IETF Logo Mail Archive

Re: [sacm] Robert Wilton's Discuss on draft-ietf-sacm-coswid-20: (with DISCUSS and COMMENT)

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 17 February 2022 10:16 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D27633A0915; Thu, 17 Feb 2022 02:16:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.613
X-Spam-Level:
X-Spam-Status: No, score=-2.613 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.714, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IvKQK-rJkMVP; Thu, 17 Feb 2022 02:16:29 -0800 (PST)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17BEA3A090D; Thu, 17 Feb 2022 02:16:27 -0800 (PST)
IronPort-SDR: 6XFNh/KuXhWhTxJ5vwHgROWCV0hT34kaZK8s3mYnpfc1XBR7V4nxKonYxw1STsweTmuorP78/e +papo0lqID2sX26KzzSmDV95DskJqufslvMB/0CP8HI4YxkwKqWqdQmgBo4ckmGJa0oLXPWoly u9DA/U1mPrVVMKOD37dFDvExcXHD65fce5sbKgyl2h/lI/P6/6WB3auZorjQGYez+Wf+8NKxD2 cduihHMqrE7IAfM4ZsUPSH5ARvR7g5YYICPZ9stAxMeTIkPzrlEVdBpqlYSk61nSM6HPWTJJCj Xeo=
X-IPAS-Result: A2GmCgC5Hw5i/xmkZsBagQmBWoIofoFThFWDTYpIglQuA5IJiSOBQoERAxgWJgsBAQEBAQEBAQEIATUMBAEBAwEDhQAChAMmNwYOAQIEAQEBAQMCAwEBAQEFAQEGAQEBAQEBBQQCAoEYhS85DYJwRh1NBgMBAQEtAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEFAg00HikMMgEBAQMjDwEFCAEBNwEPCQIOCgICJgICMiUGAQwBBwEBF4JpAYJlAz2QQJwMgTGBAYIIAQEGBAR+TUGCfxhcgVsJCQGBBiyDDockhBE3gVVEgRUnD4J0PoJjAgECgSgBEgGDOYJlkypzYgQiGRYCImN9dZIBBoMKqj00B4IQgTqBOQYLiTqUSAYULoNygU6KVYYnkVSVbl0ggimHfYJMkh2CE4UHAgQCBAUCDgiBd4EQcE0kgzgJSBkPjiwWFYM6hAiBDIVLdAIBNQIGAQoBAQMJkR4BAQ
IronPort-PHdr: A9a23:BgYn1BD9NIfdaknAUWZVUyQVYBdPi9zP1kY95pkmjudIdaKut9TnM VfE7PpgxFnOQc3A6v1ChuaX1sKoWWEJ7Zub9nxXdptKWkwJjMwMlFkmB8iIQUTwMP/taXk8G 8JPHF9o9n22Kw5bAsH7MkbTvju89zcPHBX4OwdvYOj4Sebv
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.88,375,1635199200"; d="scan'208";a="39638444"
Received: from mail-mtaf25.fraunhofer.de ([192.102.164.25]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Feb 2022 11:16:24 +0100
IronPort-SDR: lNSktLvEWi4WABGj9tf01uElp6UxfuzmQUjZN96sXzOk9Khf5wCB7QZa4esPH4HQ85d9yBUQx3 K1aBGSfxrpDzNBmIQ72RCFwgLfzPS9I/0=
X-IPAS-Result: A0ACBAAMIA5iej6wYZlaHgEBCxIMQAmBRguBUlZ+WSZUhFSDSwEBhTmFD16Bdi4DOAGRUIkjgUKBEQNUCwEDAQEBAQEIATUMBAEBhQcChAACJjcGDgECBAEBAQEDAgMBAQEBBQEBBQEBAQIBAQUEFAEBIwcEDgMQEDsGXgZogU+BYRMLNA2GQwEBAQMSEQ8BBQgBARQjAQ8JAg4KAgImAgIyBx4GAQwBBwEBFweCYgGCZQMtAQEOkECPNgGBOgKLGYExgQGCCAEBBgQEgUtBgn8YXIFbCQkBgQYsgw6HJIQRN4FVRIEVJw+CdD6CYwIBAoEoARIBgzmCZZMqc2IEIhkWAiJjfXWSAQaDCqo9NAeCEIE6gTkGC4k6lEgGFC6DcoFOilWGJ5FUlW5dIIIph32CTJIdghOFBwIEAgQFAg4BAQaBdyRrcE0kgzgJRQECAQINAQICAwECAQIJAQECjh0MFhWDOoQIgQyFS0IyAgE1AgYBCgEBAwmRHgEB
