[Gen-art] some YANG thoughts on draft-ietf-opsawg-sbom-access-03
tom petch <ietfc@btconnect.com> Tue, 14 December 2021 10:15 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2822E3A0A2F; Tue, 14 Dec 2021 02:15:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 65-SLTUkMpxK; Tue, 14 Dec 2021 02:15:44 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04lp2054.outbound.protection.outlook.com [104.47.12.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 305483A0A2E; Tue, 14 Dec 2021 02:15:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g/j6XEKqgDvFCbReTrncCcUeDmextC4Irvnwc/UsEoMu1el1UWuKGFqTF3qtH69Gx5RE5t2a68aWcBYK4XLvtrYOhl0z3nAjhNRJCgZlZtczvCnurmDDaXSHCK0zg1EX0nNTYsHF5i+DOr8XmJ0R1qXaJl7s/05opijfiTe8NBzGv86RMF0iGInTv67jNZedcW5gmr4qJK1Cqc2PI3CMfiOPKpIelL0EZnGPR47Y55DNhCfmLjFPB23jk6lnPYiwygXpSATLYrcPGn2t8gGfLiobFeBJOpqTkIxV2clPxzB4UZn/pxnaenP9J0v9V0t0ICK2dWFVZhd9w3qlbKINKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oCPNBQlaN3dg1i1VzrVXS7bYow8ZBzv1SWUwY25lzGo=; b=Kf9+8EeVA2d1vfDbX0m/VKcdPLnzEJpEfUGcgHuDSXyIRVaZFCqD/rKFN6Kh3M2UCD9cLXy0x73g5QjZiKfp/pQbgBnh/+aO9fuE43bnyJVxLXkoyk3q9/M4DMsLET76utHrQ9jHZ2hXIBpcSkC+Ju/jL9N/RZksLR/d3YUD287/um/65By5x8CyUE1J4TaCDDjwz8YaPKUZZmJwlbYWVfkDMCeYLFaJMnWGQzCCcQlMQrCt6YuiGuSEX/wXWh+TPHaABw0RMaVu4DdC8JrqibDwkudOXNbXqhCGRO1TLksMQoh4HWb3Yir/iUQ/mD8gxgQ+gTjyK+983RZcUX7LVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oCPNBQlaN3dg1i1VzrVXS7bYow8ZBzv1SWUwY25lzGo=; b=Dm4k0C0Hnr1Dh1kRBHzFe3JLO7kTt6xFNB1AKzwIh2fIpoPHEAvrcJLVrqfF7pkn9fUuJuJG/kRRz6ekL2+jZGa5NhTxBJm7q5JlK0uRqtAPkUZNnBsRArbSnNQBvJB54yohUQTJoi7oAIclZGoh7VvAxCYy47MRtxCBCynOKjQ=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by AM6PR0702MB3591.eurprd07.prod.outlook.com (2603:10a6:209:12::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.14; Tue, 14 Dec 2021 10:15:39 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::89f3:ef4c:9336:3848]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::89f3:ef4c:9336:3848%3]) with mapi id 15.20.4801.014; Tue, 14 Dec 2021 10:15:39 +0000
From: tom petch <ietfc@btconnect.com>
To: "gen-art@ietf.org" <gen-art@ietf.org>, Russ Housley <housley@vigilsec.com>
CC: "draft-ietf-opsawg-sbom-access.all@ietf.org" <draft-ietf-opsawg-sbom-access.all@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: some YANG thoughts on draft-ietf-opsawg-sbom-access-03
Thread-Index: AQHX8NOLus2uUp5f9Eit5gdr2r61UA==
Date: Tue, 14 Dec 2021 10:15:39 +0000
Message-ID: <AM7PR07MB62488F5123CDBDBBA79100CBA0759@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <163943295026.14606.17568188352214673806@ietfa.amsl.com>
In-Reply-To: <163943295026.14606.17568188352214673806@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: a751b005-63c6-6488-0338-1c18c977aed0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fc43333b-33da-4054-b0b7-08d9beeaadb4
x-ms-traffictypediagnostic: AM6PR0702MB3591:EE_
