IETF Logo Mail Archive

Re: [OPSAWG] please see draft-lear-opsawg-ol on licensing

L Jean Camp <ljeanc@gmail.com> Fri, 04 June 2021 13:41 UTC

Return-Path: <ljeanc@gmail.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F23A93A1101; Fri, 4 Jun 2021 06:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tfxq1UiYmmA8; Fri, 4 Jun 2021 06:41:29 -0700 (PDT)
Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com [IPv6:2607:f8b0:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47D8D3A10FE; Fri, 4 Jun 2021 06:41:29 -0700 (PDT)
Received: by mail-oi1-x236.google.com with SMTP id c13so4227515oib.13; Fri, 04 Jun 2021 06:41:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=Wg5ihB0fellbq3IT5xnQJ8UEmFJzn8Y5lmD/V7C/fkg=; b=GC/rCNT4et1dfnITb8vZS0RGU+V235Oc4jtDXGvfR4PTw08BYxqogNl9r21BYd921l 1C7VP7m5fM+3Yvb8igjVADK7VBAy81+dVoc5m4GeRnPahPUMTJ9jFYNT2KbjaUuEr36I etXbp7cKGTzG/LRL5RSXwqSFQJkNNpDdUzN4OeiUN4It6BP+jCHOicab9mYm4VQbozyZ zNbTOBeHAavgMARI+2y+xDxf5NV6/c2/ld+zn3Ry25McLPowPNlwMOlwF0JASZE0PrTp Bw5fSqWQCV3KAul1aBzG2TiSv0ZW7d95tfN+fPfPCCGaCmoIlLSLZtCgoT7gt39wrW/E OW8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=Wg5ihB0fellbq3IT5xnQJ8UEmFJzn8Y5lmD/V7C/fkg=; b=JMin+wt4koow8VPB65RdTmC04LyFzn1qVLmQ7hbopIFZR17Q89fcIbMl2skRY9CaXi p3X+ZGIyGVkGpWrit4JtO/DZIvObEt48BqW0nK6K2w0rhbYAM6m/0XsHMD8BrrwPL9UN eQSk1mgvkQC9VR3LEq1OJPj5fnctJfB4rLjaWkCbk+wRbLdVRlX637NCaBz6AE87IT98 jfAVb6Q4Py0KtNzSCVFC7roYnfyP90r2RtHf5RuPz7lzSDlLgBZO0TXE6C1NzimiU8x/ Wvuyam3fiAhunJpu13txQ9ZN34wmfJHp0g+PXSALLmsrIYDyL9zIh+xqpqPvn6WhuZPA 1oTQ==
X-Gm-Message-State: AOAM533shOkh3MZ0MhJhKGckGvd80uew2xeWsDaRKp0i08aU7nCj1UWq IWuPDbIrDYjxBg8Npc7vLLAKpVtQV598FRXnOPF/t2DkHYUTrA==
X-Google-Smtp-Source: ABdhPJwnLTBW+2+1vYRQD3mgumc71+W8QITxC6DMtCzfSMEOYxmD2T5vDb10B8KE5ZWEsumW1gplftxJhhZXVOelkHc=
X-Received: by 2002:a05:6808:1308:: with SMTP id y8mr3097265oiv.45.1622814087574; Fri, 04 Jun 2021 06:41:27 -0700 (PDT)
MIME-Version: 1.0
References: <340b29f4-e867-6a5d-b45c-8c8b9e45eb47@lear.ch> <CACQRC40oYOBTL7Yw9uFF1WwTv+u4AmJxfc-h8dhZkh5+TVyU-w@mail.gmail.com> <70188F34-2E70-49A8-B324-5FBF34705293@tzi.org>
In-Reply-To: <70188F34-2E70-49A8-B324-5FBF34705293@tzi.org>
Reply-To: ljeanc@gmail.com
From: L Jean Camp <ljeanc@gmail.com>
Date: Fri, 04 Jun 2021 09:40:52 -0400
Message-ID: <CACQRC41yJZhq-jkke_jyKcse+G1WCOOTqCGXMbWnFUKnsguUsQ@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: Eliot Lear <lear@lear.ch>, "opsawg@ietf.org" <opsawg@ietf.org>, netmod WG <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000039faf905c3f0d9ad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/5K__ZKWOcqQ0PyGDO6qg-D-ZQUQ>
Subject: Re: [OPSAWG] please see draft-lear-opsawg-ol on licensing
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2021 13:41:34 -0000

If MUD is only used to obtain the SBoM then there is already a license of
the MUD-File (and a place to seek updates) in that case because the
MUD-File that is obtained is itself a bom.  So including licensing
information about the MUD-File is a structure that will require repeating
information that is already embedded in the file itself, and thus increase
the chance of conflict.

The component licensing in the (why are there 2? I do not know) data
structures are just YANG specifications to enable consistent XML or JSON
descriptions of licensing requirements, enabling a list to  point to
licensing of the SBoM itself as well as any level of specific per-component
or sub-component licenses.



On Fri, Jun 4, 2021 at 7:44 AM Carsten Bormann <cabo@tzi.org> wrote:

> On 2021-06-04, at 13:21, L Jean Camp <ljeanc@gmail.com> wrote:
> >
> > Given the explicit inclusion of licensing in the data structures of SBoM
> I think that SHOULD would be too strong in the case that MUD is extended to
> SBoMs. Both SPDX and CyCloneDX are integrating licensing in a more nuanced
> and consistent manner.
>
> The current discussion is about the license under which a MUD file is
> offered, not about the licenses governing the components of an SBOM.
>
> > SHOULD would create  a conflict with the extension unless there is an
> alternative in the SBoM extension data.
>
> Unless you envision an SBOM for the SBOM, I think we are clear.
>
> (But we sure can try to be consistent with license description schemes
> employed by SBOMs.  Please tell us more about those.)
>
> Grüße, Carsten
>
>
>

v2.23.0 | Report a Bug | By Email