Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sbom-access-18.txt
Eliot Lear <lear@lear.ch> Fri, 28 April 2023 18:45 UTC
Return-Path: <lear@lear.ch>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AEA8C15256E for <opsawg@ietfa.amsl.com>; Fri, 28 Apr 2023 11:45:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.088
X-Spam-Level:
X-Spam-Status: No, score=-7.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=lear.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vnuFIdBq9nGU for <opsawg@ietfa.amsl.com>; Fri, 28 Apr 2023 11:45:26 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [IPv6:2a00:bd80:aa::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26E8AC1BE894 for <opsawg@ietf.org>; Fri, 28 Apr 2023 11:45:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1682707522; bh=sDy1UfIf3aPL2tBBSsp93I/Hr5mY9jTWr2SlP9QMv/U=; h=Date:Subject:To:References:From:In-Reply-To:From; b=M5uhxgLKC+ptCk7CuwIujw2fZKww/KPUV+pUag2m7KSkQSoKTGKNskbfkdUfBtCWG iPP2rlEIAj/36v8VioZfNuY/deo7s5rM0VHVv+x6VR57UyGelGSSZ9WGr1aR0I25LJ 3bJUh6Bzp1KuTZrPDq+JimoMgAGl2o3AIssgCGRc=
Received: from [IPV6:2001:420:c0c0:1011::a] ([IPv6:2001:420:c0c0:1011:0:0:0:a]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-22ubuntu3) with ESMTPSA id 33SIjLff354033 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for <opsawg@ietf.org>; Fri, 28 Apr 2023 20:45:21 +0200
Message-ID: <93ec8c12-531a-317e-0130-61bd3dc2ce81@lear.ch>
Date: Fri, 28 Apr 2023 20:45:20 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.10.0
Content-Language: en-US
To: opsawg@ietf.org
References: <168270728434.50055.14139324263270906984@ietfa.amsl.com>
From: Eliot Lear <lear@lear.ch>
In-Reply-To: <168270728434.50055.14139324263270906984@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/22yottIR04IKUU0zjmzj9VF_AEg>
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sbom-access-18.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Apr 2023 18:45:31 -0000
This version makes the change for vuln-url to be a leaf-list. If we can let that soak for a week? Eliot On 28.04.23 20:41, internet-drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This Internet-Draft is a work item of the Operations and > Management Area Working Group (OPSAWG) WG of the IETF. > > Title : Discovering and Retrieving Software Transparency and Vulnerability Information > Authors : Eliot Lear > Scott Rose > Filename : draft-ietf-opsawg-sbom-access-18.txt > Pages : 21 > Date : 2023-04-28 > > Abstract: > To improve cybersecurity posture, automation is necessary to locate > the software a device is using, and whether that software has known > vulnerabilities, and what, if any recommendations suppliers may have. > This memo extends the MUD YANG schema to provide the locations of > software bills of materials (SBOMS) and to vulnerability information > by introducing a transparency schema. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/ > > There is also an htmlized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-sbom-access-18 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-opsawg-sbom-access-18 > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > > > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg >
- [OPSAWG] I-D Action: draft-ietf-opsawg-sbom-acces… internet-drafts
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sbom-a… Eliot Lear
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sbom-a… Dick Brooks