[OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: 🔔 WG Adoption Call on draft-lear-opsawg-sbom-access-00

Christopher Gates <chris.gates@velentium.com> Tue, 05 January 2021 15:27 UTC

Return-Path: <chris.gates@velentium.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03E383A0FF2 for <opsawg@ietfa.amsl.com>; Tue, 5 Jan 2021 07:27:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=velentium.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJgNlQsnFl7F for <opsawg@ietfa.amsl.com>; Tue, 5 Jan 2021 07:27:46 -0800 (PST)
Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 712C73A0FDE for <opsawg@ietf.org>; Tue, 5 Jan 2021 07:27:46 -0800 (PST)
Received: by mail-io1-xd2d.google.com with SMTP id r9so28524999ioo.7 for <opsawg@ietf.org>; Tue, 05 Jan 2021 07:27:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=velentium.com; s=google; h=from:to:subject:date:message-id:reply-to:user-agent:mime-version; bh=iZ5UGrYDCMbqFjROs4bqxfy37ypJIW2Bq15j8wUbdfU=; b=ejtO8m6moDDcFo18mlQprspbJFZ25F0OjAHpEuOxIuDX7Cx1j6/1eBKz9Rdcorpjjs Rz/r9jAqy8MdAWWVR6NyVPQOSmEASwK9dnBoD8NWk09g46Y+AsZIC1DBCvSpAeYGN7aO zYZ0z3rc9Kx/KUcDPg/NmGcy2pagKWR/43YUQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:reply-to :user-agent:mime-version; bh=iZ5UGrYDCMbqFjROs4bqxfy37ypJIW2Bq15j8wUbdfU=; b=SDnO1oFMrX4JO0xkaCOs3ev7XGo1XW24KiF2gU1E4gAn6WARJ/1hutHc9CMfzql3ty epA8BrkEL9vvBocQmROIFFKHFN34RmPtsLVpGiyHaRBwYIE02HDgrrC5yElqK7Me5yD0 NNHJshIfI+csXR8y7IjqQl4sDjo1OS4d4rvGAi3gZlFbhTVBBL91QFyKKyOWcg7ZIbDV Suu4G4n0LFc6GVb5pIP0xYWKXWt3tMDUSsUaKx2Sa9Ei2ij5VE2mUzdKSxXPwpjWggQC kNU8qwVF+fHiPfvNxqWk1PSx9q/1l4EGGevn3hzqOmJMUoV7XZXPV9RdmwFVi7CE6Kfd cV6w==
X-Gm-Message-State: AOAM530G05BHYOK8nysk+BJLTmOFZLohGHaLTLfxFBSpgdXZgfmRBL7k 2WzhnZsidBWLTg8t2x3SEfV54jnxIoN1b78QwUSIXCF4qVs0j0btYd0IUNSpJZpzZWo2T40cRB7 XOXvq99vGKkermX+uNjGnoZOvClXrz5fEe6vqhoI+FKYZ/JpOQz9QWB6DxJzJ+Qd8/XIw
X-Google-Smtp-Source: ABdhPJyQ+G2TkFgDN1fBVx1GY0hA7BAalLUb5TBAZEkEBzgNoVO22v0YqqWyhnovEjEwOZtRsX8w2g==
X-Received: by 2002:a6b:8e92:: with SMTP id q140mr64014044iod.182.1609860465209; Tue, 05 Jan 2021 07:27:45 -0800 (PST)
Received: from ?IPv6:2601:285:8380:81f0:60d5:3b69:9dc6:c4d8? ([2601:285:8380:81f0:60d5:3b69:9dc6:c4d8]) by smtp.gmail.com with ESMTPSA id s12sm32686277ilp.66.2021.01.05.07.27.44 for <opsawg@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Jan 2021 07:27:44 -0800 (PST)
From: "Christopher Gates" <chris.gates@velentium.com>
To: opsawg@ietf.org
Date: Tue, 05 Jan 2021 15:26:48 +0000
Message-Id: <ema9be735c-1725-4ceb-8ca1-bc90f895f94e@vwdl7400-36262r2>
Reply-To: "Christopher Gates" <chris.gates@velentium.com>
User-Agent: eM_Client/8.1.876.0
Mime-Version: 1.0
Content-Type: multipart/related; boundary="------=_MBAB80BC0B-BB4E-4424-B4DB-DAECD1AD5EBC"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/uIMV91sBVS5-5sWefdYr1vPd_GM>
Subject: [OPSAWG] =?utf-8?q?Fw=3A_Re=3A_=5Bntia-sbom-framing=5D_Fwd=3A__?= =?utf-8?q?=F0=9F=94=94_WG_Adoption_Call_on_draft-lear-opsawg-sbom-access-?= =?utf-8?q?00?=
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2021 15:27:49 -0000

------ Forwarded Message ------
From: "Christopher Gates" <chris.gates@velentium.com>
To: "Eliot Lear" <lear@cisco.com>om>; "ntia-sbom-framing@cert.org" 
<ntia-sbom-framing@cert.org>
Sent: 1/4/2021 2:48:51 PM
Subject: Re: [ntia-sbom-framing] Fwd: [OPSAWG] 🔔 WG Adoption Call on 
draft-lear-opsawg-sbom-access-00

