[Iot-onboarding] Fwd: New Version Notification for draft-lear-opsawg-mud-sbom-00.txt

Eliot Lear <lear@cisco.com> Mon, 18 May 2020 10:12 UTC

Return-Path: <lear@cisco.com>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D26F53A0A6E; Mon, 18 May 2020 03:12:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.7
X-Spam-Status: No, score=-7.7 tagged_above=-999 required=5 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id IF3wcTwoIc09; Mon, 18 May 2020 03:12:04 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 250793A0A6C; Mon, 18 May 2020 03:12:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8748; q=dns/txt; s=iport; t=1589796724; x=1591006324; h=from:mime-version:subject:date:references:cc:to: message-id; bh=xxpW0xl+YMGxMYeKMNVgRIwcWq9l4lPHv6zaDMZFZ34=; b=LBtJXJRxRyyu9K54thuujs0/jEEt7r+sgniPMkQYZKwx+HV7ONRqi0aI NMyIj5JzYiCs//jxYB6D5O10zVZTmb3fQR1DDQoN/4/FtoVagYHlq8QKw 0SYOh+aFGd/ivzTgmoYGBxgTzAjyJqr9T0Iq1beYK56VgygIGnYZ9FTST c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.73,406,1583193600"; d="scan'208,217"; a="23968253"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 May 2020 10:12:00 +0000
Received: from [] ([]) by aer-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 04IABxdJ025681 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 18 May 2020 10:12:00 GMT
From: Eliot Lear <lear@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_504AF03E-D2F1-4EB6-9071-BCA5B722A8F8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Date: Mon, 18 May 2020 12:11:59 +0200
References: <158979632988.13399.5709754050042133625@ietfa.amsl.com>
Cc: "Rose, Scott W. (Fed)" <scott.rose@nist.gov>
To: opsawg@ietf.org, mud@ietf.org, iot-onboarding@ietf.org
Message-Id: <8239B081-5DC8-46E5-AC5C-44C3CC2CB0BB@cisco.com>
X-Mailer: Apple Mail (2.3608.
X-Outbound-SMTP-Client:, []
X-Outbound-Node: aer-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/83NpumDDBk24lvpfSZHsWoHS85g>
Subject: [Iot-onboarding] Fwd: New Version Notification for draft-lear-opsawg-mud-sbom-00.txt
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 May 2020 10:12:07 -0000

Hi everyone,

Below is a draft that Scott Rose and I have co-authored.  Its purpose is to help deployments identify software bills of materials (SBOMs) when they are available.  An SBOM is a software inventory that includes some additional meta-information, such as what dependencies a component may have.  The idea behind SBOMs is that they can provide licensing status to developers, and some notion of vulnerability status to everyone (and I mean everyone).

MUD is ideal as a discovery mechanism.  The goal is not to create new ways to retrieve the information, but simply to advertise what ways are available for a given device.


> Begin forwarded message:
> From: <internet-drafts@ietf.org>
> Subject: New Version Notification for draft-lear-opsawg-mud-sbom-00.txt
> Date: 18 May 2020 at 12:05:29 CEST
> To: Scott Rose <scott.rose@nist.gov>ov>, Eliot Lear <lear@cisco.com>
> A new version of I-D, draft-lear-opsawg-mud-sbom-00.txt
> has been successfully submitted by Eliot Lear and posted to the
> IETF repository.
> Name:		draft-lear-opsawg-mud-sbom
> Revision:	00
> Title:		SBOM Extension for MUD
> Document date:	2020-05-18
> Group:		Individual Submission
> Pages:		14
> URL:            https://www.ietf.org/internet-drafts/draft-lear-opsawg-mud-sbom-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-lear-opsawg-mud-sbom/
> Htmlized:       https://tools.ietf.org/html/draft-lear-opsawg-mud-sbom-00
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-lear-opsawg-mud-sbom
> Abstract:
>   Software bills of materials (SBOMs) are formal descriptions of what
>   pieces of software are included in a product.  This memo specifies a
>   means for manufacturers to state how SBOMs may be retrieved through
>   an extension to manufacturer usage descriptions (MUD).
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> The IETF Secretariat