IronPort-PHdr: A9a23:Lv8I7RfLQGIXQJeG9CWFUw0WlGM/vYqcDmcuAtIPh7FPd/Gl+JLvd Aza6O52hVDEFYPc97pfiuXQvqyhPA5I4ZuIvH0YNpAZURgDhJYamgU6C5uDDkv2ZPfhcy09G pFEU1lot3G2OERYAoDwfVrX92az8XgcABziMwpyKOnvXILf3KyK
IronPort-Data: A9a23:DWnL765WNu6IWOEKxWBjCAxRtPrBchMFZxGqfqrLsTDasY5as4F+v mocWW+COPeDZzTwKdF3YYTg9BtSvZPQz9ZgQFY//ywyZn8b8sCt6fZ1gavT04N+CuWZESqLO u1HMoGowPgcFySa+1HxWlTYhSEUOZugH9IQM8aZfHAhLeNYYH1500g7wbdm2tcAbeWRWmthh /ui+6UzB3f4g1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJM53yZWKEpfNatI88thW5 wr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkSvqkAqm8A87ko0HPQBa00PpjSFpIB45 dwWqc2wSAtzEaKZzYzxUzEAe81/FbZD5KeBLGi0sYqd1UTbdXvrzfh0Sk07VWEa0r8qWicfq rpBd25LMErra+GemNpXTsFsi8IgasPqJoAfvXVy5SrYEbAoW5neRaXN69JCmjs97ixLNa+AO ZZGMmIxMHwsZTVuZkgoMo0flt252HPabiIDk124vo84tj27IAtZiuG2aYGFK7RmX/59hFmZo n7B+UzyAwoRM5qUzj/t2nOhneDnnC7nVsQVDrLQ3vJwiVOPg20eFBNTTlKwpLyyjVWhWt53K kEI9Gwpt6da3FeiRdy4VB2xoWSflh8RR9QWFPc1gCmWw6HRyweUGmZCSSROAPQnssY9RDsC3 VKTg5XuHzMHmLqZTnSa+beJoBuzIi8ea2gYakc5oRAtuoS45dBsy0uQEJM9Suiri5v+Xz/qy i2MrC8wiq9VgcNjO7iHEU7vjS+urMDkTwIOtgz6Vzm5vwN4aNSKaNn9gbTE1spoIIGcR1iHm XELncmC8ewDZa1hcgTQHY3h+5n0v5643C3gbU1HQsB7pmX2k5K3VdEMsWgmTKt8GpxcIVfUj FnvVRR5yLI7AZdHRfYqOMfgVIFzkvalS46jSPWSZZxAeJFscg+A8ix0I0Kdt4wMrKTOuf9iU Xt4WZz3ZZr/NUiB5GbqLwv6+eR6rh3SPUuJGfjGI+2PiNJynkK9R7YfK0epZesk9q6Cqwi92 48Ba5bSkEsFCLWiOnW/HWsvwbYiciVT6Xfe9JU/SwJ/ClA4SQnN9teOkOh+I9Y590irvryZp i3nMqOn9LYPrSeeclzROiELhELHUZtisWkwPSE3dVivwWMoYZup47wZeoclFYTLB8Q8pcOYu 8ItKpXoKq0WElzvom1BBbGg/dAKXEn62mqmYXH/CBBhJMEIeuA80oW+FucZ3HVWVXrfWApXi +HI6z43trJYFl49UpiHM6P0p75z1FBE8N9Ps4LzCoE7UC3RHEJCd0QdV9c7fJMBLwvt3Dyf2 1rECBsUv7CS8ZQ07J/Hn6mZqYeuHeZkWEZXRjGJ4bGzPCjc32yi3Y4ZDLfWJ2+ADjus9fXwf /hRwtH9LOYDwgRAvb18JLA3n6gw0N3i+u1BxQN+EXSXNFmmU+syInSP0cRVmLdKw7tV5Vm/V k6Vo4YIIrSVfs3/GUMXJA0rY/7F2fxNwmve6vE8IUPb4i5r/ePbABsIYETW0HRQdeInPpkkz OEtvN8txza+0hd6YMybii109niXKiJSWasQtqYcXN3hhD0txwwQepfbECL3vMqCZtgQYEknJ jiY2PjLi7hGnBGQaH8vDT7AzeFdw5oUsQ1MzFgMKk7Pltec3q072xhY8DIWSAVJz0wbgrwpZ TUxbxV4dfeU4jNlpMlfRGTwSQtPMxuUpx7qwFwTmWyFEkSlCj7XIGsmNbrf9UwV6TkGLGEGp /TJlyO8DmivIpu3wC50UghrsfX+S9x2+ADY3syqRpzXE54/aDvjo6mveWtR90q5W5xs3hWfq Lk45vt0ZI36KTUU//8xBb6c2OlCUxuDPmFDHaxs8a5h8bswo91uNeVi83yMR/4=
