[auth48] Fwd: [IANA #1282204] [IANA] Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
Sarah Tarrant <starrant@amsl.com> Thu, 21 September 2023 20:39 UTC
Return-Path: <starrant@amsl.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88A5AC1519BD; Thu, 21 Sep 2023 13:39:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qySteik-vQSA; Thu, 21 Sep 2023 13:39:43 -0700 (PDT)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDB85C1519B1; Thu, 21 Sep 2023 13:39:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id A5248424B432; Thu, 21 Sep 2023 13:39:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RiQOViLLm-M6; Thu, 21 Sep 2023 13:39:43 -0700 (PDT)
Received: from smtpclient.apple (unknown [IPv6:2600:1700:8f1d:4000:f2:7cfc:dd7:55f0]) by c8a.amsl.com (Postfix) with ESMTPSA id F0520424B434; Thu, 21 Sep 2023 13:39:42 -0700 (PDT)
From: Sarah Tarrant <starrant@amsl.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_816D9516-3F1F-4001-946F-071FFC293A9B"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Message-Id: <ED14DDC1-83FC-431B-AB06-2B50722626C0@amsl.com>
References: <rt-5.0.3-692789-1695250980-276.1282204-37-0@icann.org>
To: Eliot Lear <lear@cisco.com>, "Rob Wilton (rwilton)" <rwilton@cisco.com>, "Rose, Scott W. (Fed)" <scott.rose@nist.gov>, RFC Editor <rfc-editor@rfc-editor.org>, opsawg-ads@ietf.org, opsawg-chairs@ietf.org, bill.wu@huawei.com, auth48archive@rfc-editor.org
Date: Thu, 21 Sep 2023 15:39:31 -0500
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/i6srQKg2Dg5NHNAOS6qlyD_pGes>
Subject: [auth48] Fwd: [IANA #1282204] [IANA] Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Sep 2023 20:39:48 -0000
> Begin forwarded message: > > From: "Amanda Baber via RT" <iana-matrix@iana.org> > Subject: [IANA #1282204] [IANA] Re: [AD] AUTH48: RFC-to-be 9472 <draft-ietf-opsawg-sbom-access-18> for your review > Date: September 20, 2023 at 6:03:00 PM CDT > To: starrant@amsl.com > Reply-To: iana-matrix@iana.org > > Hi all, > > This change is complete: > > https://www.iana.org/assignments/yang-parameters > > thanks, > > Amanda Baber > IANA Operations Manager > > On Wed Sep 20 21:02:46 2023, starrant@amsl.com wrote: >> IANA, >> >> Please make the following change in the “YANG Module Names” registry >> at https://www.iana.org/assignments/yang-parameters. Note that there >> are two entries for "ietf-mud”. This change should only be applied for >> the one with this document as a reference. >> >> OLD: >> ietf-mud >> >> NEW: >> ietf-mud-transparency >> >> Thank you, >> RFC Editor/st >> >>> On Sep 20, 2023, at 3:59 PM, Sarah Tarrant <starrant@amsl.com> wrote: >>> >>> Hi Eliot, >>> >>> Thank you for spotting the issue with Section 7.2 and the IANA >>> registry. We agree that "ietf-mud” should be updated to "ietf-mud- >>> transparency” in Section 7.2 and have made that change. In a separate >>> email, we will request that IANA update the “YANG Module Names” >>> registry accordingly. >>> >>> Updated XML file: >>> http://www.rfc-editor.org/authors/rfc9472.xml >>> >>> Updated output files: >>> https://www.rfc-editor.org/authors/rfc9472.html >>> https://www.rfc-editor.org/authors/rfc9472.txt >>> https://www.rfc-editor.org/authors/rfc9472.pdf >>> >>> Diff file showing all changes made during AUTH48: >>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>> >>> Diff files showing all changes: >>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by-side >>> diff) >>> >>> Note that it may be necessary for you to refresh your browser to view >>> the most recent version. >>> >>> For the AUTH48 status of this document, please see: >>> https://www.rfc-editor.org/auth48/rfc9472 >>> >>> Thank you, >>> RFC Editor/st >>> >>>> On Sep 19, 2023, at 12:42 AM, Eliot Lear <lear@cisco.com> wrote: >>>> >>>> Hi Sarah, >>>> >>>> I think I’ve caught one more small issue, but this is with the IANA >>>> registry. Could you please check with them on the following: >>>> >>>> In 7.2, I think the name field is supposed to be ietf-mud- >>>> transparency and not ietf-mud. >>>> >>>> After this matter is resolved, I can approve publication. >>>> >>>> Thanks, >>>> >>>> Eliot >>>> >>>> >>>>> On 18 Sep 2023, at 20:37, Sarah Tarrant <starrant@amsl.com> wrote: >>>>> >>>>> Hello Eliot and Rob*, >>>>> >>>>> Elliot, thank you for your reply. We have updated the document >>>>> accordingly. >>>>> >>>>> *Rob, as AD, please review and approve the changes to the >>>>> sourcecode in Sections 5.1 and 5.3. These changes are best viewed >>>>> in this diff file: https://www.rfc-editor.org/authors/rfc9472- >>>>> auth48diff.html. >>>>> >>>>> We will await approvals from each of the parties listed above prior >>>>> to moving this document forward in the publication process. >>>>> >>>>> Updated XML file: >>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>> >>>>> Updated output files: >>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>> >>>>> Diff file showing all changes made during AUTH48: >>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>> >>>>> Diff files showing all changes: >>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by- >>>>> side diff) >>>>> >>>>> Note that it may be necessary for you to refresh your browser to >>>>> view the most recent version. >>>>> >>>>> For the AUTH48 status of this document, please see: >>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>> >>>>> Thank you, >>>>> >>>>> RFC Editor/st >>>>> >>>>>> On Sep 16, 2023, at 9:04 AM, Eliot Lear <lear@cisco.com> wrote: >>>>>> >>>>>> Sarah, >>>>>> >>>>>> I believe that I have found several errors in the examples. There >>>>>> are two problems: >>>>>> >>>>>> 1. sbom-url should appear as part of an array of objects, and is >>>>>> not. >>>>>> 2. There is one case where mudtx wasn’t used where it should have >>>>>> been. >>>>>> @Rob, please check me on this. This should correspond to "list >>>>>> sboms” in the model. >>>>>> >>>>>> In Section 5.1, first example, the change is adding the sboms >>>>>> array: >>>>>> >>>>>> OLD: >>>>>> { >>>>>> "ietf-mud:mud": { >>>>>> "mud-version": 1, >>>>>> "extensions": [ >>>>>> "transparency" >>>>>> ], >>>>>> "mudtx:transparency": { >>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json", >>>>>> "vuln-url" : [ >>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>> ] >>>>>> }, >>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>> "cache-validity": 48, >>>>>> "is-supported": true, >>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>> "mfg-name": "Example, Inc.", >>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>> "model-name": "modelX" >>>>>> } >>>>>> } >>>>>> NEW: >>>>>> { >>>>>> "ietf-mud:mud": { >>>>>> "mud-version": 1, >>>>>> "extensions": [ >>>>>> "transparency" >>>>>> ], >>>>>> "mudtx:transparency": { >>>>>> sboms: [ { >>>>>> "version-info": "1.2", >>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json" >>>>>> } ], >>>>>> "vuln-url" : [ >>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>> ] >>>>>> }, >>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>> "cache-validity": 48, >>>>>> "is-supported": true, >>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>> "mfg-name": "Example, Inc.", >>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>> "model-name": "modelX" >>>>>> } >>>>>> } >>>>>> >>>>>> Section 5.1, 2nd Example, same change: >>>>>> >>>>>> >>>>>> OLD: >>>>>> >>>>>> { >>>>>> "ietf-mud:mud": { >>>>>> "mud-version": 1, >>>>>> "extensions": [ >>>>>> "transparency" >>>>>> ], >>>>>> "mudtx:transparency": { >>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json" >>>>>> }, >>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>> "cache-validity": 48, >>>>>> "is-supported": true, >>>>>> "systeminfo": "retrieving only SBOM info via a cloud service", >>>>>> "mfg-name": "Example, Inc.", >>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>> "model-name": "modelX" >>>>>> } >>>>>> } >>>>>> NEW: >>>>>> { >>>>>> "ietf-mud:mud": { >>>>>> "mud-version": 1, >>>>>> "extensions": [ >>>>>> "transparency" >>>>>> ], >>>>>> "mudtx:transparency": { >>>>>> sboms: [ { >>>>>> "version-info": "1.2", >>>>>> "sbom-url": "https://iot.example.com/info/modelX/sbom.json" >>>>>> } ], >>>>>> }, >>>>>> "mud-url": "https://iot.example.com/modelX.json", >>>>>> "mud-signature": "https://iot.example.com/modelX.p7s", >>>>>> "last-update": "2022-01-05T13:29:12+00:00", >>>>>> "cache-validity": 48, >>>>>> "is-supported": true, >>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>> "mfg-name": "Example, Inc.", >>>>>> "documentation": "https://iot.example.com/doc/modelX", >>>>>> "model-name": "modelX" >>>>>> } >>>>>> } >>>>>> >>>>>> Section 5.3: >>>>>> >>>>>> OLD: >>>>>> { >>>>>> "ietf-mud:mud": { >>>>>> "mud-version": 1, >>>>>> "extensions": [ >>>>>> "transparency" >>>>>> ], >>>>>> "ietf-mud-transparency:transparency": { >>>>>> "contact-info": "https://iot-device.example.com/contact- >>>>>> info.html", >>>>>> "vuln-url" : [ >>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>> ] >>>>>> }, >>>>>> "mud-url": "https://iot-device.example.com/modelX.json", >>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s", >>>>>> "last-update": "2021-07-09T06:16:42+00:00", >>>>>> "cache-validity": 48, >>>>>> "is-supported": true, >>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>> "mfg-name": "Example, Inc.", >>>>>> "documentation": "https://iot-device.example.com/doc/modelX", >>>>>> "model-name": "modelX" >>>>>> } >>>>>> } >>>>>> NEW: >>>>>> { >>>>>> "ietf-mud:mud": { >>>>>> "mud-version": 1, >>>>>> "extensions": [ >>>>>> "transparency" >>>>>> ], >>>>>> "mudtx:transparency": { >>>>>> "contact-info": "https://iot-device.example.com/contact- >>>>>> info.html", >>>>>> "vuln-url" : [ >>>>>> "https://iotd.example.com/info/modelX/csaf.json" >>>>>> ] >>>>>> }, >>>>>> "mud-url": "https://iot-device.example.com/modelX.json", >>>>>> "mud-signature": "https://iot-device.example.com/modelX.p7s", >>>>>> "last-update": "2021-07-09T06:16:42+00:00", >>>>>> "cache-validity": 48, >>>>>> "is-supported": true, >>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud service", >>>>>> "mfg-name": "Example, Inc.", >>>>>> "documentation": "https://iot-device.example.com/doc/modelX", >>>>>> "model-name": "modelX" >>>>>> } >>>>>> } >>>>>> Eliot >>>>>>> On 13 Sep 2023, at 22:34, Sarah Tarrant <starrant@amsl.com> >>>>>>> wrote: >>>>>>> >>>>>>> Hello Eliot and Scott, >>>>>>> >>>>>>> Thank you for your replies. We have updated the document >>>>>>> accordingly, and all of our questions for the authors have been >>>>>>> addressed. >>>>>>> >>>>>>> Please review the document carefully to ensure satisfaction as we >>>>>>> do not make changes once it has been published as an RFC. Contact >>>>>>> us with any further updates or with your approval of the document >>>>>>> in its current form. We will await approvals from each author >>>>>>> prior to moving forward in the publication process. We also need >>>>>>> Rob’s AD approval of the change in Section 1.3 and review of >>>>>>> question #10 prior to moving forward. >>>>>>> >>>>>>> Updated XML file: >>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>>>> >>>>>>> Updated output files: >>>>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>>>> >>>>>>> Diff file showing all changes made during AUTH48: >>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>>>> >>>>>>> Diff files showing all changes: >>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side-by- >>>>>>> side diff) >>>>>>> >>>>>>> Note that it may be necessary for you to refresh your browser to >>>>>>> view the most recent version. >>>>>>> >>>>>>> For the AUTH48 status of this document, please see: >>>>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>>>> >>>>>>> Thank you, >>>>>>> >>>>>>> RFC Editor/st >>>>>>> >>>>>>>> On Sep 13, 2023, at 8:14 AM, Rose, Scott W. (Fed) >>>>>>>> <scott.rose@nist.gov> wrote: >>>>>>>> >>>>>>>> Sarah, >>>>>>>> I am generally fine with the changes, specific replies below: >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Scott >>>>>>>> >>>>>>>> On 13 Sep 2023, at 3:15, Eliot Lear wrote: >>>>>>>> >>>>>>>>> Hi Sarah and thanks! Please see below. >>>>>>>>> >>>>>>>>>> On 12 Sep 2023, at 20:50, Sarah Tarrant <starrant@amsl.com> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hello Eliot, Scott, and Rob*, >>>>>>>>>> >>>>>>>>>> *Rob, as AD, please review the change in the last paragraph of >>>>>>>>>> Section 1.3 and let us know if you approve. The change is best >>>>>>>>>> viewed in this diff file: https://www.rfc- >>>>>>>>>> editor.org/authors/rfc9472-auth48diff.html. Also, please let >>>>>>>>>> us know your thoughts on this question (note that RFCs 6242, >>>>>>>>>> 8341, and 8446 are included in the template at >>>>>>>>>> https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines): >>>>>>>>>> >>>>>>>>>>> 10) <!-- [rfced] *[AD] Section 6: The Security Considerations >>>>>>>>>>> section does not >>>>>>>>>>> follow the requirements listed on >>>>>>>>>>> https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines, >>>>>>>>>>> which says >>>>>>>>>>> "This section MUST be patterned after the latest approved >>>>>>>>>>> template." >>>>>>>>>>> Please confirm if the current text is acceptable per the >>>>>>>>>>> context of the >>>>>>>>>>> document or if any further updates are needed in order to >>>>>>>>>>> follow the >>>>>>>>>>> template. >>>>>>>>>>> >>>>>>>>>>> Also, please confirm if it is acceptable that RFCs 6242, >>>>>>>>>>> 8341, and >>>>>>>>>>> 8446 are not listed in the Normative References section or if >>>>>>>>>>> they >>>>>>>>>>> should be added. >>>>>>>>>>> —> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Eliot and Scott, thank you for your replies; we have updated >>>>>>>>>> the document accordingly. We have a few followup questions: >>>>>>>>>> >>>>>>>>>> 1) We added the sentence in ii) per your reply to this >>>>>>>>>> question. We also added RFC 7231 as a normative reference. >>>>>>>>>> Please confirm that this is correct. Or should it be >>>>>>>>>> informative instead? >>>>>>>>> >>>>>>>>> That’s correct. >>>>>>>>> >>>>>>>>>> >>>>>>>>>>>> e) We note that RFCs 6991 and 7231 are only referenced in >>>>>>>>>>>> the YANG >>>>>>>>>>>> module and not in the running text. In order to have a 1:1 >>>>>>>>>>>> matchup >>>>>>>>>>>> between the references section and the text, may we add an >>>>>>>>>>>> introductory >>>>>>>>>>>> sentence before the YANG module that includes these >>>>>>>>>>>> citations (option i)? >>>>>>>>>>>> Alternatively, you may reference all of the RFCs that are >>>>>>>>>>>> mentioned >>>>>>>>>>>> (option ii). Please let us know your preference. >>>>>>>>>>>> >>>>>>>>>>>> Perhaps: >>>>>>>>>>>> i) This YANG module references [RFC6991] and [RFC7231]. >>>>>>>>>>>> or >>>>>>>>>>>> ii) This YANG module references [RFC6991], [RFC7231], >>>>>>>>>>>> [RFC7252], >>>>>>>>>>>> [RFC8520], and [RFC9110]. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ii seems complete. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 2) Regarding this question: >>>>>>>>>> >>>>>>>>>>>> 11) <!