IETF Logo Mail Archive

Re: [sacm] WGLC for draft-ietf-sacm-coswid

Ira McDonald <blueroofmusic@gmail.com> Thu, 04 July 2019 08:48 UTC

Return-Path: <blueroofmusic@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 429D21201B3 for <sacm@ietfa.amsl.com>; Thu, 4 Jul 2019 01:48:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nnRZ7SSU2GKP for <sacm@ietfa.amsl.com>; Thu, 4 Jul 2019 01:48:21 -0700 (PDT)
Received: from mail-yw1-xc33.google.com (mail-yw1-xc33.google.com [IPv6:2607:f8b0:4864:20::c33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1646E1200B5 for <sacm@ietf.org>; Thu, 4 Jul 2019 01:48:21 -0700 (PDT)
Received: by mail-yw1-xc33.google.com with SMTP id t2so1086667ywe.10 for <sacm@ietf.org>; Thu, 04 Jul 2019 01:48:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uQ7/GaJ5bxZpcLxNU/BR/yK6wvVRnDR9IvJghwFLGMs=; b=ZnnnPm7ul98EvKraSxW0ZiG3WNjNfFYGJTym5wjSDmzXzLkOJf/Nirb1hToZ6u3FUx 8IU68X+0KZTSpYj8CxvqcoemNooEeE+vqkcy1QlJFxX8CXWd8uakfyobgy/jWiviN2Sg INLfHdx6LMLeuDhZb8L1D8ORrZz9afghLCxnP0Orvvg/QczQI4d3v/huQsI6oiI1HMpN jPJv/sLsat4rfAs2rbwJRWEVkpHuAE3BWUrGNM60RBh+nRwXV383VtSck4x6cyy75Nu9 A/vQFiy8rEgsCg9Wtwr+fRQaA7oTkrFuNemHtW7TXufC3JFRTwfUScDV8aHXcqJ/AmbN MhVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uQ7/GaJ5bxZpcLxNU/BR/yK6wvVRnDR9IvJghwFLGMs=; b=hkyZo+XS9KXfef0+I1+FfsaqRNBAEEVxYqHeALAbf4rQ+XNBv5S6z2FFhK3VGx4dA8 0Z37/xAuqF9KNK0b+ab42YDAC+zC2VLjocb9n85N0HSL9tD7TleT22Lpwk+uT2kYblxx qv+JJYurXCMA75LcYEn5vW3IQSnl3xovqM/1/dM67fRLOXHa4DnNwilpL5MqQluF04q9 s1bC7QkALiVS4g6l/fY9HfzqA5h8evUk0cpvp6Vgi4DfQrhPfrm1NAHEJQ7/Oj85//Jb vinvHjn2zIU1bm3UnAH6uODKGGf/FjBf3T+IH9yMzhdNtFEbkkL3BEt/W4XEY2sEQFf4 6rIg==
X-Gm-Message-State: APjAAAVJPdzYinEcnYnM9Gz7yExsp2VuD03VVjz2SQ49Vu1bsdPnbO5E xDNHnw3txx8Ea/dKUg4ry5jTauIqd+DXlWIBwY8=
X-Google-Smtp-Source: APXvYqzU4PXvaNtth4KZHVTEj+dK9Fn3k5TRTVb3+++01OXEpxXsZWildNEiH2921w3r2GpeIUGVd71XiUnLvtUAtcw=
X-Received: by 2002:a81:af52:: with SMTP id x18mr26603290ywj.289.1562230100252; Thu, 04 Jul 2019 01:48:20 -0700 (PDT)
MIME-Version: 1.0
References: <C9EA170C-8435-427D-A483-E4A0BEA706BA@isoc.org> <B2B300AC-5C2B-476D-BA8F-06B0F6BABC91@nist.gov> <SN6PR09MB32644026844432FF8C27AE75F0FB0@SN6PR09MB3264.namprd09.prod.outlook.com>
In-Reply-To: <SN6PR09MB32644026844432FF8C27AE75F0FB0@SN6PR09MB3264.namprd09.prod.outlook.com>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Thu, 04 Jul 2019 04:48:07 -0400
Message-ID: <CAN40gSvjXA+LjkmBVfcTyuODBffON2XU4=Oj5N6298+DVBzkWw@mail.gmail.com>
To: "Waltermire, David A. (Fed)" <david.waltermire=40nist.gov@dmarc.ietf.org>, Ira McDonald <blueroofmusic@gmail.com>
Cc: "Nelson, Alexander J. (Fed)" <alexander.nelson=40nist.gov@dmarc.ietf.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002edc17058cd70a01"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/PAogOzgJa2qjldzPf5M5KCdadQo>
Subject: Re: [sacm] WGLC for draft-ietf-sacm-coswid
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2019 08:48:25 -0000