IronPort-HdrOrdr: A9a23:hkikzK/qrgp+M5F/2B9uk+Hxdb1zdoMgy1knxilNoNJuE/Bw9v re/8jzuiWE9gr5NEtOpTniAsm9qA3nhOFICOAqVN/IYOCBggWVxepZgLcKrQeLJwTOssZm75 dbTuxXIuDRK39NoO7GzGCDYqod6ejC2JqTtd3ii19GcCFNTJdbxW5Ce3umO3wzbDN9NaAFUL KyyeZsmhaMT0gsVfKeLlkhNtKzxeHjpdbPWyQ3PSNiwDO1rR2OxJPNKSe06C01Ogk/pIsKwC zsqTbI3Jjmm8uA6jH6+0Lk065sruHKo+EzYPCku4w8EA/dsDvtSLtWcZW+kB4Sm9HH0idTrP D85z8bBfRI1jf8QVeNmjvK4Cnc4F8VmgXf4G7dqUHYkfbFAB4EPfFsqrR/VHLimi0dleA5+J hw71il87ZpOyntpwTa2+LueytR/3DE2kYKoKo6tUZua7ZbRIBml6Alw2N+PP47bVvHwbFiON NVPPvgoNpoR2mmR03011MfpuBFiBwIciu7fg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.88,375,1635199200"; d="scan'208";a="166473064"
Received: from 153-97-176-62.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.176.62]) by mail-mtaF25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Feb 2022 11:16:21 +0100
Received: from XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.15; Thu, 17 Feb 2022 11:16:20 +0100
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (104.47.17.176) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.15 via Frontend Transport; Thu, 17 Feb 2022 11:16:20 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BalLRll3iMQV5Vl7y2O6TpYZHXpW5He5GiF/Ey/iyTOS0wxhLWqCKYQ7EBdDCx6XWLjL2WUBjGutcQNQXafWY2/ACcbCpEdNP4qCBWc4rJvX6/DcPdd05RdZeresLNATekujOFpcCedsRVdT+D1Kp5ihp/lPO5DmDsGm1fKHDdeB0A4syGDJqb0gAljI3a0Rvr3Vi9E7t1jskbwYr8et39+ZU1g+Vy7Xbpakia6CGTTAv7V99cP4XUk/v1gVbUic/xd20/Is10yAhU7ryNEAKtEfPaOu+2XOSX//SRy8bf+3RvaDTF5jeNdEUQdmkVxfliffBPqR9rpWxZ4xGnWXMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=J2xH4z+dr34Uw9oQhBH3oD69FTWUyygArG1NOoICpMw=; b=kc7nyYpu47c32tgGVnqRTS1jWFUUzoJq3Fj5DHcOsTD2hOc9R7SUaT8XnOXNarbJLD0aGS/JuD0rIC+WmkC8fTF6/Rj/YjlKzf86CV6qYxWVmtM1omVa0IGBfiOixgQ9Y7+ulPH/z6aLIK3ad40U7BliAtVyyIGBs7RI2mH6jQHwKLWeoeZkV+zr8dTHeanWAtS8h2RpW/Miv7JGM9M6ssUTEPKvn1Cs6g8URcp7odpLuYGX0yt4RynM+gn0Hkja7VzO+LUoObfiyo02Qd8zftlRsf9ryNlQuGZazCmnnm0J9njO5fqoHQ8V7s0gdjzTHCbd/OGIRX+49tpAGdEtrQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J2xH4z+dr34Uw9oQhBH3oD69FTWUyygArG1NOoICpMw=; b=kKDnp2YnKm2AUfpKR+s/oqgYhvOJeWM/6Xi08ATnjzVMu+smq4cp5kei2zToWntj/Z3h6ggvktSqL41vpI8ndZnY8lqEmG8SRCJrtNCLCwkY1Zs+BmLYnEOCRwDHvGk/Ip8pl1gqpBAn4aCC8SBP0aHl5J8F6ao4R9JXNa8xwuw=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9) by DB6P194MB0136.EURP194.PROD.OUTLOOK.COM (2603:10a6:4:c4::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.19; Thu, 17 Feb 2022 10:16:19 +0000
Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::ec87:f3dc:70f7:2421]) by DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::ec87:f3dc:70f7:2421%4]) with mapi id 15.20.4995.016; Thu, 17 Feb 2022 10:16:19 +0000
Message-ID: <0a03efe3-3d6c-3df0-c566-9d8175114dee@sit.fraunhofer.de>
Date: Thu, 17 Feb 2022 11:16:16 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: en-US