x-microsoft-antispam-prvs: <AM6PR0702MB359172D764F786B4CDD92184A0759@AM6PR0702MB3591.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EH1JnSqwPGEz9d9jU+FrVLZ59AClzKPuq1yj04GDuTxinHc5blG/pRAr9MjSXdA7y5IRgwaMJWnDl4qFRoPNj7BuADD2v5QXXJ0byXgv2XARGsFQoBaQpxaoLSrYLyEx/Twr1suYxRsMXLDTIkJz01WcWTl94oc2UUYxI18eWqzlCz/76WfIG+qS1EK8mrfTHfb5q2Ny3r9Er34b9dzB3pm10GAbjprhYJnUoe350ZYjiLq6fDPrvOSzWRZFq6ypDl2rPDatHlOOtibfNFZI1FwZDrCdmTHnpJI2pyPYrvdnOEPSvYspVsvBZD8TpP0BvN1WIbG7pqNKZck7u6qSBfQN8jafiKPcdUKGpkJS7p7ExauwWkEBekv4j2LrrFVL286FZuLJO66amhlvdEv/fR3yqsCj8uTHqjvt37ifcgcQU5attGf7lm89THH8wMinavZzJ4Tiw/0MHEcvaIXSFpree/9SWvvD0BOliCUiArjIhmkuaILiP5nqzSf2RzMuHAbKVW1mhn3cvlLFpaVP1uTaNHSU1bQYSKbDS9pP81wEmpx/6kaT0Lmkrw9oj5IbkJs0FEjz53Cwy5qsTr6sRVuKqDzL9ziRVF7A19EcwwoJDCv18eENRg05Je9OjSsUihvcYnZodiibfprCwmqrxDDYzGN46FmhxnLrkSoSbZPJehmwKW51h3nQwdq+XqD55j754Vc1eiqVvB0RsfOIvO2/m1FU4nRHJ4yJk3ZO2XXUGSiT6z9d2IFr5sYPtSpTcUyNEkGt8Npuh+UO5Rf8DEfjI5qR9U2hn8grJ06uDMU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38100700002)(186003)(38070700005)(2906002)(66556008)(53546011)(7696005)(66476007)(66446008)(71200400001)(8936002)(316002)(64756008)(6506007)(8676002)(122000001)(4326008)(26005)(508600001)(76116006)(91956017)(55016003)(5660300002)(66946007)(33656002)(86362001)(110136005)(9686003)(966005)(54906003)(83380400001)(82960400001)(52536014)(20210929001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: e5O2SnJAFnetqjFXoIs7/T6Nd19n8xQWKF7LuZzGbUI2i/UMFtiMctToYUHQogDJKtcKSvVr721EUN7Htg3M2r+oAEYzrENTPdbr7Ki/RB0EUYyUInmq5xRnLdZAuQjIvCMHLQC8D/b/L7idIWZmo8EXw7B3xmcnMoasAS7dGonPuTNUYSHey9bhr66cTNyHAXTRyT+swteO4oqj66xrT04aKyx66Wr/uH9jFx0Y9hOS8QJH0g/BZdmTJxxLr9mc5AYn5kfrDg3CAh3/41xen7p3cBpIHtFLedO186dMIOhnLIXGch+WkaFkQ962ZqmH7ep24Bb10dLwPb1ACONQTg6U4CbhQr1xObIw1txASAZO3RLmdNJ9wJAEEyf7R8j8OEoQRTpQoG8epM4BdqwqvOjD+AQuaW1FCo3PUCHPNW8ZznxcCFlzF4qJCJr11Iv/DvCV3PFtCVxtFRhpRcroavRGtZu2IdpG9MlJCnZpVFzDQIXSPab0fvKept8mS097/SeyDVErJ/shSGRFMI2aY9WIRisl6Sdc6J37/DoMg10wXKlJP6BAYv9w/u+0anK3rSX7ZAN1R5yiHrAAriU5v1iIV44f4GiOJ86j9avpM21LoB2lHLsv6khLK+ga9wTWQ3ivLEz5tpZtRq0c+SjtIE8Utc99VblCqyY7hqWOP+iMVYYAPX/0zw57rf1mTH3M5HAxPvxmkwh4yXAInEBRSStkNytzOBlbFZDqA6bHgWrEBdTGZxIFwykxCjiYIa3JnX27cFF2qOLYRqkK4V4c9JPyFgrEXplPeGFIuu2E2YSi+VofJHFzwa4bY3U2pIUuKetOwABlKAk43jpQNQtmm8GlJQmHH9SIQfslzntASssRhwWAPQOjpMtlAcyhKVflnKGuk5Tou+RZ+EZD6H9XIypPbrhSyYfhfpJFCKupmi4nU1BBzmxnX56/DA+JG49N8oT2vk9AZQphCxM45MKe8DXKnhi6iVsFKeBfTRHhQszr83ENQjjdsuOiCCYCI9+NeLJjTf6YEvPgCDcnr1qHxr2gRTRRWecCy869HcOvZ3GPm3nsibZS7T1AnW+mjSdIgPTBVI1OI3vDb8+WITiWzANRb5WzIYZWr6rAA/b3lQ3KH2sAymCWftl/rIcWvVyKqo6Dvb/Zmr4822kabZW990Bmhgh5mw1yr8ao1UPnrUfd8stjcO9UNnTqPxfFNgpOcFzktUIIQaq4dx40yIE1oBNrm7Za2ZFARL5KeQs05LcZ8vxamajNcnCW8sgUfkJK8GGQP0kt9vojgkITnexwlf+jqbtQHnduOq5lmwePIeaE9KqNSqsNqYKnySXjm6K7hrGEBtyZns4vN3m04BwKMBI0H5TMGsZMbXQudcKF4GnrS5130G9BPCNM2vhzHnCsGy54290xJhC0pPI/n7DgRiYhfzX6uodAFCRz2RvqNotJccPqUF1BzdJeIJXiaaYU2SVsOcrjW1FOTySldTootmaBxB0HAPh2Tj6M31TuFBJlPnYYB1+dNpeTibcry7DCX99G/VIoNwMbZjzLQMe0gyeRrQceEyOJt/kPnoKQCYi8gQRRNh8FLuAotlaZ6qb/zVghJYsC+Xl6J0T8gtdXDw==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fc43333b-33da-4054-b0b7-08d9beeaadb4
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Dec 2021 10:15:39.5092 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kjuRyxkz8peMtu5Oap7xhkEDnQirlo6bPPp1YggiFMu5O/xhuEhhqQVG6oxDDdOIuLdZQQ3PPkF9YqV+AG9qhQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR0702MB3591
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/cvAwsge6y7fHfYXu9Fvgu4DG8Sk>
Subject: [Gen-art] some YANG thoughts on draft-ietf-opsawg-sbom-access-03
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Dec 2021 10:15:49 -0000
