >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
> >>>>>>> "mfg-name": "Example, Inc.",
> >>>>>>> "documentation": "https://iot.example.com/doc/modelX",
> >>>>>>> "model-name": "modelX"
> >>>>>>> }
> >>>>>>> }
> >>>>>>>
> >>>>>>> Section 5.3:
> >>>>>>>
> >>>>>>> OLD:
> >>>>>>> {
> >>>>>>> "ietf-mud:mud": {
> >>>>>>> "mud-version": 1,
> >>>>>>> "extensions": [
> >>>>>>> "transparency"
> >>>>>>> ],
> >>>>>>> "ietf-mud-transparency:transparency": {
> >>>>>>> "contact-info": "https://iot-device.example.com/contact-info.html",
> >>>>>>> "vuln-url" : [
> >>>>>>> "https://iotd.example.com/info/modelX/csaf.json"
> >>>>>>> ]
> >>>>>>> },
> >>>>>>> "mud-url": "https://iot-device.example.com/modelX.json",
> >>>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s",
> >>>>>>> "last-update": "2021-07-09T06:16:42+00:00",
> >>>>>>> "cache-validity": 48,
> >>>>>>> "is-supported": true,
> >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
> >>>>>>> "mfg-name": "Example, Inc.",
> >>>>>>> "documentation": "https://iot-device.example.com/doc/modelX",
> >>>>>>> "model-name": "modelX"
> >>>>>>> }
> >>>>>>> }
> >>>>>>> NEW:
> >>>>>>> {
> >>>>>>> "ietf-mud:mud": {
> >>>>>>> "mud-version": 1,
> >>>>>>> "extensions": [
> >>>>>>> "transparency"
> >>>>>>> ],
> >>>>>>> "mudtx:transparency": {
> >>>>>>> "contact-info": "https://iot-device.example.com/contact-info.html",
> >>>>>>> "vuln-url" : [
> >>>>>>> "https://iotd.example.com/info/modelX/csaf.json"
> >>>>>>> ]
> >>>>>>> },
> >>>>>>> "mud-url": "https://iot-device.example.com/modelX.json",
> >>>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s",
> >>>>>>> "last-update": "2021-07-09T06:16:42+00:00",
> >>>>>>> "cache-validity": 48,
> >>>>>>> "is-supported": true,
> >>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service",
> >>>>>>> "mfg-name": "Example, Inc.",
> >>>>>>> "documentation": "https://iot-device.example.com/doc/modelX",
> >>>>>>> "model-name": "modelX"
> >>>>>>> }
> >>>>>>> }
> >>>>>>> Eliot
> >>>>>>>> On 13 Sep 2023, at 22:34, Sarah Tarrant <starrant@amsl.com> wrote:
> >>>>>>>>
> >>>>>>>> Hello Eliot and Scott,
> >>>>>>>>
> >>>>>>>> Thank you for your replies. We have updated the document
> accordingly,
> >> and all of our questions for the authors have been addressed.
> >>>>>>>>
> >>>>>>>> Please review the document carefully to ensure satisfaction as we do
> >> not make changes once it has been published as an RFC. Contact us with any
> >> further updates or with your approval of the document in its current form.
> We
> >> will await approvals from each author prior to moving forward in the
> >> publication process. We also need Rob’s AD approval of the change in Section
> >> 1.3 and review of question #10 prior to moving forward.
> >>>>>>>>
> >>>>>>>> Updated XML file:
> >>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml
> >>>>>>>>
> >>>>>>>> Updated output files:
> >>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html
> >>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt
> >>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf
> >>>>>>>>
> >>>>>>>> Diff file showing all changes made during AUTH48:
> >>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
> >>>>>>>>
> >>>>>>>> Diff files showing all changes:
> >>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html
> >>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side
> >> diff)
> >>>>>>>>
> >>>>>>>> Note that it may be necessary for you to refresh your browser to view
> >> the most recent version.
> >>>>>>>>
> >>>>>>>> For the AUTH48 status of this document, please see:
> >>>>>>>> https://www.rfc-editor.org/auth48/rfc9472
> >>>>>>>>
> >>>>>>>> Thank you,
> >>>>>>>>
> >>>>>>>> RFC Editor/st
> >>>>>>>>
> >>>>>>>>> On Sep 13, 2023, at 8:14 AM, Rose, Scott W. (Fed)
> >> <scott.rose@nist.gov> wrote:
> >>>>>>>>>
> >>>>>>>>> Sarah,
> >>>>>>>>> I am generally fine with the changes, specific replies below:
> >>>>>>>>>
> >>>>>>>>> Thanks,
> >>>>>>>>> Scott
> >>>>>>>>>
> >>>>>>>>> On 13 Sep 2023, at 3:15, Eliot Lear wrote:
> >>>>>>>>>
> >>>>>>>>>> Hi Sarah and thanks!  Please see below.
