IETF Logo Mail Archive

Re: [OPSAWG] Éric Vyncke's Yes on draft-ietf-opsawg-sbom-access-15: (with COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Mon, 24 April 2023 10:31 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2DEEC1516F3; Mon, 24 Apr 2023 03:31:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.896
X-Spam-Level:
X-Spam-Status: No, score=-11.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="UkAeqPvf"; dkim=pass (1024-bit key) header.d=cisco.com header.b="fKCvbqOf"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tkMc_gFb174X; Mon, 24 Apr 2023 03:31:12 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E7BEC14CF09; Mon, 24 Apr 2023 03:31:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6068; q=dns/txt; s=iport; t=1682332272; x=1683541872; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=NL7HtZ2NsFm8H06W7yqTnmPbcywrNBZbY5unYY26b/I=; b=UkAeqPvfeytxlUDG8Il3KFEeRdXWYlEjSDvnvH/LkwM8F7dVTdiT/Zma kr4kxbev2yIpyGPXkTM4ygnO+uLUxfxSDiEuV1RqsRU4WpLN78lE2h4N5 TB+L9ywz4J61AOJByvKia+ij32y4dMFahM+5s1JhL2JBozfagARXUzHUQ U=;
X-IPAS-Result: A0ATAABjWUZkmIENJK1QChwBAQEBAQEHAQESAQEEBAEBQCWBFgcBAQsBgVsqKHMCWDxGhFKDT4ROiRcDgSmcMxSBEQNCFA8BAQENAQE7CQQBAYISgnQCFoUlAiU0CQ4BAgICAQEBAQMCAwEBAQEBAQMBAQUBAQECAQcEFAEBAQEBAQEBHhkFEA4nhWgNhgMBAQEBAgESEREMAQEpDgEPAgEIGAICIwMCAgIwFAEFCwIEAQ0FFggEglwBgjkjAwEPnzsBgT8CiiB6gTKBAYIIAQEGBAWBTkGdFAMGgRQtAYdSemSDOTaEMScbgUlEgRUnDBCBZoECPoJiAQEDgSgBBwsBIRUCg0Q5gi6WD4EzdIEngTGBBAIJAhFDKIEQCGWBc0ACDWQLDnCBRYMXBAIUNA4MFwVCNwMZKx1AAws7Oj01FB8GRAIfEYFZBC+BUQoGASUklSQWgVQNgUUEIhkQCFM+NBULHREZSwOSLwocgz6Yc5IJgjQKg36LcpUVBC+DfYxmkUyGMWKGAZF3II0zlGArCAuFBgIEAgQFAg4BBzWBLjprcHAVOyoBgggBAQExUhkPjiAHEh5vAQiCQ4UUimVDMj0CAQYBCgEBAwkBgjmJCwEB
IronPort-PHdr: A9a23:jvtNYReCo6FUQiZaKodlgG29lGM/foqcDmcuAtIPgrZKdOGk55v9e RaZ7vR2h1iPVoLeuLpIiOvT5rjpQndIoY2Av3YLbIFWWlcbhN8XkQ0tDI/NCUDyIPPwKS1vN M9DT1RiuXq8NBsdA97wMmXbuWb69jsOAlP6PAtxKP7yH9vfkdWx3OO/05bSeA5PwjG6ZOA6I BC/tw6ErsANmsMiMvMo1xLTq31UeuJbjW9pPgeVmBDxp4+8qZVi6C9X/fkm8qZ9
IronPort-Data: A9a23:W61Y+KN6JMNwwYzvrR1tl8FynXyQoLVcMsEvi/4bfWQNrUon12dVx 2tLUW/Xaf6IMDP1KNEnOYWxpkhSsZDSx4RhGnM5pCpnJ55oRWUpJjg4wmPYZX76whjrFRo/h ykmQoCcaphyFBcwnz/1WlTbhSEUOZqgG/ytWYYoBggrHVU/EHt71Uo68wIEqtcAbeaRUlvlV eza+6UzCHf9s9KjGjtJg04rgEoHUMXa4Fv0jHRnDRx4lAO2e00uMX4qDfrZw00U7WVjNrXSq +7rlNlV945ClvsnIovNfr3TKiXmTlNOVOSDoiI+ZkSsvvRNjhUcyLYrG9MkUBtS0RKHlMxBz ep8t4PlHG/FPoWU8AgcexBcFyc7Nqpc9fqWZ3O+qseUiUbBdhMAwd03UxpwZtNeo70xWDsfn RAbAGhlghSrivynxrm4R8Fnh98oK4/gO4Z3VnRIkW+DXKZ3HMirr6Pi5vlkgh1uiJp1M6j5a JoSeBlVZRjhbEgaUrsQIMtuwLj37pXlSBVfsEmcuqVy6GjazRZq+LngLNSTfcaFLe1Shl2Ru W3u/mnlDFcdLtP34Taf+3yww+7CgS2+X5oJHaK3s+Vgh1jWz2cYBQYNfVq2vff/jVSxM/peJ lcb0isjsaZ081akJuQRRDWxpHqC+xUbQdcVQqsx6RqGzezf5APx6nU4oiBpUfI8pN8ZbAQTi lrTuN3iGQxqj4yXVifInluLlg+aNS8QJG4EQCYLSwoZ/tXuyL3faDqTE76P94bo17XI9SHML yOi93Ju2ulP5SIf/+Dqow2W0mrESo3hFFZd2+nBYo6yAuqVjqaKbpas4F7XhRqrBNnEFgXa1 JTodjT30QzjJZiJkCrIS+IXEfT4of2EKzbbx1VoGvHNFghBGVb9Iei8Axkney+F1/ronxezM Cc/XisKufdu0IOCN/MfXm5II51CIVLcPdrkTOvISdFFf4J8cgSKlAk3Ox7KhT+xzhJ8z/lkU Xt+TSpKJStBYUiA5GfpL9rxLZd3rszD7TqJHMuin0jPPUS2PiLKGd/pz2dinshgvP/b/205A v5UNtCBzF1EQfbibyzMmbP/3nhURUXX8ave8pQNHsbae1IOMDh4W5f5n+h7E6Q7xPs9qws91 iznMqOu4ACh1SSvxMTjQi0LVY4Dqr4j9ytrYnB1YQ31s5XhCK72hJoim1IMVeBP3MRozOV/S L8OfMDoPxiFYmivF+g1BXUlkLFfSQ==
IronPort-HdrOrdr: A9a23:N86sGqPKlFujisBcT2X155DYdb4zR+YMi2TDiHoedfUFSKOlfp 6V8MjzjSWE9Ar5OEtLpTiBUJPwJU81bfZOkMUs1MSZLXbbUQyTXc5fBOrZsnDd8kjFl9K1up 0QC5SWZOeAb2SSyPyKnTVQcOxQjuVvkprY/ts2pk0FJWoLGsJdBkVCe3ym+yZNNW577O8CZe OhD7181lydkBosH6GG738+MtTrlpnurtbLcBQGDxko5E2lljWz8oP3FBCew1M3Ty5P6a1Kyx mEryXJooGY992rwB7V0GHeq75MnsH699dFDMuQzuAINzTXjBqybogJYczAgNl1mpDs1L8Zqq iJn/4SBbU115oXRBDynfLZ4Xik7N/p0Q669bbXuwq6nSWzfkNFNyMIv/MpTvKe0TtggDm5u5 g7hV5wcPFsfEj9dG6W3am5azh60kWzunYsiugVkjhWVpYfcqZYqcgF8FpSC4poJlOz1GkLKp gZMCjn3oceTXqKK3TC+mV/yt2lWXo+Wh+AX0gZo8SQlzxbhmpwwUcUzNEW2i5ozuN2d7BUo+ Dfdqh4nrBHScEbKap7GecaWMOyTmjAWwjFPm6eKUnuUKsHJ3XOoZjq56hd3pDgRLUYiJ8p3J jRWlJRsmA/P0roFM2VxZVOtgvARW2sNA6dvf22J6IJzoEUaICbRBFrEmpe4PdIi89vcPHmZw ==
X-Talos-CUID: 9a23:EFp6C2Aw0qQ9aEj6ExBJ7l4ENekdSyHYllDeKFOIDFlYSqLAHA==
X-Talos-MUID: 9a23:A0gAvQ9K/aHBjrkbuRvVvkeQf8RO3/qEVk5XqrtYnMbUPj1TAT6RrTviFw==
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Apr 2023 10:31:10 +0000
Received: from alln-opgw-2.cisco.com (alln-opgw-2.cisco.com [173.37.147.250]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 33OAV8Qd007902 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 24 Apr 2023 10:31:09 GMT
Authentication-Results: alln-opgw-2.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=evyncke@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="5.99,222,1677542400"; d="scan'";a="560564"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RDsrg2XW+YEpU3H7FhJzE86Kqvst6qUvfwC9Kldlkoh75K91aV5yi1zRAsibicrhkEKgH7Y4PwMGA4b4XRHN8kgvpsRwFHpd8NvQ5juBAnvFsjPfnSN3m6lu0VOVoOYgXauVvs1ItLLPStJW3fdOkR85dBihBtaRP/4XxHHnJAmfVOHIJC53Twy6TwGOC+81nNxSo5Eo1lPstQt+p/RIueXEsq7ZnT3TxNol7HtuO1uKESKsfn1JEd6qBecq5t/kAaLlJWEVwAObTZI2Ao/GQhAxv4TinBdq40bxw+sbWDlg38E1GfOFMA5zvoM7Ml4qkOa8K6cQAHBfXlHtHCahbQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NL7HtZ2NsFm8H06W7yqTnmPbcywrNBZbY5unYY26b/I=; b=L0g/dl/HY5NO0ke+00PxZbF8cAsL+WbKDg60Snr+zHkWuw1ORQEXIHowY2PT6VAcWlpeK5bvjYxhPdKRbeBirY5Jezz/gxcZyfx+0YZaSLKzIPyGhX+tcV6HamJOM55nrKcbWxrLnH3xjuQOxO8XvEtswn2G3/F2PWSgD94Q0CyovG30tbfrg4ijaZPdTtNqobBmM7Aesghc5I0OI187mP9dryb127u7indGqm6I3n5c3ngdVG+3NN/P+XJLNHAc0WjflTsPRCPdOCki+p1Sd/frYHM1we7uF1h2ZyUulYvCKxM7UNy9YDHz3RGOJPGVX80Ks+lSYOI0aCJnRUGEdg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NL7HtZ2NsFm8H06W7yqTnmPbcywrNBZbY5unYY26b/I=; b=fKCvbqOf6nTFpuyorausra51KVZ9uYevZgSiyXZVsGvYQdlPk+6OojiA2SZGabANviM7glP66+z6BE7jpPd3n/q3Rji9/dGv+PtaBknbM1IhAItk7E87S6wxDWTg5ep+SV54E/Yh9cvsapIkfUoRXGoc0Pyz76mwORxFBVDRExM=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by CY8PR11MB7196.namprd11.prod.outlook.com (2603:10b6:930:94::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33; Mon, 24 Apr 2023 10:31:05 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::a041:7f04:7c60:ca38]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::a041:7f04:7c60:ca38%6]) with mapi id 15.20.6319.033; Mon, 24 Apr 2023 10:31:05 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Eliot Lear <lear@lear.ch>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsawg-sbom-access@ietf.org" <draft-ietf-opsawg-sbom-access@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>
Thread-Topic: [OPSAWG] Éric Vyncke's Yes on draft-ietf-opsawg-sbom-access-15: (with COMMENT)
Thread-Index: AQHZdo/YEDqrGgi/JE2ZyOcQjahoL686ZCaA
Date: Mon, 24 Apr 2023 10:31:05 +0000
Message-ID: <CEA17792-C2A3-4878-8251-DE8F7DE7BA3D@cisco.com>
References: <168232642126.49973.3794267032564521950@ietfa.amsl.com> <a1386335-ce58-31ec-53a0-d82e52e22b48@lear.ch>
In-Reply-To: <a1386335-ce58-31ec-53a0-d82e52e22b48@lear.ch>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.72.23041401
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB4966:EE_|CY8PR11MB7196:EE_
x-ms-office365-filtering-correlation-id: f2d40fff-1d2a-4505-7efd-08db44af029d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: P9r8CdJxM8gKthsRpJRasJEPfMwp7n3GfJh+12qT/JVtdY51mKqHNEkwZA7SPP6VZzW5F+qFNmacysHDPXmA12Y9LMn7Po9CA9WfwQGpnKW6x6RBULfJYmmGOXkXZospz86Yud6uFltSOas0b+CNw1bOxgs7zEMJ87DFoyYKlW8Bss0l6Nj1EHFCSeVoDAia+zV7y3cIyg3vb1SmuyMER2xGit04RR9v8QEAediIVsNKmTheNKMoSjadpsE6GN9c+/L/gYLZdRUMfxchDqJUXD0iQXySv3aQZY/r+CF5OrJdoDGkuHjDVO8kGst7WFdtr3ydTubSpLpBf+rwXIG9YvDu+t6RUSvx18LmPw2kVusrn8EaB5fGRZQtDLGNtRTM3vIC+FiVIphUuCA9PrYt8C5XbIzPt24X6vhlrk7ZkZ4QhX/jkCbjU0SIXDoEVylmL3dow9fx398JFxV4C5tATFDyi758ONU8tGL4FavlG39xMaqg9U44bN5I/RnMgGvrLT/uZcrytHkPLEu3nFnd3M1lcaesNINahX/xdPJjbBN7ydgelUBlZGMgKUMtaUjvMYJcWTZY6mpeHy9MOh5AyEi55kNPYCki/7oSXVGuWC2xoAlG57NZLw+UkVdZeMPKJOSu0ID+HafIetJ/whUFQ4EkPEFeCWc9A50aAF5TK1M=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(376002)(346002)(136003)(396003)(39860400002)(366004)(451199021)(54906003)(36756003)(110136005)(38070700005)(478600001)(316002)(91956017)(4326008)(76116006)(64756008)(66446