Re: [sacm] IETF 95 Agenda on SWID world
"Cheikes, Brant A." <bcheikes@mitre.org> Thu, 07 April 2016 19:09 UTC
Return-Path: <bcheikes@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC09712D6BE for <sacm@ietfa.amsl.com>; Thu, 7 Apr 2016 12:09:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zJpi4zOFFHl4 for <sacm@ietfa.amsl.com>; Thu, 7 Apr 2016 12:09:05 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 0D25C12D6CA for <sacm@ietf.org>; Thu, 7 Apr 2016 12:09:05 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id AE6C76C0392 for <sacm@ietf.org>; Thu, 7 Apr 2016 15:09:04 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (imshyb02.mitre.org [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 9F77B6C046B for <sacm@ietf.org>; Thu, 7 Apr 2016 15:09:04 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (129.83.29.3) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 7 Apr 2016 15:09:04 -0400
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Thu, 7 Apr 2016 15:09:03 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=C7nbv+9CBZZJ1xTPaand6B9E9f9D66JXpy7NHdsm9dE=; b=hRsODpA02x0LGWGBXX3yEaT75pwLinn47OuVO8sAN+4USWihWr+8zZSuWEOBZkt7fYT612Ayr8lbzIwg0tEaERXxjjCV9fs5V1GLtq3PaLQgQDsrsz0otlR+Zmbzh+XYkjxediFHW+BGeNOKPQaJB0gO+9TAE8yK9OlLPf5/STg=
Received: from BN1PR09MB075.namprd09.prod.outlook.com (10.255.203.13) by BN1PR09MB076.namprd09.prod.outlook.com (10.255.203.26) with Microsoft SMTP Server (TLS) id 15.1.447.15; Thu, 7 Apr 2016 19:08:58 +0000
Received: from BN1PR09MB075.namprd09.prod.outlook.com ([10.255.203.13]) by BN1PR09MB075.namprd09.prod.outlook.com ([10.255.203.13]) with mapi id 15.01.0447.028; Thu, 7 Apr 2016 19:08:57 +0000
From: "Cheikes, Brant A." <bcheikes@mitre.org>
To: "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: [sacm] IETF 95 Agenda on SWID world
Thread-Index: AQHRkMU4dr938pkwzEqc5xap5070SZ9+1bBw
Date: Thu, 07 Apr 2016 19:08:57 +0000
Message-ID: <BN1PR09MB0753A5F718438FBC43FC242D1900@BN1PR09MB075.namprd09.prod.outlook.com>
References: <04C2FAE9-476B-489F-81CB-48BCAAFA29D6@gmail.com> <SN2PR0601MB099226A18B2F660403AB4DC8A89A0@SN2PR0601MB0992.namprd06.prod.outlook.com> <E6535DCE-089D-4EEA-BA8F-AA1F1D5C42A5@gmail.com> <57064BF9.4060805@yaanatech.com>
In-Reply-To: <57064BF9.4060805@yaanatech.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=mitre.org;
x-originating-ip: [192.160.51.87]
x-ms-office365-filtering-correlation-id: 96105de0-4084-4e9e-f02d-08d35f181245
x-microsoft-exchange-diagnostics: 1; BN1PR09MB076; 5:lp5pMHMwYX4xtiAxJypjeLtaulH6J1u6uHh9kluu2e8LZsKIPGWrjM5Yk4Tg8T9CCe+qvex7avNXQEC6hwfctNdMVP5EHx0W8AD5dL6qOcLETjv/nhafqJ/vEn55QlR5QzmBrkPF0awRZV/X2nWd7w==; 24:gWX8IRBHR5mhgUv5sy2h+JIzIpcZICDcI0TDLXSPj4v9Y/05OCnUD/tsRc9ybijx/FcLc7mOpdBbaD2rh9OvguqRsm5erH+fP0R2ry5iMXI=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB076;
x-microsoft-antispam-prvs: <BN1PR09MB076019F524288AFEEAF7A13D1900@BN1PR09MB076.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:BN1PR09MB076; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB076;
x-forefront-prvs: 0905A6B2C7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(377454003)(13464003)(81166005)(122556002)(2906002)(450100001)(5640700001)(189998001)(74316001)(2501003)(86362001)(6116002)(3660700001)(3846002)(1096002)(87936001)(102836003)(5003600100002)(1220700001)(1730700002)(106116001)(5004730100002)(5008740100001)(2351001)(3280700002)(107886002)(586003)(76176999)(50986999)(54356999)(66066001)(33656002)(2900100001)(92566002)(77096005)(10400500002)(19580395003)(110136002)(99286002)(5002640100001)(15975445007)(76576001)(19580405001)(2950100001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN1PR09MB076; H:BN1PR09MB075.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2016 19:08:57.8549 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB076
X-OriginatorOrg: mitre.org