To: Robert Wilton <rwilton@cisco.com>, The IESG <iesg@ietf.org>
CC: draft-ietf-sacm-coswid@ietf.org, sacm-chairs@ietf.org, sacm@ietf.org, Christopher Inacio <inacio@cert.org>, Karen O'Donoghue <odonoghue@isoc.org>
References: <164492093291.15221.12560554224982519003@ietfa.amsl.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <164492093291.15221.12560554224982519003@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AM6PR08CA0044.eurprd08.prod.outlook.com (2603:10a6:20b:c0::32) To DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 86c9f416-a3a9-4984-2ae8-08d9f1fe8a0f
X-MS-TrafficTypeDiagnostic: DB6P194MB0136:EE_
X-Microsoft-Antispam-PRVS: <DB6P194MB01367D31E36D568FD8F9B813A8369@DB6P194MB0136.EURP194.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: l4zN3hUfPMfGghWDLmfQq/z/Ho7P1aGJheyoOJC8nmWGXBKp48Tjg73UN3F43Ff/s7nXXhm4JsGOeIerEQ9vq+L3lXj71lQwNcbuox6XgPz6cMbNI8+3iqtddiYsV+1lTyjx927szdePDBbCnUUKuI+Uplv72gIN3d6DhXGyX1qonQWzeV+ipRLi3h4zyv54KXvbwg7qTOlI+i1JJv7syc4gYXcIS7Yfa/jNhax/O28bmJee2kC+358sW2s65F6PcUAFex2xTW1F2t5NF7zNSSt2EqA3b/j+0wOGAGe0qH+Wa9o4mNY0FcbHa2ePSI62ZqBV6z6mAgVuERzOwiq7lFSF+kobCMBt0Nrf3v8pQWBeOj304o3jpvZBNoi+uG0vKJiBmH/9/gf+Q4vxxhgQl2iqI6hYxTMFreUcsC97eMczgucEcQnlMa+jSB9mXxhMJjrnASbkI6OFQrnwIBRCL8PnVEev4MSCe/NgyBavdMxL/G/9Ep/KoIhSsiGh+B0MeYWCOgtbae2fHxXq9+SdfF8gG6cYcgWvqZFgHs2hi1ffiVggXSHeJ9lQlfM1jijKAB2vAbB8BQDPeUM0O++BpaiySxmdv/bwMSTuQT36vCzc8diN/XhvGleLgX5kHr4uPEWCSa3Xl/ArQG8e41g/9hdpTERREgZqb50mVwRbHzag3L5L2o1e60oskkcQHrasR+P15NI1iqIx5dOtuehoIqSXB0v738nCqZRvoBQjUhPPjhvzFGWn/NdUDrTWsWJ4hhpM2tLDTOmEb8TWSbczCAL4MDJ8IRp9aQSvrYDBNDZAUEHvJnsXVHEJBYHejD6QbJ/OjqU780U9PO6hJ5R3f0whfFL0f0Kd2L3x7M5B4hU=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2P194MB1709.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(5660300002)(8936002)(6512007)(966005)(31696002)(2906002)(86362001)(31686004)(186003)(38100700002)(66946007)(4326008)(8676002)(82960400001)(2616005)(6666004)(316002)(110136005)(52116002)(6486002)(66476007)(44832011)(54906003)(83380400001)(53546011)(66556008)(508600001)(6506007)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 7G/DR4lEnbFcxIHq+Ob7MMf2jgaAbCmhY+I4Ha3LLNAfxG/2EQk9T7KoR1Mr9c40GazjkVw/RBmlSQDaCylt4oIUBchoHBdl3JeYqwMTw+o39paBFa5wJvDuEjfydwIfb698F3iRrTBZa0bNgVDzsCUi0KT9XNyFeKbLCDc8WuKNs/2PCFh/dO1Hh0JyKES5ENNrVysL77FappquItq7FKNrvCFfer05/zhqvLhisefIRdNpu8fnoM7v8FBYzM5WapM3xHM1/RX55bhVYhnUFZjqpXpC8JXiEj2RcdfCOgUYGSDTbkqeeuEzmrAOOgk+j4a1FRTaOD6XbNObeMaPvk4bJMz+YfaaHAyyQImg+V/IkgliC1RnJa8F1RIBwDW8rub9odvV6hReHD24oS1Rtqq55ewVVXByBJ1Sd7awFzcWkj1RvQPXxEypBZkS0YhmSpgJKLph1tHJIAfMg1Hfrp