IETF Logo Mail Archive

Re: [sacm] IETF LC Directorate reviews for draft-ietf-sacm-coswid

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Mon, 24 January 2022 11:38 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13FB03A0FBE for <sacm@ietfa.amsl.com>; Mon, 24 Jan 2022 03:38:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.613
X-Spam-Level:
X-Spam-Status: No, score=-7.613 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQSybrrHGEXK for <sacm@ietfa.amsl.com>; Mon, 24 Jan 2022 03:38:26 -0800 (PST)
Received: from mail-edgeF24.fraunhofer.de (mail-edgef24.fraunhofer.de [192.102.164.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94BD93A0FBD for <sacm@ietf.org>; Mon, 24 Jan 2022 03:38:24 -0800 (PST)
IronPort-SDR: P2+gvHkariQT60HlwCkO9av2q24T1BsA/89zrVpfTQxKFSgFkaEGxa9cxTTxtdus689mmmcES4 tWDOdVoGwDNA==
X-IPAS-Result: A2GWBgCFju5h/x0BYJlaHgEBCxIMQIFPC4FSVn6BQoRKg0gBAYU5hQ5dgXcuA5shgUKBEQMYFh0JCwEBAQEBAQEBAQgBKgsMBAEBAwSCCYJ1AoNcASU3Bg4BAgQBAQEBAwIDAQEBAQUBAQYBAQEBAQEFBAICgRiFLzkNg1NNOwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCMBFBBgwxAQEBAQMBARARDwEFCAEBBScMCwQJAg4DBAEBAQICJgICJwsdCAYBDAYCAQEegmIBgmUDLQEBDpAhjzYBgToCih96gTGBAYIIAQEGBAQxgQkDDUGDAhhcgVsDBgkBgQYqgV2BMYslJxCBVUSBFScMA4J0PoJjAQECAYEoARIBB4MygmWQSQkBc1cPDRAKLCI5CzIzDygCBAsBARdLkgGNWJ9dNAeCEIE4gTcGC4k3lEIGFC6DcowRhiWRUZZHIIwJYZQ3EIRpAgQCBAUCDgEBBoF3gRBwTSRPgmlRGQ+OIAwWg0+FFIVLczgCBgEKAQEDCZA6AQE
IronPort-PHdr: A9a23:HtgLKhcXdoBp2wzPmwSnT83vlGM/vYqcDmcuAtIPh7FPd/Gl+JLvd Aza6O52hVDEFYPc97pfiuXQvqyhPA5I4ZuIvH0YNpAZURgDhJYamgU6C5uDDkv2ZPfhcy09G pFEU1lot3G2OERYAoDwfVrX92az8XgcABziMwpyKOnvXILf3KyK
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.88,311,1635199200"; d="scan'208";a="35468396"
Received: from mail-mtaka29.fraunhofer.de ([153.96.1.29]) by mail-edgeF24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 12:38:20 +0100
IronPort-SDR: U2DCdI7XRvKPRiDsVWf3VkaHiQ8hk/dp+udhGxg5Fr4GSPX8xGhopVxjUyQZ8XbelPFqDIsR8Q pxXV4/w2UwnGmftFLHX0ZVGVgksk1J6q4yoXmzFWqQSYkNyrSWCQABnDafV005xIVl7eAL8CnY DlaCWmtLkh/zwfM+Nh1wd+gGlPvbYQ+xBvmaN8rN/FJEH1/cmEi5I2WnTHGxbFYNdVrsmwaMDn kZjFaAWMY2mIBI/7LBWgnM0dyi9anu/jxB/w5sPj5u9sF3bhHZZEfeT8MFbhsUOESoxHICv3Df ZczA4TOqdrDV0fPtiMU9fegH