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/03HeO-XiMnT2Ge4n_S_-RhwdqXU>
Subject: Re: [sacm] IETF 95 Agenda on SWID world
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 19:09:15 -0000
Just to correct the record: * NIST IR 8060 is currently available in its fourth public draft for comment. The final draft is due imminently. * IR 8060 cites the 2009 version of the SWID spec, but clearly states (first sentence, second paragraph, Introduction) that "This report provides an overview of the capabilities and usage of SWID tags defined by the ISO/IEC 19770-2:2015 standard." * IR 8060 does not "[reference] the 2015 version as an extension schema". We introduce an extension schema to support a handful of guidelines in the IR. The link to that schema is broken until the final version of the IR is published. With that, I need to get back to reinventing decades-old work. /Brant P.S. The relevance of X.1520 (common vulnerabilities and exposures) to SWID CBOR needs to be clarified. -b -----Original Message----- From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Tony Rutkowski Sent: Thursday, April 07, 2016 8:01 AM To: Adam Montville <adam.w.montville@gmail.com> Cc: <sacm@ietf.org> <sacm@ietf.org> Subject: [sacm] IETF 95 Agenda on SWID world Hi Adam, Interesting to seem the presentations and brainstorming on materials. A few "inquiring minds" questions. For the Information Model Update presentation, slide 9 portrays two SWIDS: "SWID XML Schema" and "SWID CBOR Data Definition." It's not clear what the former represents, and the latter presumably will eventually be revealed in draft-birkholz-sacm-coswid-00. The SWID CBOR effort usefully begins to head slowly in the right direction of getting real, but it refers to ISO/IEC 19770-2:2015 as the source of SWID information structures, and combined with ISO/IEC 19770-5:2013 also referenced, sets one back $389 to take a peek at them. Maybe that's easy change for a government agency, but no one in the real world is going to spend that amount to take a peek at a specification. The problem here is compounded because NISTIR 8060 is out on the street for comment, but it references the 2009 version. To make matters worse, the NISTIR references the 2015 version as an extension schema, but the URL to get the extension schema is broken. http://csrc.nist.gov/ns/swid/2015-extensions/1.0 Not that this isn't elegant work, but it has the surreal attributes that pervaded the OSI world 30 years ago where the previous generation of some of the same government agency actors inhabited standards meetings - writing for years some of the best specifications that no one ever used. There are at least a dozen other industry SWID standards efforts out there if there was an interest in looking. They have better properties for the context, and some of those are used on a significant scale. But then again, it's kind of fun watching the deja vu of OSI getting reinvented in the IETF! --tony ps. If the authors revise the SWID CBOR draft, finding the details of X.1520 is easy. In English, it is at: <https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.1520-201401-I!!PDF-E&type=items> _______________________________________________ sacm mailing list sacm@ietf.org https://www.ietf.org/mailman/listinfo/sacm
- [sacm] Updated IETF 95 Agenda Posted Adam Montville
- Re: [sacm] Updated IETF 95 Agenda Posted Lisa Lorenzin
- Re: [sacm] Updated IETF 95 Agenda Posted Adam Montville
- [sacm] IETF 95 Agenda on SWID world Tony Rutkowski
- Re: [sacm] IETF 95 Agenda on SWID world Adam Montville
- Re: [sacm] IETF 95 Agenda on SWID world Tony Rutkowski
- Re: [sacm] IETF 95 Agenda on SWID world Lisa Lorenzin
- Re: [sacm] IETF 95 Agenda on SWID world Cheikes, Brant A.
- Re: [sacm] IETF 95 Agenda on SWID world Tony Rutkowski
- Re: [sacm] IETF 95 Agenda on SWID world Tony Rutkowski