9GBXYDN6RFcdCi17EkFpeCJtSloitoaoRoCO7eP0TWbW5vNnVllevw+p2OhL5EG2X9QNXLnmx2XSjgBATazbagXXHXLg75kxD+M9kRDNbwDYXlrb3ONJm1LqSt/temE5V8caKfVK4ygCd+SXfJT71FWtw9T+cYLVnNBeOoMLcBHgEV0wOSCzV0ZUz9o8PbNnvclffZHIgtgDI81H83Ot5Ljztahy5x/8se5PtECHlzosMtu0CRxJncBSNekRL4ZrZCbicVvzJZlB9LLJV45xnFLKXPnBvA/5cgMVqzdmFpjulhSv+DnAgcYFK7ETtltKKehogU1fv0Gz4NPDT5vgLpN7NOBvE+q5IFht1R5sgyxmVdj4i4+R24jFtA/m9MQdhicL9xkFXQxTUZteUd+hkac7BDktHcW2pXh2ttn/3GKctaaGPd99YI9dHuY7Vh1yZ1+Busddw7rdOp9CjBK5ulTcCX7/sQe9C1NgrcdywlG96bbNTIvzZ+w7bXRN8yxGLcIeCvXdTKwJe1fCjAdJ5AFLCu3kv8I5UritMGcxZr4vdwIVTuCuXxJ469N5/sDozhVoKCHRvgbUkpRVZSliQ+stu4kfIYwPFmfkoRJdPc4Idsd+L/j2WDt+WzI++VEyL7l7x2AKGHWkSa0Xu+1/3tHgGLvVRWzwchoFfTuQ9qDagoB1yLffIyhojO1OrLKH6JYpEgdx9iMcj1OYClEdQFvLKnwHX0BCc4mo4QCiuJd/OiFlchcnukjtEs2VX5UAGlUj3QEXxZuBTk5X5Ysc9kBJeC7HXzxhS8qQRQy3NxX+w2ejzcRCRS/IH1mxEXlg1tMZlf8RSQ1Ae3e4TxFaelvoc1rE8TghnXSwp7hZNaTMB4N67F9hFd3fjW4of1CO7tn4VmY0tcZhldhsXy6Uke0HFbWnTfpeebkyXNrgEdQTdUVAuIDLvhKQnvjjGQ+dcYyeJfoWqdyONT/WOh+sLF6hqwTBAIjLNAAVPg8oleSgE9nOH58QmjFD6c2DC3XIoUjgTEeYKeL4YyrD2rxDqT3FHumKpIzg0Q8pPF5UzaFR/B24GAEGJlHJSn+U1ybL/9Y413tBm6ZoA30PnH0ibk2jhVz74Me61GblknCRDJLYXY6g3lwgakb3F90IaYH2iW8WVAMhyRbxPMYpKyUNpoWg/at4GlfMSIVbGrh7Tn9mUeVz0WYb+3NUFMQLNMUER7vXBeg7kvuWyNBrkR0VllMRsVePkfs7h/nABoYw/YKgw8m3jiMFv0iB4ZXaizVDdzI19XArYviu59mv09vSA=
X-MS-Exchange-CrossTenant-Network-Message-Id: 86c9f416-a3a9-4984-2ae8-08d9f1fe8a0f
X-MS-Exchange-CrossTenant-AuthSource: DU2P194MB1709.EURP194.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Feb 2022 10:16:19.1435 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: OTvNShy1gkFmZ3v+C3hBvWlskH1/UFk+vmcACgOr6ZO256qzNkE0G4UV09LLVTWwTnv+1HZzFl1FNDj4eOgJ++J9F5L7PHJK76fRGRliYMo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P194MB0136
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/4loVm_L97V2-4wPrJ5-GD6vp7w4>
Subject: Re: [sacm] Robert Wilton's Discuss on draft-ietf-sacm-coswid-20: (with DISCUSS and COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Feb 2022 10:16:35 -0000

Hi Rob,

analogous to Ben, we'll address your comments in sequence. Thanks a lot! 
Again, we hope to address all the discuss item at minimum until the 
upcoming cut-off.

Viele Grüße,

Henk

On 15.02.22 11:28, Robert Wilton via Datatracker wrote:
> Robert Wilton has entered the following ballot position for
> draft-ietf-sacm-coswid-20: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Hi,
> 
> Sorry, but I have a couple of issues that it would be helpful to discuss ...
> 
> 1.  While an attempt to align