X-IPAS-Result: A0ArBQAaj+5hjD6wYZlaHgEBCxIMQAmBRguBUlZ+WSZDhEmDSAEBhTmFDl0BgXYuAzgBmmiBQoERA1QLAQMBAQEBAQgBKgsMBAEBghCCdQKDWQImNwYOAQIEAQEBAQMCAwEBAQEFAQEFAQEBAgEBBQQUAQEBAS4MBQ5LBl4GaIFPgWETCzQNhkIBAQEBAwEBEBEPAQUIAQEFDxgMCwQJAg4DBAEBAQICJgICJwsHFggGAQwGAgEBHoJiAYJlAy0BAQ6QHY82AYE6AoofeoExgQGCCAEBBgQEMYEJAw1BgwIYXIFbAwYJAYEGKoFdgTGLJTeBVUSBFScMA4J0PoJjAQECAYEoARIBB4MygmWQSQkBc1cPDRAKLCI5CzIzDygCBAsBARdLkgGNWJ9dNAeCEIE4gTcGC4k3lEIGFC6DcowRhiWRUZZHIIxqlDcQhGkCBAIEBQIOAQEGgXcka3BNJE+CaU4BAgECDQECAgMBAgECCQEBAo4dDA0Jg0+FFIVLQjE4AgYBCgEBAwmQOgEB
IronPort-PHdr: A9a23:87fDExW5mB0cYw7XwyIHmUzE36jV8K3yAWYlg6HPw5pCcaWmqpLlO kGXpfBgl0TAUoiT7fVYw/HXvKbtVS1lg96BvXkOfYYKW0oDjsMbzAAlCdSOXEv8KvOiZicmH cNEAVli+XzzMUVcFMvkIVPIpXjn9j8OXBvlPBdzJuP7F5SUg8nkv90=
IronPort-Data: A9a23:TJe1Uq0aTDUnvPgwI/bD5Z53kn2cJEfYwER7XKvMYLTBsI5bp2MPz jBLCz3Ua/2CZjGkfIhyPdi/8R5U7ZfWy9IwGQdt3Hw8FHgiRegpqji6wuccGwvIc6UvmWo+t 512huHodZtyEzmAzvuUGuCJQUNUjMlkfZKhTr6UUsxNbVU8En150Eg/w7dRbrNA2LBVPSvd4 bsenOWCYDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyV94KYkGE2EByCQrr+4vgKNb 72rILmRpgs19vq2Yz+vuu6TnkYiGtY+MeUS45Zbc/DKv/RMmsA9+vcRBcBbbnhFt26up9l69 O5rjJq8Ui58a8UgmMxFO/VZOzp7IbUA9a/MIT6xq8WOyU3BfXb2hfljZK00FdRFoaAmXicXq qJedmplghOr34paxJq7R+9vwM4iNsrrO4cNkmph0XfXF/87R5DETajQo9NVtNs1rpkWRaiBO JBAAdZpRC2ZICNSZBBQM7cRgvqExSKlIzFji13A8MLb5ECJlVcoi+i8WDbPQfSQScl9lUuCu iTB5WuRKgoTP9m3yDeZ/DSrnOCnoM/gcNtPT/jpqbsz3wPWmDZVFhhQXh21u/CkjE65Vd9Fb UAZksYzkUQs3B2Bf+O6WCKqnCWjhhcXZ+F2Kus28yjYn8I4/D2lLmQDSzdAbvkvu8k3WSEm2 ze1czXBXmEHXFq9FCv1y1uEkd+hEXVMdz5TPkfoWSNUv4i6+OnfmzqVFo4LLUKjsjHiMR3dq w1mQQBn2u5W3JFOjvrluA6dxSyp4JOPQBQ8+wPXWWyo9EV1aeZJhrBEC3CFvZ6sz67DFTFtW UTofeDEtoji6rnRzESwrB0lRu3B2hp8GGS0baRTN5cg7S+x3HWoYJpd5jpzTG8wbJpeKGGzP heL4lgJjHO2AJdMRfEpC25WI5txpZUM6fy/Ca28gidmPckqK1fdoEmCm2bMgz2yzyDAbp3Ty b/BKJ31ViZLYUiW5Da7WvsG2r8m3WgwwnnITpDmyRu817eCdhaopUQtbzOzghQCxPrc+m39q o8HX+PTkkk3eLCvOUHqHXs7cQhiwY4TWcmo96S6t4erfmJbJY3WI6aBmOx6I908wf09eyWh1 ijVZ3K0AWHX3RXvQThmoFg4AF82dZog/389IwI2OlOkhyoqbYq1tfhNbJorO7c9/fFlzfl6Q uNDd8jZWqZDTTHO+jI8a5jhrdU+JUrx2l/UZ3KoMGolYpptZw3V4du6LAHhwyk5CHblv8UJp bD9hBjQRoAORlg5AcuPMKCvwlq9sGIzguV3W0eUcNBfdF+1r9pxKjC3gOU+PscMLhvO3H2W2 l/OUxsfoODMpa4z8cXI3PzV8d32TrEmRkcDRjvV97e7MyXe71GP+44YXbbaZy3ZWUP15L6mO 7dfwcb8B/tbzlxEhIxxTuRwxqUk6tqz/LJXw1g2HHjPaFj3WLpsLmPchptUs7FVgLJJsgvwV FiG599aPruEIoXpHQdJdgYia+2C09ASmyXTtKhkfh+luXUvpLfXA19POxSsiTBGKOcnOo0Sx +p86tUd7Bayi0Z3P9va3DpY8X+Aci4JX6k97ctIWdKwz1t0jwgdP9mCUGno5deELdtWO1QsI jiaibCEi7kFnhjOdH86FH7s2+tBhM1S6U4QkwJYfwyEyojfm/s6/BxN6jBrHA5b+RNKjrBoM W9xOkwpeKiD8l+EXiSYs7xAxu2ZOCCkxw==
IronPort-HdrOrdr: A9a23:h1B/C6wjX3yTIOe6XCJ+KrPwRb1zdoMgy1knxilNoH1uA6+lfq +V88jzuSWUtN95YhhJ8rrsVJVoKkm9yXca2+csAYs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.88,311,1635199200"; d="scan'208";a="10067721"
