Re: [OPSAWG] 🔔 WG Adoption Call on draft-lear-opsawg-sbom-access-00

Qin Wu <bill.wu@huawei.com> Sat, 16 January 2021 12:17 UTC

Return-Path: <bill.wu@huawei.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 048333A1730 for <opsawg@ietfa.amsl.com>; Sat, 16 Jan 2021 04:17:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQWGPKbPfYDs for <opsawg@ietfa.amsl.com>; Sat, 16 Jan 2021 04:16:59 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D39A3A16EF for <opsawg@ietf.org>; Sat, 16 Jan 2021 04:16:59 -0800 (PST)
Received: from fraeml701-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4DHxjh6gKGz67blY; Sat, 16 Jan 2021 20:11:36 +0800 (CST)
Received: from fraeml701-chm.china.huawei.com (10.206.15.50) by fraeml701-chm.china.huawei.com (10.206.15.50) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2106.2; Sat, 16 Jan 2021 13:16:54 +0100
Received: from DGGEML404-HUB.china.huawei.com (10.3.17.39) by fraeml701-chm.china.huawei.com (10.206.15.50) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.2106.2 via Frontend Transport; Sat, 16 Jan 2021 13:16:54 +0100
Received: from DGGEML531-MBS.china.huawei.com ([169.254.5.18]) by DGGEML404-HUB.china.huawei.com ([fe80::b177:a243:7a69:5ab8%31]) with mapi id 14.03.0509.000; Sat, 16 Jan 2021 20:16:50 +0800
From: Qin Wu <bill.wu@huawei.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, opsawg <opsawg@ietf.org>
Thread-Topic: =?utf-8?B?W09QU0FXR10g8J+UlCBXRyBBZG9wdGlvbiBDYWxsIG9uIGRyYWZ0LWxlYXIt?= =?utf-8?Q?opsawg-sbom-access-00?=
Thread-Index: AdbsATdhD9Hj0KOZTIqZzBfQvUYmZA==
Date: Sat, 16 Jan 2021 12:16:50 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABAADCDB650@dggeml531-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.101.103]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/ru_bnoJTPITizt6FbRn4534h1xk>
Subject: Re: [OPSAWG] =?utf-8?q?=F0=9F=94=94_WG_Adoption_Call_on_draft-lear-o?= =?utf-8?q?psawg-sbom-access-00?=
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jan 2021 12:17:02 -0000

Hi, authors of draft-lear-opsawg-sbom-access-00:
What is key difference between sbom-url and local-uri? I feel a little bit confused when reading the definition of sbom-url and local-uri
Based on the definition of local-url,
"
case local-uri {
            description
              "The choice of sbom-local means that the SBOM resides at
              a location indicated by an indicted scheme for the
              device in question, at well known location
              '/.well-known/sbom'.  For example, if the MUD file
              indicates that coaps is to be used and the host is
              located at address 10.1.2.3, the SBOM could be retrieved
              at 'coaps://10.1.2.3/.well-known/sbom'.  N.B., coap and
              http schemes are NOT RECOMMENDED.";
          }
"
I think local-url is more related to well know url while sbom url is more related to local domain URL, what am I missing?
The question is Should SBOM server be discovered in the Cloud or in the local domain?

-Qin
-----邮件原件-----
发件人: OPSAWG [mailto:opsawg-bounces@ietf.org] 代表 Henk Birkholz
发送时间: 2021年1月5日 0:10
收件人: opsawg <opsawg@ietf.org>
主题: [OPSAWG] 🔔 WG Adoption Call on draft-lear-opsawg-sbom-access-00

Dear OPSAWG members,

this starts a call for Working Group Adoption on
https://tools.ietf.org/html/draft-lear-opsawg-sbom-access-00 ending on Monday, January 25.

As a reminder, this I-D describes different ways to acquire Software Bills of Material (SBOM) about distinguishable managed entities. The work was updated by the authors on October 13th and now elaborates on three ways SBOM can be found, including a MUD URI as one of the options.

Please reply with your support and especially any substantive comments you may have.


For the OPSAWG co-chairs,

Henk

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg