Re: [mile] review-- ROLIE Vulnerability Extension

"Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov> Wed, 15 May 2019 16:13 UTC

Return-Path: <stephen.banghart@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40ED412008D for <mile@ietfa.amsl.com>; Wed, 15 May 2019 09:13:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HIpux89mce3g for <mile@ietfa.amsl.com>; Wed, 15 May 2019 09:13:15 -0700 (PDT)
Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830115.outbound.protection.outlook.com [40.107.83.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6664A12014B for <mile@ietf.org>; Wed, 15 May 2019 09:13:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DfqzAv+5k9xDkNphfknzc7MMu9Cl9BdQRWOfgsCbyro=; b=n5Yk3ce8ljFBRImJRcfhH4sdMRN1hRkfO4BqiFBK1UJGsWuKFjvpZgVmtPD41uZQgUqpBEz+0xv7m0KFdyAJzFDjXrU2F4EIqEu0VqrqvDXUPOsktimuyUrnccNisK6QYxU1R1YIREQ7V9SylePSzX1h5j4JSYxf9jWdX1cvCag=
Received: from BN3PR09MB0609.namprd09.prod.outlook.com (10.160.120.12) by BN3PR09MB0339.namprd09.prod.outlook.com (10.160.115.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1878.21; Wed, 15 May 2019 16:13:11 +0000
Received: from BN3PR09MB0609.namprd09.prod.outlook.com ([fe80::f86e:37e4:206:8d13]) by BN3PR09MB0609.namprd09.prod.outlook.com ([fe80::f86e:37e4:206:8d13%6]) with mapi id 15.20.1900.010; Wed, 15 May 2019 16:13:11 +0000
From: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
To: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, "mile@ietf.org" <mile@ietf.org>
Thread-Topic: review-- ROLIE Vulnerability Extension
Thread-Index: AQHU/ELTNiwdsQwaB0GKY7Uek98OS6ZseM6w
Date: Wed, 15 May 2019 16:13:11 +0000
Message-ID: <BN3PR09MB06098B32BC9E2DB7717C2EF4F0090@BN3PR09MB0609.namprd09.prod.outlook.com>
References: <CAM+R6NUCaEiQ9SAz_-iFP3YLqpCdioDwcp3kvb0Vw9V70dyAWQ@mail.gmail.com>
In-Reply-To: <CAM+R6NUCaEiQ9SAz_-iFP3YLqpCdioDwcp3kvb0Vw9V70dyAWQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=stephen.banghart@nist.gov;
x-originating-ip: [129.6.110.122]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 096e5ece-b97f-4278-8a72-08d6d9503a2a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:BN3PR09MB0339;
x-ms-traffictypediagnostic: BN3PR09MB0339:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BN3PR09MB03396881FD26A84B6258679FF0090@BN3PR09MB0339.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3513;
x-forefront-prvs: 0038DE95A2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(366004)(346002)(136003)(396003)(189003)(199004)(51914003)(51444003)(66446008)(71190400001)(25786009)(76116006)(66476007)(66556008)(64756008)(66946007)(71200400001)(73956011)(76176011)(11346002)(478600001)(446003)(486006)(6436002)(476003)(7696005)(99286004)(66066001)(54896002)(9686003)(6306002)(110136005)(102836004)(6506007)(55016002)(53546011)(14454004)(186003)(229853002)(26005)(8676002)(316002)(7736002)(68736007)(86362001)(5660300002)(33656002)(52536014)(8936002)(256004)(81166006)(81156014)(53936002)(2906002)(3846002)(6116002)(74316002)(790700001)(6246003)(2501003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR09MB0339; H:BN3PR09MB0609.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: RSouQ62RLbUcgrxKBZMNeRCXsV5p23bU86Q8e8Fj/soApr5XoMvkUHN7b+8lM7IY0In3323fQEPRbaotXBE038xnfXbGACbt0/GBoZgdnRRErlrldbhnLfq4wsOqQRLMymbg8I92afUJaMZkdOa+F+xpdnk5eEt55HyNlLETC8yQfJKq7PQjMvWSM/VMUMItOIlOuMgTH3MCEHziD7WK6Wpib4zPNhDEaT87wZuny1FTyjM/RNYwG+i0GBYWc0hsBtIAoIRxtFxQkn2hmKIzvPG1aXT/9HHaOptcrjtkuJ7R5vc2kUTveDwjJb9C0jsGt2CmLXDcb+BGGfHAg8cx0IFmOD7VazK8XEC8HO/Nf4Npo/nL/J3YTDd5A+nGjz3CKSUrmqDCGpFHVuVT78AhOOKgd4tLXvZRiqrsgkPcpEM=
Content-Type: multipart/alternative; boundary="_000_BN3PR09MB06098B32BC9E2DB7717C2EF4F0090BN3PR09MB0609namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 096e5ece-b97f-4278-8a72-08d6d9503a2a
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2019 16:13:11.3379 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR09MB0339
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/blnIFqWbNRflxzg2Ty8Ooe7X2oM>
Subject: Re: [mile] review-- ROLIE Vulnerability Extension
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 16:13:18 -0000

Jess,

Thanks for the review. I’ve fixed your editorial notes.

In Section 6.2 I will be adding some property names, and have it fleshed out for the next version.
For the references in Section 8, I think that it’s a byproduct of how I’m handling my non-RFC references in the source XML. I’ll have to take a pass and patch it up.

Thanks,
Stephen

From: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>;
Sent: Friday, April 26, 2019 11:15 AM
To: Banghart, Stephen A. (Fed) <stephen.banghart@nist.gov>;; mile@ietf.org
Subject: review-- ROLIE Vulnerability Extension

I promised to review the ROLIE Vulnerability Extension during the MILE meeting in Prague. Comments are below. Please let me know if you have any questions.

Thanks,
Jess
--------------------------------------------------------------

Section 1--
    The sentence beginning "Today, a number of formats" is a run on sentence.

    Ditto the sentence beginning "This extension does not attempt".
Section 3--
    Paragraph 1-- change "as per" to "per"
    Paragraph 2-- s/"Provided below is a non-exhaustive list of information that may be considered to be of a vulnerability information type."/Below is a non-exhaustive list of information that may be considered vulnerability information."
    Last sentence of section 3 ("Note again that. . . ") is a run on sentence.
Section 4--
    Data Format Requirements-- you say "software descriptor" when I think you mean " vulnerability descriptor". Maybe a copy/paste error?
    Section 4.2.2- s/"utilize"/"used"
Section 6.2-- will you be asking for any new rolie:property names? If so, I would at least create a TBD section here, as a placeholder.
Section 8-- this is super nitpicky, even for me, but is there a reason to use lower case references? It stuck me as unconventional, particularly since you capitalize the RFC references.