008)(66476007)(66556008)(66946007)(122000001)(41300700001)(2906002)(8936002)(224303003)(5660300002)(38100700002)(2616005)(966005)(6512007)(6506007)(53546011)(86362001)(186003)(33656002)(83380400001)(71200400001)(6486002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ZHzqNVQa6lRzjAMZcf7p7jZ8fR8LFXuHxTXpL/x/QWqrmoyMVXAjv7yoQmRxSsXJtH6Vb2CHWwUCOZJr8ctnhKXQwsGdNkyi4oLhTc+xlndo//AnwKI4PnZHznO02xEYtyAeeb0WP7xLqCW93S4KunUZ1X5i+2FuJ9HT2PvPtJfnA3+kIra68/rneKGMjLUF4yUnZv+jNozWoONyyoMBTlL9OBLB8ONjNxl8HtTfQXEYQU5jEe8gkYEqtMmUUviIw4l2H1dPc5MEKtgxb/wdrVN4i4gSlaJ5McuvtVY1OWIM68btzx9xwMJRmJ/qiHJQUHntDeskFJkbZvPaCvb6gi+TEP+JHBLKCNZBqgbruTIA6TCGKPg6P4J2T0SZAvOc4C84lC/Pmzn2CAY/jIyZXBuRvRm0vF1sbfjw3nM6Th9h7WGQvETY+Ssghgb6QG5/a7DAqel9X89CIRedxf3sppwm6LWDGRwQTzzs1rwljCxdsz8nK3t+W7RulLg1fBtDeW9upV/m2PQybAbAEFofyG6cVW1rdFkzs+ei0XxMIcrbcJt9YySMKN30Sbo2HE1LErzDRMR7vISvA9w3BxKSl/VEBBiR2ea+qmEJokkS1WIxITSjoZRlakFsqRQEAInkYTFjEJUUI63UjydqnpERmuhKzWmr9/Pbvhy5v4EncKIqGHYpaGk67xcRPOPa1FcVu4XZsQ6TsfWtpdyZK6ZvlvDwmZ3LWz9TD5mRIS5vCT3yhKfxCPOiNb6eCFhxqqYvs1AsbVFXlDsbzpNyoXwY7Xhszbqp56NuYXUQCvVUtQH7yIb+3gQn5Pg1NfUjo1pD8hMrwTao8/6qDmyL84vBAN4+WIL9ThL2LFu8c2DRJKVwVCL4crZoJiC8FpIVYqv21YSEyWlwX9wcdtcbVt2spDLsBXGonIj/qQadUY+uBQQ0MrXam0ywkQaARychI7m7pAqhzxsfKnpta1lTNYpDv7QvR+P92+clwUHwiWqPMeZ5RMzrfbmK2nbg5FOZ4yTkFbZ7dTcENyJ9Uh2wb2kHT3N5f4wjsqGeNXY5cwmUBpqhMh7TwR2hEs9cXU3pqZqEBfL/QvItaYCoJVb9JMZDNlhsyAUVYqHZv+VQa5Yx8bam6z4c+XLjdLwK/nCvCzDUVGaUtuZhZMqTB2zl5tBM3IrJHc8rsZEzi5ga/rYVJDaahwQgmTxG8spFYKLcJGRL31ndlrHDjVXb50j8H2RIpKftfJRHSybrayHgrTJs0jW1FxSTMOMFEtXUZ2vw28k771Xiike0crqTSaVwvRthehL3hZV4yd6GdpaCCmMS4GjRFZrRWSOPhGoFlsiBFi9epeZIbs29cz65QfrYnfPr8tCchvr4PGGfX2jc6GBxWBMlWf0ZC7yaUnC5l6qfg/QB6Z/064nd4cA9LLplFMDTq4NwDuqAU9RC5M2yDcgT9d1oseWtbcbP8eKpfiynXtRWn0DPjR4Qa4ncL9UZ+78+EPz8zsHlMO1wGK9JimyWi1+QugaR+3gREH/aBH5TUxaoDE+lEpKQkd42QzCqj9m9iHOJiMjr7Gbg82D/U0LGhsocpm4ikJVj2aHl76FMNFV+6UbL+BztrNMAD4TGy+21e01j7rq0uzzlQ50fS/IpKaJsjkg9Fp1w3AZgpLZnt9e4
Content-Type: text/plain; charset="utf-8"
Content-ID: <E183753AC999B94FB5A52E50C138CD8B@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f2d40fff-1d2a-4505-7efd-08db44af029d
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2023 10:31:05.6857 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wulgJH/wimbnJ7t8jTYBsuvOl6Yh7WCMaB6/OugLZizoAMR1hTTqR7GGKDX06pAfjWvyr37GnbmWlZ6GT2lutA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB7196
X-Outbound-SMTP-Client: 173.37.147.250, alln-opgw-2.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/9r9gvPjhm2rjSP3K_IkToZH2FoU>
Subject: Re: [OPSAWG] Éric Vyncke's Yes on draft-ietf-opsawg-sbom-access-15: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2023 10:31:16 -0000