>Eliot,
>
>I joined the IETF WG, and I have some feedback....
>
>
>A "SWID tag" isn't an SBOM format, as stated here. It is an element 
>inside of an SBOM.
>Since we have removed SWID as a format we in the "NTIA SBOM WG are 
>supporting for SBOM use, shouldn't this reference be removed from the 
>IETF draft as well?
>
>
>Also, I still think that creating a Bluetooth Low Energy SBOM Adopted 
>Profile (via the Bluetooth SIG) that is harmonized with this would be a 
>good thing:
>
>
>Due the the low bandwidth of BLE we wouldn't attempt to provide the 
>SBOM via BLE, just the link to a URI that can deliver the SBOM.
>It would create a standardized UUID (16 bit) for the SBOM Adopted 
>Profile, and have a consistent set of characteristics being exposed via 
>BLE.
>This is exactly how an Adopted Profile is supposed to be defined and 
>utilized.
>
>
>Christopher Gates
>
>--------------------------------
>
>Director of Product Security
>
>www.velentium.com
>
>(805)750-0171
>
>520 Courtney Way Suite 110
>
>Lafayette CO. 80026
>
>(GMT-7)
>
>
>
>Our new book is now shipping:
>
>Medical Device Cybersecurity for Engineers and Manufacturers
>
>U.S. 
><https://us.artechhouse.com/Medical-Device-Cybersecurity-A-Guide-for-Engineers-and-Manufacturers-P2128.aspx> 
>| Worldwide 
><https://uk.artechhouse.com/Medical-Device-Cybersecurity-A-Guide-for-Engineers-and-Manufacturers-P2073.aspx>
>
>Amazon 
><https://www.amazon.com/Medical-Device-Cybersecurity-Engineers-Manufacturers/dp/1630818151/ref=sr_1_1?dchild=1&keywords=Axel+Wirth&qid=1592335625&sr=8-1> 
>& Digital 
><https://us.artechhouse.com/Medical-Device-Cybersecurity-for-Engineers-and-Manufacturers-P2174.aspx>
>
>Security Book Of The Year! 
><https://engineering.tapad.com/the-best-information-security-books-of-2020-e7430444fbd4>
>
>
>
>“If everyone is thinking alike, then somebody isn't thinking.” -George 
>S. Patton
>
>"Facts are stubborn things."  -John Adams, 1770
>
>
>------ Original Message ------
>From: "Eliot Lear via ntia-sbom-framing" <ntia-sbom-framing@cert.org>
>To: ntia-sbom-framing@cert.org
>Sent: 1/4/2021 9:57:22 AM
>Subject: [ntia-sbom-framing] Fwd: [OPSAWG] 🔔 WG Adoption Call on 
>draft-lear-opsawg-sbom-access-00
>
>>FYI- this is your opportunity to contribute to the IETF.  If you think 
>>sharing of SBOMs is important, this is a starting point for the IETF 
>>to begin work on that aspect, not an end point.  Please feel free to 
>>contribute by joining the opsawg IETF list at 
>>https://www.ietf.org/mailman/listinfo/opsawg.
>>
>>Eliot
>>
>>>Begin forwarded message:
>>>
>>>From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
>>>Subject: [OPSAWG] 🔔 WG Adoption Call on 
>>>draft-lear-opsawg-sbom-access-00
>>>Date: 4 January 2021 at 17:10:19 CET
>>>To: opsawg <opsawg@ietf.org>
>>>
>>>Dear OPSAWG members,
>>>
>>>this starts a call for Working Group Adoption on 
>>>https://tools.ietf.org/html/draft-lear-opsawg-sbom-access-00 ending 
>>>on Monday, January 25.
>>>
>>>As a reminder, this I-D describes different ways to acquire Software 
>>>Bills of Material (SBOM) about distinguishable managed entities. The 
>>>work was updated by the authors on October 13th and now elaborates on 
>>>three ways SBOM can be found, including a MUD URI as one of the 
>>>options.
>>>
>>>Please reply with your support and especially any substantive 
>>>comments you may have.
>>>
>>>
>>>For the OPSAWG co-chairs,
>>>
>>>Henk
>>>
>>>_______________________________________________
>>>OPSAWG mailing list
>>>OPSAWG@ietf.org
>>>https://www.ietf.org/mailman/listinfo/opsawg
>>
-- 
Disclaimer: The information and attachments transmitted by this e-mail are 
proprietary to Velentium, LLC and the information and attachments may be 
confidential and legally protected under applicable law and are intended 
for use only by the individual or entity to whom it was addressed. If you 
are not the intended recipient, you are hereby notified that any use, 
forwarding, dissemination, or reproduction of this message and attachments 
is strictly prohibited and may be unlawful. If you are not the intended 
recipient, please contact the sender by return e-mail and delete this 
message from your system immediately hereafter.