Hi Dave,

To Alex's point about UTF-8 usage, I recommend requiring conformance to
RFC 5198 Unicode Format for Network Interchange, to remove ambiguity
and ensure normalization of text.

Cheers,
- Ira



Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic@gmail.com
PO Box 221  Grand Marais, MI 49839  906-494-2434



On Wed, Jul 3, 2019 at 1:33 PM Waltermire, David A. (Fed) <david.waltermire=
40nist.gov@dmarc.ietf.org> wrote:

> Thanks for the feedback Alex. I’ll fix these issue at the end of the WGLC
> along with any other comments that come up.
>
>
>
> Regards,
>
> Dave
>
>
>
> *From:* sacm <sacm-bounces@ietf.org> *On Behalf Of * Nelson, Alexander J.
> (Fed)
> *Sent:* Wednesday, July 3, 2019 1:07 PM
> *To:* sacm@ietf.org
> *Subject:* Re: [sacm] WGLC for draft-ietf-sacm-coswid
>
>
>
> Hello all,
>
>
>
> I am a colleague of Dave's, and am working at NIST to assist with SWID
> adoption.  I have reviewed this draft for CoSWID, and found a few helpful
> notes for my own implementation efforts, so I am glad to have been asked
> for input.
>
>
>
> I find this draft to be nearly ready for publication..  There are a few
> minor editorial issues that should be resolved before publication, listed
> at the end of this message.  I also found I had a few questions and
> possible discrepancy identifications, listed first.
>
>
>
>
>
> Questions:
>
>
>
> * Before I started reading the document, I thought that CoSWID would be a
> losslessly-translatable representation of SWID data, between XML and CBOR.
> From Section 2's third paragraph, this is stated to not be a goal feature.
>  (In case it isn't clear, I don't object to this.)  Is it at least possible
> to translate from one format to the other, not necessarily bilaterally, and
> perhaps under certain conditions like "if there are no extension elements
> or attributes, SWID XML can be mechanically translated to CoSWID"?  From my
> reading, it looks like that example statement I just wrote would hold.
>
>
>
> * Section 2.2, the "software-name (index 1)" text describes what I think
> is the first potential spot for non-ASCII text to be entered into CoSWID
> data, in the case of vendors that produce non-English data.  I didn't see
> in this document any requirements imposed for character encodings.  SWID
> imposes UTF-8 as an encoding (per NISTIR 8060, Section 4.3).  Could this
> document include a reminder statement on character encodings being required
> to be UTF-8?
>
>   - This might also apply in Section 5.2.1, the penultimate bullet
> describing registered names' syntax requirements.
>
>
>
> * Section 6's 2nd paragraph describes a requirement of authoritative tags
> being signed by the software provider that is also the originator.  Forgive
> me if I'm misremembering, but I did not think that signing was a
> requirement for defining a tag to be authoritative.  NISTIR 8060, Section
> 3.2, quotes the SWID specification's Section 6.1.10 to say that "Signatures
> are not a mandatory part of the software identification standard...".
> Further, NISTIR 8060, Section 4.2, provides a scoped-to-that-document
> definition of "authoritative tag creator" that does not describe signing.
> So, it looks to me like Section 6 imposes a stronger requirement for an
> "authoritative" CoSWID tag than an XML-based SWID tag.
>
>
>
>
>
> Editorial issues:
>
>
>
> * Section 1 makes reference to "CBOR," but the first instance of the
> acronym expansion and citation is in the first sentence of Section 1.2.  It
