[OPSAWG] Roman Danyliw's No Objection on draft-ietf-opsawg-sbom-access-16: (with COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Thu, 27 April 2023 12:15 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: opsawg@ietf.org
Delivered-To: opsawg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 68CCFC1516E1; Thu, 27 Apr 2023 05:15:43 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-opsawg-sbom-access@ietf.org, opsawg-chairs@ietf.org, opsawg@ietf.org, henk.birkholz@sit.fraunhofer.de, bill.wu@huawei.com, bill.wu@huawei.com
X-Test-IDTracker: no
X-IETF-IDTracker: 10.0.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <168259774342.29456.108796933585455062@ietfa.amsl.com>
Date: Thu, 27 Apr 2023 05:15:43 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/pSaMbZ7cDKmPNjFy4ftw8_LF6z0>
Subject: [OPSAWG] Roman Danyliw's No Objection on draft-ietf-opsawg-sbom-access-16: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2023 12:15:43 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-opsawg-sbom-access-16: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Christian Huitema for the SECDIR review. Thank you for addressing my DISCUSS and most of my COMMENT feedback. ** Section 5.1 ==[ snip ]== The second example demonstrates that just SBOM information is included. { "ietf-mud:mud": { "mud-version": 1, "extensions": [ "transparency" ], "mudtx:transparency": { "sbom-local-well-known": "https" }, "mud-url": "https://iot.example.com/modelX.json", "mud-signature": "https://iot.example.com/modelX.p7s", "last-update": "2022-01-05T13:29:47+00:00", "cache-validity": 48, "is-supported": true, "systeminfo": "retrieving SBOM info via a cloud service", "mfg-name": "Example, Inc.", "documentation": "https://iot.example.com/doc/modelX", "model-name": "modelX" } } ==[ snip ]== In -15 systeminfo said "retrieving vuln and SBOM info via a cloud service". In response to my ballot, -16 now reads "retrieving SBOM info via a cloud service". However, since the sbom-local-well-known field is present and the narrative text says "The second example demonstrates that just SBOM information is included", systeminfo should read "retrieving SBOM information locally from the device" (or something to that effect).
- [OPSAWG] Roman Danyliw's No Objection on draft-ie… Roman Danyliw via Datatracker
- Re: [OPSAWG] Roman Danyliw's No Objection on draf… Eliot Lear