[sacm] Robert Wilton's Discuss on draft-ietf-sacm-coswid-20: (with DISCUSS and COMMENT)

Robert Wilton via Datatracker <noreply@ietf.org> Tue, 15 February 2022 10:28 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Wilton via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sacm-coswid@ietf.org, sacm-chairs@ietf.org, sacm@ietf.org, Christopher Inacio <inacio@cert.org>, Karen O'Donoghue <odonoghue@isoc.org>, inacio@cert.org
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Robert Wilton <rwilton@cisco.com>
Message-ID: <164492093291.15221.12560554224982519003@ietfa.amsl.com>
Date: Tue, 15 Feb 2022 02:28:52 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/KENPyqS8Aq9ZzwytjSyzms9ASxI>
Subject: [sacm] Robert Wilton's Discuss on draft-ietf-sacm-coswid-20: (with DISCUSS and COMMENT)

Robert Wilton has entered the following ballot position for
draft-ietf-sacm-coswid-20: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/

----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Hi,

Sorry, but I have a couple of issues that it would be helpful to discuss ...

1. While an attempt to align
SWID and CoSWID tags has been made here, future revisions of ISO/IEC
19770-2:2015 or this specification might cause this implicit
information model to diverge, since these specifications are
maintained by different standards groups.

This text concerns me, in that it seems that the IETF is expecting or allowing
the SWID and CoSWID specification to diverge.

Would it be possible to have stronger text here? E.g., to indicate:
- the intent is to keep the two spec's consistent.
- nothing should be added to CoSWID without working with ISO/IEC to update
CoSWID - if SWID evolves then CoSWID should be similarly updated.

Or, otherwise, are ISO/IEC okay with the IETF effectively forking their
specification in future?

2.
[SEMVER] Preston-Werner, T., "Semantic Versioning 2.0.0",
<https://semver.org/spec/v2.0.0.html>.

I want to check whether this URL is stable enough for a normative reference.
During the YANG Semver work we discovered, that despite the Semver
specification stating that is follows the Semver rules, in fact it doesn't!
Specifically, the specification has been updated without changing the version
number. The proposed solution for the YANG semver draft was to reference a
specific data and revision of the "YANG Semver 2.0.0" specification in github.
the YANG Semver 2.0.0 specification on a given data.

[semver] "Semantic Versioning 2.0.0 (text from June 19, 2020)",
<https://github.com/semver/semver/
blob/8b2e8eec394948632957639dfa99fc7ec6286911/semver.md>.

Would doing something similar be wise here?

Thanks,
Rob

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I'm surprised to see 16384 assigned for Semver, is there a reason why are not allocating 5?

[sacm] Robert Wilton's Discuss on draft-ietf-sacm… Robert Wilton via Datatracker
Re: [sacm] Robert Wilton's Discuss on draft-ietf-… Henk Birkholz