Hello Eliot,

Thanks for the quick reply and the actions proposed in it. 

Some more comments tagged with EV>

Regards

-éric

On 24/04/2023, 11:33, "Eliot Lear" <lear@lear.ch <mailto:lear@lear.ch>> wrote:


Thank you Eric, please see below.


On 24.04.23 10:53, Éric Vyncke via Datatracker wrote:
> Éric Vyncke has entered the following ballot position for
> draft-ietf-opsawg-sbom-access-15: Yes
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ <https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/>
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/ <https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/>
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thank you for the work put into this document.
>
> Please find below some non-blocking COMMENT points (but replies would be
> appreciated even if only for my own education).
>
> Special thanks to Win Wu for the shepherd's detailed write-up including the WG
> consensus and the justification of the intended status.
>
> I hope that this review helps to improve the document,
>
> Regards,
>
> -éric
>
> # COMMENTS (non blocking)
>
> ## 'transparency' vs. 'sbom'
>
> This is probably due to historical reasons, but I find it strange to have the
> YANG module named 'transparency' while this term does not appear in the
> abstract.


It is, and we can add some text clarify this.

EV> this would be nice for the reader.

>
> ## Abstract
>
> I am not a native English speaker, so I am probably outside of my expertise
> here, but:
>
> * `automation is necessary to locate what software is running` should 'to
> identify' or 'to list' be better ? * `to provide the locations of software
> bills of materials (SBOMS) and to vulnerability information.` is there a verb
> missing between 'to' and 'vulnerability' ? I must admit that I cannot parse
> this sentence.


I will eview the grammar.


> ## Section 1
>
> `we seek` who is the 'we' ?


Fixed.


>
> s/the model is a discovery mechanism/the model can be used as a discovery
> mechanism/ ? I.e., how can a model be a mechanism ?


"the model is intended to facilitate discovery"

EV> perfect



>
> In `report to administrators the state of a system.` "state" is rather vague,
> can the state be qualified ? I.e., "security state" ?


"state of any known vulnerabilities on a system"

EV> perfect


>
> In the introduction of the 3 methods, the 2nd one (URI) is the only one having
> a normative MUST. Is it on purpose that the two other methods do not have
> normative language ?


Could you be more specific?

EV> sure, the paragraph below as a "MUST" while the one before and the one after do not. And, they are all describing 3 methods considered by this I-D. I find it unbalanced, not critical of course.

"Using the second method, when a device does not have an appropriate retrieval interface, but one is directly available from the manufacturer, a URI to that information MUST be discovered."



>
> ## Section 6
>
> `the endpoint SHOULD NOT provide unrestricted access by default` this is indeed
> a key point as the SBOM can also be viewed as the list of open doors to the
> device. I am really unsure how to fix this problem at all...
>
> I would also wish to have a mean to keep the SBOM information available for
> years even after manufacturer bankruptcy ...


I agree, and yet someone has to pay to keep the disks spinning, as it 
were. As a matter of pragmatics, this will have to be addressed market 
by market. There is no reason, for instance, that the model has to 
reside on manufacturing-owned gear, but then where it does reside might 
also go belly up. Those business models can, I think, be kinked out 
over time.

EV> I know, unsolvable problem... an engineering dream that is a unicorn

Eliot

v2.23.0 | Report a Bug | By Email