--[rfced] Is this sentence intended to be an ordered >>>>>>>>>>>> list (option A) >>>>>>>>>>>> or are "any change in a URL" and "any change to the >>>>>>>>>>>> authority >>>>>>>>>>>> section" the 2 risks that are being referred to (option B)? >>>>>>>>>>>> >>>>>>>>>>>> Original: >>>>>>>>>>>> To address either risk, any change in a URL, and in >>>>>>>>>>>> particular to the >>>>>>>>>>>> authority section, two approaches may be used: >>>>>>>>>>>> >>>>>>>>>>>> Perhaps: >>>>>>>>>>>> A) To address either risk, any change in a URL, and >>>>>>>>>>>> particularly any change >>>>>>>>>>>> to the authority section, two approaches may be used: >>>>>>>>>>>> >>>>>>>>>>>> or >>>>>>>>>>>> >>>>>>>>>>>> B) To address either risk, i.e., any change in a URL and, in >>>>>>>>>>>> particular, to >>>>>>>>>>>> the authority section, two approaches may be used: >>>>>>>>>>>> --> >>>>>>>>>>> >>>>>>>>>>> How about: >>>>>>>>>>> >>>>>>>>>>>> (C) To address either risk, any change in a URL, and in >>>>>>>>>>>> particular to the >>>>>>>>>>>> authority section; two approaches may be used: >>>>>>>>>>> >>>>>>>>>>> ? >>>>>>>>>> >>>>>>>>>> We are still having trouble understanding this sentence. (Note >>>>>>>>>> that the text before the semicolon in (C) is not a complete >>>>>>>>>> sentence.) Would something like the following work? >>>>>>>>>> >>>>>>>>>> Perhaps: >>>>>>>>>> Two approaches may be used to address these risks and any >>>>>>>>>> change in a URL (particularly in the >>>>>>>>>> authority section): >>>>>>>>>> >>>>>>>>> >>>>>>>>> Ok, having re-read the context, the authority section phrase is >>>>>>>>> redundant, so we can say: >>>>>>>>> >>>>>>>>>> To address either of these risks or any tampering of a URL: >>>>>>>>> >>>>>>>> >>>>>>>> This seems fine. >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> 3) Regarding this question: >>>>>>>>>> >>>>>>>>>>>> 15) <!-- [rfced] The following lines exceed the 72-character >>>>>>>>>>>> limit for >>>>>>>>>>>> sourcecode. Please let us know how these lines can be >>>>>>>>>>>> modified. >>>>>>>>>>>> >>>>>>>>>>>> Section 5.1 (1 character over): >>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud >>>>>>>>>>>> service", >>>>>>>>>>>> >>>>>>>>>>>> Section 5.2 (1 character over): >>>>>>>>>>>> "systeminfo": "mixed example: SBOM on device, vuln info in >>>>>>>>>>>> cloud", >>>>>>>>>>>> >>>>>>>>>>>> Section 5.3 (2 characters over): >>>>>>>>>>>> "contact-info": "https://iot-device.example.com/contact- >>>>>>>>>>>> info.html", >>>>>>>>>>>> >>>>>>>>>>>> Section 5.3 (1 character over): >>>>>>>>>>>> "systeminfo": "retrieving vuln and SBOM info via a cloud >>>>>>>>>>>> service", >>>>>>>>>>>> --> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Would you mind out-denting these lines? >>>>>>>>>> >>>>>>>>>> Please confirm that we updated these correctly. We moved the >>>>>>>>>> lines in each example mentioned above one or two spaces (as >>>>>>>>>> appropriate) to the left to meet the character limit, though >>>>>>>>>> we couldn’t not move the “{“ at the beginning and end of each >>>>>>>>>> example as these were already at the left margin. >>>>>>>>> >>>>>>>>> >>>>>>>>> That’s okay. >>>>>>>>> >>>>>>>>> Aside: this 72 character limit was VERY important when printers >>>>>>>>> could only print 80 columns, but that was on its way out even >>>>>>>>> when *I* was a student in the 80s (I never saw an actual line >>>>>>>>> printer after college). >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> Eliot >>>>>>>>> >>>>>>>>>> >>>>>>>>>> ______________ >>>>>>>>>> >>>>>>>>>> Updated XML file: >>>>>>>>>> http://www.rfc-editor.org/authors/rfc9472.xml >>>>>>>>>> >>>>>>>>>> Updated output files: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.html >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.txt >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472.pdf >>>>>>>>>> >>>>>>>>>> Diff file showing all changes made during AUTH48: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-auth48diff.html >>>>>>>>>> >>>>>>>>>> Diff files showing all changes: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-diff.html >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9472-rfcdiff.html (side- >>>>>>>>>> by-side diff) >>>>>>>>>> >>>>>>>>>> Note that it may be necessary for you to refresh your browser >>>>>>>>>> to view the most recent version. >>>>>>>>>> >>>>>>>>>> For the AUTH48 status of this document, please see: >>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9472 >>>>>>>>>> >>>>>>>>>> Thank you, >>>>>>>>>> >>>>>>>>>> RFC Editor/st >>>>>>>>>> >>>>>>>>>>> On Sep 11, 2023, at 12:23 PM, Rose, Scott W. (Fed) >>>>>>>>>>> <scott.rose=40nist.gov@dmarc.ietf.org> wrote: >>>>>>>>>>> >>>>>>>>>>> On 8 Sep 2023, at 19:26, rfc-editor@rfc-editor.org wrote: >>>>>>>>>>> >>>>>>>>>>>> Authors and *AD, >>>>>>>>>>>> >>>>>>>>>>>> While reviewing this document during AUTH48, please resolve >>>>>>>>>>>> (as necessary) the following questions, which are also in >>>>>>>>>>>> the XML file. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> 17) <!-- [rfced] FYI: We have added expansions for the >>>>>>>>>>>> following abbreviations >>>>>>>>>>>> per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please >>>>>>>>>>>> review each >>>>>>>>>>>> expansion in the document carefully to ensure correctness. >>>>>>>>>>>> >>>>>>>>>>>> Access Control Lists (ACLs) >>>>>>>>>>>> Constrained Application Protocol (CoAP) >>>>>>>>>>>> Internet of Things (IoT) >>>>>>>>>>>> --> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> 18) <!-- [rfced] Please review the "Inclusive Language" >>>>>>>>>>>> portion of the online >>>>>>>>>>>> Style Guide <https://www.rfc- >>>>>>>>>>>> editor.org/styleguide/part2/#inclusive_language> >>>>>>>>>>>> and let us know if any changes are needed. >>>>>>>>>>>> >>>>>>>>>>>> Note that our script did not flag any words in particular, >>>>>>>>>>>> but this should >>>>>>>>>>>> still be reviewed as a best practice. >>>>>>>>>>>> --> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> FWIW, I did a pass through to match against the NIST >>>>>>>>>>> inclusive language guidance and did not find anything that >>>>>>>>>>> needed to be addressed. Future changes may change that (not >>>>>>>>>>> likely, but maybe). >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> Scott >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ================================== >>>>>>>>>>> Scott Rose NIST/CTL >>>>>>>>>>> scott.rose@nist.gov >>>>>>>>>>> ph: +1-301-975-8439 (w) >>>>>>>>>>> +1-571-249-3761 (GoogleVoice) >>>>>>>>>>> ================================== >>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ================================== >>>>>>>> Scott Rose NIST/CTL >>>>>>>> scott.rose@nist.gov >>>>>>>> ph: +1-301-975-8439 (w) >>>>>>>> +1-571-249-3761 (GoogleVoice) >>>>>>>> ================================== >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >
- [auth48] AUTH48: RFC-to-be 9472 <draft-ietf-opsaw… rfc-editor
- [auth48] [AD] Re: AUTH48: RFC-to-be 9472 <draft-i… rfc-editor
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rose, Scott W. (Fed)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- [auth48] [IANA] Re: [AD] AUTH48: RFC-to-be 9472 <… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- [auth48] Fwd: [IANA #1282204] [IANA] Re: [AD] AUT… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Rob Wilton (rwilton)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Eliot Lear
- Re: [auth48] [AD] AUTH48: RFC-to-be 9472 <draft-i… Sarah Tarrant