From: OPSAWG <opsawg-bounces@ietf.org> on behalf of Russ Housley via Datatracker <noreply@ietf.org> Sent: 13 December 2021 22:02 Subject: [OPSAWG] Genart early review of draft-ietf-opsawg-sbom-access-03 Reviewer: Russ Housley Review result: Almost Ready <snip> Note: I am not a good persone to review the YANG specification. I assume one of the YANG Doctors will have a look at this document too. <tp> You could say that there is no YANG Module as YANG Modules must be registered with IANA and the IANA Considerations in this I-D do not do so:-) So IANA Considerations must register the module as per YANG Guidelines Security Considerations must use the template referenced by YANG Guidelines The title in the revision reference clause bears little relationship to that of the I-D YANG prefix must be unique and should be easy to use; I think that 'mud-transparency' is about 12 characters longer than I would class as easy to use (e.g. mudtx) URL is insecure and to an obsolete web site (tools) No mention of NMDA or lack of support thereof Lots of abbreviations not expanded on first use In our modern pageless format, Section one would be easier to refer to with more subsections such as one for terminology with expanded abbreviations Why have a grouping and a uses which for me makes the module harder to understand? It is not as if this grouping is going to be imported in lots of places AFAICT. Tom Petch Major Concerns: Section 1 says: To satisfy these two key use cases, objects may be found in one of three ways: This lead to some confusion for me. Earlier in the document, it says: This specification does not allow for vulnerability information to be retrieved directly from the endpoint. That's because vulnerability information changes occur at different rates to software updates. After thinking about it, I realized that the objects do not include vulnerability information, but pointers to obtain vulnerability information. Please reword to others do not need to give it the same amount of thought. Minor Concerns: Section 1, first sentence: The reference to "A number of activities" is very vague. It is not wrong. Please be more specific, provide some references, or drop the vague reference altogether. Section 1 says: In the second case, when a device does not have an appropriate retrieval interface, but one is directly available from the manufacturer, a URI to that information must be discovered. s/must/MUST/ ? Nits: The terms "software" and "firmware" are used with essentially the same meaning in this document. If there is a difference, it needs to be explained. If they are the same in the context of this document, please say so. Abstract, last sentence: please add "(MUD)" and also a pointer to RFC 8520. Section 1, first sentence: The reference to "A number of activities" is very vague. It is not wrong. Please be more specific, provide some references, or drop the vague reference altogether. ______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
- [Gen-art] Genart early review of draft-ietf-opsaw… Russ Housley via Datatracker
- [Gen-art] some YANG thoughts on draft-ietf-opsawg… tom petch
- Re: [Gen-art] [OPSAWG] Genart early review of dra… Eliot Lear
- Re: [Gen-art] [OPSAWG] some YANG thoughts on draf… Eliot Lear
- Re: [Gen-art] [OPSAWG] Genart early review of dra… Dick Brooks
- Re: [Gen-art] [OPSAWG] some YANG thoughts on draf… tom petch
- Re: [Gen-art] [OPSAWG] some YANG thoughts on draf… Eliot Lear
- Re: [Gen-art] Genart early review of draft-ietf-o… Lars Eggert