> >>>>>>>>>>
> >>>>>>>>>>> On 12 Sep 2023, at 20:50, Sarah Tarrant <starrant@amsl.com>
> >> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>> Hello Eliot, Scott, and Rob*,
> >>>>>>>>>>>
> >>>>>>>>>>> *Rob, as AD, please review the change in the last paragraph of
> >> Section 1.3 and let us know if you approve. The change is best viewed in this
> diff
> >> file: https://www.rfc-editor.org/authors/rfc9472-auth48diff.html. Also, please
> let
> >> us know your thoughts on this question (note that RFCs 6242, 8341, and 8446
> >> are included in the template at https://trac.ietf.org/trac/ops/wiki/yang-
> security-
> >> guidelines):
> >>>>>>>>>>>
> >>>>>>>>>>>> 10) <!-- [rfced] *[AD] Section 6: The Security Considerations
> >> section does not
> >>>>>>>>>>>> follow the requirements listed on
> >>>>>>>>>>>> https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines,
> which
> >> says
> >>>>>>>>>>>> "This section MUST be patterned after the latest approved
> >> template."
> >>>>>>>>>>>> Please confirm if the current text is acceptable per the context
> of
> >> the
> >>>>>>>>>>>> document or if any further updates are needed in order to
> follow
> >> the
> >>>>>>>>>>>> template.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Also, please confirm if it is acceptable that RFCs 6242, 8341, and
> >>>>>>>>>>>> 8446 are not listed in the Normative References section or if
> they
> >>>>>>>>>>>> should be added.
> >>>>>>>>>>>> —>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> Eliot and Scott, thank you for your replies; we have updated the
> >> document accordingly. We have a few followup questions:
> >>>>>>>>>>>
> >>>>>>>>>>> 1) We added the sentence in ii) per your reply to this question.
> We
> >> also added RFC 7231 as a normative reference. Please confirm that this is
> >> correct. Or should it be informative instead?
> >>>>>>>>>>
> >>>>>>>>>> That’s correct.
> >>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>>> e) We note that RFCs 6991 and 7231 are only referenced in the
> >> YANG
> >>>>>>>>>>>>> module and not in the running text. In order to have a 1:1
> >> matchup
> >>>>>>>>>>>>> between the references section and the text, may we add an
> >> introductory
> >>>>>>>>>>>>> sentence before the YANG module that includes these citations
> >> (option i)?
> >>>>>>>>>>>>> Alternatively, you may reference all of the RFCs that are
> >> mentioned
> >>>>>>>>>>>>> (option ii). Please let us know your preference.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Perhaps:
> >>>>>>>>>>>>> i)  This YANG module references [RFC6991] and [RFC7231].
> >>>>>>>>>>>>> or
> >>>>>>>>>>>>> ii) This YANG module references [RFC6991], [RFC7231],
> >> [RFC7252],
> >>>>>>>>>>>>> [RFC8520], and [RFC9110].
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> ii seems complete.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> 2) Regarding this question:
> >>>>>>>>>>>
> >>>>>>>>>>>>> 11) <!--[rfced] Is this sentence intended to be an ordered list
> >> (option A)
> >>>>>>>>>>>>> or are "any change in a URL" and "any change to the authority
> >>>>>>>>>>>>> section" the 2 risks that are being referred to (option B)?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Original:
> >>>>>>>>>>>>> To address either risk, any change in a URL, and in particular to
> >> the
> >>>>>>>>>>>>> authority section, two approaches may be used:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Perhaps:
> >>>>>>>>>>>>> A) To address either risk, any change in a URL, and particularly
> >> any change
> >>>>>>>>>>>>> to the authority section, two approaches may be used:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> or
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> B) To address either risk, i.e., any change in a URL and, in
> >> particular, to
> >>>>>>>>>>>>> the authority section, two approaches may be used:
> >>>>>>>>>>>>> -->
> >>>>>>>>>>>>
> >>>>>>>>>>>> How about:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> (C)  To address either risk, any change in a URL, and in
> particular
> >> to the
> >>>>>>>>>>>>> authority section; two approaches may be used:
> >>>>>>>>>>>>
> >>>>>>>>>>>> ?
> >>>>>>>>>>>
> >>>>>>>>>>> We are still having trouble understanding this sentence. (Note
> that
> >> the text before the semicolon in (C) is not a complete sentence.) Would
> >> something like the following work?
> >>>>>>>>>>>
> >>>>>>>>>>> Perhaps:
> >>>>>>>>>>> Two approaches may be used to address these risks and any
> change
> >> in a URL (particularly in the
> >>>>>>>>>>> authority section):
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Ok, having re-read the context, the authority section phrase is
> >> redundant, so we can say:
> >>>>>>>>>>
> >>>>>>>>>>> To address either of these risks or any tampering of a URL:
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> This seems fine.