> may be better to move that expansion and citation to Section 1.
>
>
>
> * Figure 1's "x" annotations aren't directly explained, and could be
> interpreted to mean removal of the tag at that stage.  From the following
> bulleted narrative, it instead appears to mean the tag can be removed or
> replaced.  A sentence in the figure's caption would help to prevent this
> conclusion.  Though, if the reader is assumed to have the patience to wait
> for a page, then there's no problem.
>
>
>
> * Suggested grammar fix, section 2:
>
>
>
>     s/and stop point are not needed saving bytes/and stop point are not
> needed, saving bytes/
>
>
>
> * Request for grammar adjustment, Section 2.1:  """... that are typically
> stored in the "any attribute" of an ISO-19770-2:2015 in XML
> representation."""  Does this need the following substitution?
>
>
>
>     s/2015 in XML/2015 element in XML/
>
>
>
> * Section 2.2, I'm curious - what happened to the mapping of 7?  No
> editorial action needed, the skip just caught my eye.
>
>
>
> * Section 2.2, typo: "The value of an version-scheme ...."
>
>
>
> * Section 2.2, typesetting error: The three bullets following "The value
> of an version-scheme item MUST be one of the following" appear to be set at
> an incorrect bullet level.  Elsewhere in the document, these sub-lists use
> asterisks as bullets instead of empty circles.  It appears these three
> bullets should be asterisks, not empty circles.
>
>
>
> * Section 2.3, bullet 2 ("""If the patch item is set to "true", the tag
> SHOULD..."""): Would it be beneficial here to note the associated schemes
> for link hrefs?  This could be a forward reference to Section 2.6.
>
>
>
> * Section 2.7, bullet "description (index 46)": Is it permitted to have a
> description be multiple lines?  I don't know if CBOR supports this.
>
>
>
> * Section 2.7, typo: "For examplem, this ..."
>
>
>
> * Section 2.7, bullet "unspsc-code":  Non-blocking issue, a matter of web
> reference hygiene.  May this URL be provided with the "https" protocol
> instead of the "http" protocol?  (Bibliography entries refer to web
> resources with the "https" protocol.)
>
>
>
> * Section 2.8.8, bullet "path-elements (index 26)", typo: "a heirarchy".
>
>
>
> * Table 3, typo: "e.g.,1.2.3, ..." (missing space character)
>
>
>
> * Section 5.2.1, typo: "a new a new"
>
>
>
> * Section 6, paragraph 2: It may be beneficial to provide a reference to
> RFC 8152 near the mention of signing CoSWID tags.
>
>
>
>
>
> --Alex
>
>
>
>
>
> On Jun 27, 2019, at 4:36 PM, Karen O'Donoghue <odonoghue@isoc.org> wrote:
>
>
>
> Folks,
>
>
>
> As discussed at our virtual interim on Tuesday, this begins a three week
> working group last call for:
>
>
>
> Concise Software Identification Tags
>
> https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/
> <https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-sacm-coswid%2F&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C91c6b28941ce4a772c3c08d6ffd8f9e3%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C636977704712452256&sdata=PAS8N3br%2FthOhPonKJzuWUlIsn9bQvqSZ%2F6hbE3%2FhDU%3D&reserved=0>
>
>
>
> Please reply to this email thread with an indication that you have read
> the document, any comments you may have, and your assessment of whether or
> not it is ready to proceed to publication.
>
>
>
> DEADLINE: Please reply by Friday 19 July 2019.
>
>
>
> Thanks!
>
> Karen and Chris
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>

v2.23.0 | Report a Bug | By Email