>     SWID and CoSWID tags has been made here, future revisions of ISO/IEC
>     19770-2:2015 or this specification might cause this implicit
>     information model to diverge, since these specifications are
>     maintained by different standards groups.
> 
> This text concerns me, in that it seems that the IETF is expecting or allowing
> the SWID and CoSWID specification to diverge.
> 
> Would it be possible to have stronger text here? E.g., to indicate:
>   - the intent is to keep the two spec's consistent.
>   - nothing should be added to CoSWID without working with ISO/IEC to update
>   CoSWID - if SWID evolves then CoSWID should be similarly updated.
> 
> Or, otherwise, are ISO/IEC okay with the IETF effectively forking their
> specification in future?
> 
> 2.
>     [SEMVER]   Preston-Werner, T., "Semantic Versioning 2.0.0",
>                <https://semver.org/spec/v2.0.0.html>.
> 
> I want to check whether this URL is stable enough for a normative reference.
> During the YANG Semver work we discovered, that despite the Semver
> specification stating that is follows the Semver rules, in fact it doesn't!
> Specifically, the specification has been updated without changing the version
> number.  The proposed solution for the YANG semver draft was to reference a
> specific data and revision of the "YANG Semver 2.0.0" specification in github.
>   the YANG Semver 2.0.0 specification on a given data.
> 
>     [semver]   "Semantic Versioning 2.0.0 (text from June 19, 2020)",
>                <https://github.com/semver/semver/
>                blob/8b2e8eec394948632957639dfa99fc7ec6286911/semver.md>.
> 
> Would doing something similar be wise here?
> 
> Thanks,
> Rob
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
>     +-------+-------------------------+--------------------------------+
>     | 4     | decimal                 | A floating point number (e.g., |
>     |       |                         | 1.25 is less than 1.3)         |
>     +-------+-------------------------+--------------------------------+
>     | 16384 | semver                  | A semantic version as defined  |
>     |       |                         | by [SWID].  Also see the       |
>     |       |                         | [SEMVER] specification for     |
>     |       |                         | more information               |
>     +-------+-------------------------+--------------------------------+
> 
> I'm surprised to see 16384 assigned for Semver, is there a reason why are not allocating 5?
> 
> 
>

v2.23.0 | Report a Bug | By Email