> >>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> 3) Regarding this question:
> >>>>>>>>>>>
> >>>>>>>>>>>>> 15) <!-- [rfced] The following lines exceed the 72-character
> limit
> >> for
> >>>>>>>>>>>>> sourcecode. Please let us know how these lines can be
> modified.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Section 5.1 (1 character over):
> >>>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud
> service",
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Section 5.2 (1 character over):
> >>>>>>>>>>>>> "systeminfo": "mixed example: SBOM on device, vuln info in
> >> cloud",
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Section 5.3 (2 characters over):
> >>>>>>>>>>>>> "contact-info": "https://iot-device.example.com/contact-
> >> info.html",
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Section 5.3 (1 character over):
> >>>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud
> service",
> >>>>>>>>>>>>> -->
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> Would you mind out-denting these lines?
> >>>>>>>>>>>
> >>>>>>>>>>> Please confirm that we updated these correctly. We moved the
> lines
> >> in each example mentioned above one or two spaces (as appropriate) to the
> >> left to meet the character limit, though we couldn’t not move the “{“ at the
> >> beginning and end of each example as these were already at the left margin.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> That’s okay.
> >>>>>>>>>>
> >>>>>>>>>> Aside: this 72 character limit was VERY important when printers
> >> could only print 80 columns, but that was on its way out even when *I* was a
> >> student in the 80s (I never saw an actual line printer after college).
> >>>>>>>>>>
> >>>>>>>>>> Regards,
> >>>>>>>>>>
> >>>>>>>>>> Eliot
> >>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> ______________
> >>>>>>>>>>>
> >>>>>>>>>>> Updated XML file:
> >>>>>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml
> >>>>>>>>>>>
> >>>>>>>>>>> Updated output files:
> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html
> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt
> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf
> >>>>>>>>>>>
> >>>>>>>>>>> Diff file showing all changes made during AUTH48:
> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html
> >>>>>>>>>>>
> >>>>>>>>>>> Diff files showing all changes:
> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html
> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-
> >> side diff)
> >>>>>>>>>>>
> >>>>>>>>>>> Note that it may be necessary for you to refresh your browser to
> >> view the most recent version.
> >>>>>>>>>>>
> >>>>>>>>>>> For the AUTH48 status of this document, please see:
> >>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9472
> >>>>>>>>>>>
> >>>>>>>>>>> Thank you,
> >>>>>>>>>>>
> >>>>>>>>>>> RFC Editor/st
> >>>>>>>>>>>
> >>>>>>>>>>>> On Sep 11, 2023, at 12:23 PM, Rose, Scott W. (Fed)
> >> <scott.rose=40nist.gov@dmarc.ietf.org> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>> On 8 Sep 2023, at 19:26, rfc-editor@rfc-editor.org wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Authors and *AD,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> While reviewing this document during AUTH48, please resolve
> (as
> >> necessary) the following questions, which are also in the XML file.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> 17) <!-- [rfced] FYI: We have added expansions for the
> following
> >> abbreviations
> >>>>>>>>>>>>> per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review
> >> each
> >>>>>>>>>>>>> expansion in the document carefully to ensure correctness.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Access Control Lists (ACLs)
> >>>>>>>>>>>>> Constrained Application Protocol (CoAP)
> >>>>>>>>>>>>> Internet of Things (IoT)
> >>>>>>>>>>>>> -->
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> 18) <!-- [rfced] Please review the "Inclusive Language" portion
> of
> >> the online
> >>>>>>>>>>>>> Style Guide <https://www.rfc-
> >> editor.org/styleguide/part2/#inclusive_language>
> >>>>>>>>>>>>> and let us know if any changes are needed.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Note that our script did not flag any words in particular, but this
> >> should
> >>>>>>>>>>>>> still be reviewed as a best practice.
> >>>>>>>>>>>>> -->
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> FWIW, I did a pass through to match against the NIST inclusive
> >> language guidance and did not find anything that needed to be addressed.
> >> Future changes may change that (not likely, but maybe).
> >>>>>>>>>>>>
> >>>>>>>>>>>> Thanks
> >>>>>>>>>>>> Scott
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> ==================================
> >>>>>>>>>>>> Scott Rose NIST/CTL
> >>>>>>>>>>>> scott.rose@nist.gov
> >>>>>>>>>>>> ph: +1-301-975-8439 (w)
> >>>>>>>>>>>> +1-571-249-3761 (GoogleVoice)
> >>>>>>>>>>>> ==================================
> >>>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> ==================================
> >>>>>>>>> Scott Rose NIST/CTL
> >>>>>>>>> scott.rose@nist.gov
> >>>>>>>>> ph: +1-301-975-8439 (w)
> >>>>>>>>> +1-571-249-3761 (GoogleVoice)
> >>>>>>>>> ==================================
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >

v2.23.0 | Report a Bug | By Email