[core] Fwd: [OPSAWG] some comments and thoughts on mud-sbom and sbom-type
Carsten Bormann <cabo@tzi.org> Mon, 24 August 2020 05:21 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 750C43A0A34 for <core@ietfa.amsl.com>; Sun, 23 Aug 2020 22:21:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.003
X-Spam-Level:
X-Spam-Status: No, score=0.003 tagged_above=-999 required=5 tests=[RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQkuQkcit8aI for <core@ietfa.amsl.com>; Sun, 23 Aug 2020 22:21:28 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7F343A0A2D for <core@ietf.org>; Sun, 23 Aug 2020 22:21:28 -0700 (PDT)
Received: from [192.168.217.102] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4BZgTL6t3zzyXj; Mon, 24 Aug 2020 07:21:26 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Carsten Bormann <cabo@tzi.org>
Date: Mon, 24 Aug 2020 07:21:26 +0200
X-Mao-Original-Outgoing-Id: 619939286.462364-4e659618c1979a9e419290846e3eb422
Content-Transfer-Encoding: quoted-printable
Message-Id: <9105A6A0-4C53-4FA1-8E3B-C404417313C0@tzi.org>
References: <D5000591-F39C-42DB-991C-E8BC0F5E5E70@cisco.com>
To: "core@ietf.org WG (core@ietf.org)" <core@ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/LPEbnfh-eabVxLqnUF-TtzFc8-k>
Subject: [core] Fwd: [OPSAWG] some comments and thoughts on mud-sbom and sbom-type
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2020 05:21:32 -0000
I fished the below out of conversation in opsawg. The objective is to say “here, but with coaps:// scheme”. We can say “with the current scheme, but elsewhere” as //elsewhere.example/.well-known/sbom But we can’t say coaps:///.well-known/sbom out of a resource accessed with coap:// Food for thought. (I know, use CoRAL :-) Grüße, Carsten > Begin forwarded message: > > From: Eliot Lear <lear=40cisco.com@dmarc.ietf.org> > Subject: Re: [OPSAWG] some comments and thoughts on mud-sbom and sbom-type > Date: 2020-08-18 at 15:18:42 CEST > To: Michael Richardson <mcr+ietf@sandelman.ca> > Cc: opsawg <opsawg@ietf.org>, Brendan Moran <Brendan.Moran@arm.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> > Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/02vUItNV-HRYdxKrVl8ye8xx3ZI> > Message-Id: <D5000591-F39C-42DB-991C-E8BC0F5E5E70@cisco.com> > >> 1) It seems that just putting coaps:///.well-known/sbom in the URI might work as well. >> If necessary, then maybe: coaps://127.0.0.1/.well-known/sbom or https://[::1]/.well-known/sbom >> CoAP does have a Content-Type for returned content, but it is true that >> there isn't as much negotiation by default in the form of Accept: > > I don’t think /// is a real construct. There are two issues. We don’t know the hostname and we don’t know the scheme. But the MUD manager does know the hostname, and we need to be provided the scheme. There is no convention for ME without a pre-existing context. That might be something to work on, but it would hav to happen in coordination with the COAP and HTTP working groups, and I don’t know how big a job it would be. Thus what’s there.
- [core] Fwd: [OPSAWG] some comments and thoughts o… Carsten Bormann
- Re: [core] Fwd: [OPSAWG] some comments and though… Michael Richardson