[mile] review-- ROLIE Vulnerability Extension
Jessica Fitzgerald-McKay <jmfmckay@gmail.com> Fri, 26 April 2019 15:14 UTC
Return-Path: <jmfmckay@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13DC112051B for <mile@ietfa.amsl.com>; Fri, 26 Apr 2019 08:14:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20ubEGAzmebB for <mile@ietfa.amsl.com>; Fri, 26 Apr 2019 08:14:57 -0700 (PDT)
Received: from mail-it1-x12a.google.com (mail-it1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E28D1205CC for <mile@ietf.org>; Fri, 26 Apr 2019 08:14:57 -0700 (PDT)
Received: by mail-it1-x12a.google.com with SMTP id q19so6321718itk.3 for <mile@ietf.org>; Fri, 26 Apr 2019 08:14:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=oeMp9OzrxXGNpsQLA5vYI6nVGofVrIhqwFgc9bkFP4I=; b=sXzzxaTyYXt1tdljuP9AVBA97A4zdeJFyYLsSnaaSgAhFQUhV0NsaMVHRPjg1xhSxK XJq3ZdLwQ1g0rRnUzcAFRJEQQih6QWMkAaH57bd3DFUdAC68wqw/M8sWrmFY6aLLwlTv mC2JGWezX6sUl8srF99fxE5qTmj+QyfKKsBkIxOE6mXJJuR48t946V2OX4L5ftbLF+Ts CipDIXjXh1Xa5WHB1usR5SFPhQwcskiPs/KU9gyGB8CHVmhckZLuXiaD4HoNjJmSZsVC s4Awm0+iLWdn4SLXbDeVsrLn3qkQwmykjLHrWplXvfxm4ww4AVldVnnS1y7fbC9Z36F6 U/7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=oeMp9OzrxXGNpsQLA5vYI6nVGofVrIhqwFgc9bkFP4I=; b=cqOz6Gj6gPWizMYhQYoER2qGCTReFfQpTUwji6xXer2LDEt3coNq2w9r2Q9nZCr6l9 MID4VCcB+ifHWtRjBGQhRuKtIeMgRf31l0CYvDa9YbTdIFNtlRQ1i0sN6Xqu3yZUbzcy 3GbvpgMBfkQWwqySQ+ptuukzNESBdrTut4NhSww5v0DV1XK9jeuHhZUsurGtTIkc5oU7 pYGQ1AoHyB7cgLTzVNXEYq7SfS2m8qIZPRfH+RDQXKKXAR4p0XdBHyBLNG0oqEhKKs3N XTQmHrxLCa8h/+kmTBJvt187w46I6NBiTcGkQGrTBkGeHvy4BNX8bhmDV2RQFwKpiSXX UhsQ==
X-Gm-Message-State: APjAAAVgsLG7mqqm+BxWzGxzvvxRMAuO/vbPMdk5ALLZYDSs30mfIb7r 2bL3g+osymxEz0lmueCDOjEmmFr1ow75cER4eHE=
X-Google-Smtp-Source: APXvYqx12kW8RjpEVCz92eYewP7OkhbjAqtiatFdDR91u3E8eZ/0+nwGl3V60CS7YaxuaWboK/K/79p6+F8DbfMPTsA=
X-Received: by 2002:a05:660c:350:: with SMTP id b16mr8130969itl.29.1556291696676; Fri, 26 Apr 2019 08:14:56 -0700 (PDT)
MIME-Version: 1.0
From: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>
Date: Fri, 26 Apr 2019 11:14:45 -0400
Message-ID: <CAM+R6NUCaEiQ9SAz_-iFP3YLqpCdioDwcp3kvb0Vw9V70dyAWQ@mail.gmail.com>
To: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>, mile@ietf.org
Content-Type: multipart/alternative; boundary="000000000000bf520a05877065a9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/WHoAdq0xrNz75vr8MeX3_yomCWI>
Subject: [mile] review-- ROLIE Vulnerability Extension
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2019 15:15:08 -0000
I promised to review the ROLIE Vulnerability Extension during the MILE
meeting in Prague. Comments are below. Please let me know if you have any
questions.
Thanks,
Jess
--------------------------------------------------------------
Section 1--
The sentence beginning "Today, a number of formats" is a run on
sentence.
Ditto the sentence beginning "This extension does not attempt".
Section 3--
Paragraph 1-- change "as per" to "per"
Paragraph 2-- s/"Provided below is a non-exhaustive list of information
that may be considered to be of a vulnerability information type."/Below is
a non-exhaustive list of information that may be considered vulnerability
information."
Last sentence of section 3 ("Note again that. . . ") is a run on
sentence.
Section 4--
Data Format Requirements-- you say "software descriptor" when I think
you mean " vulnerability descriptor". Maybe a copy/paste error?
Section 4.2.2- s/"utilize"/"used"
Section 6.2-- will you be asking for any new rolie:property names? If so, I
would at least create a TBD section here, as a placeholder.
Section 8-- this is super nitpicky, even for me, but is there a reason to
use lower case references? It stuck me as unconventional, particularly
since you capitalize the RFC references.
- [mile] review-- ROLIE Vulnerability Extension Jessica Fitzgerald-McKay
- Re: [mile] review-- ROLIE Vulnerability Extension Banghart, Stephen A. (Fed)