Received: from 153-97-176-62.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.176.62]) by mail-mtaKA29.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 12:38:17 +0100
Received: from XCH-HYBRID-01.ads.fraunhofer.de (10.225.8.57) by XCH-HYBRID-01.ads.fraunhofer.de (10.225.8.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Mon, 24 Jan 2022 12:38:17 +0100
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (104.47.1.56) by XCH-HYBRID-01.ads.fraunhofer.de (10.225.8.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Mon, 24 Jan 2022 12:38:17 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hdc3+fS5bGnt4ojXDQwxf7CTbUtXz7BMZXzXDz1uSwfjQgKmJInfaIiigZns79CcLw/vfrdP3SSximH4a8A/97Q3TPRilxbjeKwCnJh7QpBLdCnT9W4Eu8t46+hVAZofNNs+JpQ2TYwPMTIQVsTrfVot6F/qJLRu5/r7Ua67Z+oU9vly3ty0eQ5R992cSWRCqMsXhb2+DFybkwWRf16OWUyOaE6Gb0/vZ4p84ru7FJ+C8fwkxY0ODQaaGX3jIpgcYH7KdlgXL2lW9+9ZNiMTjZFwbkisv6PwaNzIoEeH7m62/Hng2HYSbTQ1TcxmyYpWJ+RN+TYoh9jlSQLpSD1fbQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FQXDqlfzq5YnXTqqmpaEr9DB/4jO7kgH/MLd4voZp84=; b=aeJxthno5gVFEUPIoaNvAV01c2sD/SYUrQkntRySvZnzEuFRiW/sfAEPRY8sU2OG1/meoHJW0ty+P89YfKQmpy1DuZdfm7gjpejBAO3O/oZITJKV9MezJzyfp88V3ZFV8YE7HfprChJHzcL//N8LZViQU5Zh3z+J8BrDxPFkRMH5+PsrUgfytC5fAfF8Mh7vVZ0S77jV8lR/rhbGLkstVpTA/0cmitEmzV+gpDbTRPDUP4JSCyC+OvJtjJaBFmCHv1rGbrlV0jbXJGZkm7tzZOvXwN5CGYLNMRElboh1EFTkdXOzegcr+zRotSv+GS/Aj66fSJfINlbqmqnK0yFITQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FQXDqlfzq5YnXTqqmpaEr9DB/4jO7kgH/MLd4voZp84=; b=CIo2Gyx0m77KYzwi7TyxUU7e5ezf2pE3A7osMzz0QcWm4n/5GIiyyjcL3Tq//MBs2TPmPxu+dQapbHWQn4qDxut4NQmC0KY4zcT283g546B5hbYjtUzKBghzjLlupbJTZX7JeC7If0n8lq8Pkg3lln3jbkBQrYTM5DCazVrE2C0=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9) by DB8P194MB0871.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:16a::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.7; Mon, 24 Jan 2022 11:38:16 +0000
Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::a144:da10:fd89:c788]) by DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::a144:da10:fd89:c788%7]) with mapi id 15.20.4909.017; Mon, 24 Jan 2022 11:38:15 +0000
Message-ID: <6421849d-3835-fdc3-d4f0-d9faf226cffa@sit.fraunhofer.de>
Date: Mon, 24 Jan 2022 12:38:14 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: en-US
To: Roman Danyliw <rdd@cert.org>, sacm@ietf.org
References: <BN1P110MB0939568CF0E61FF364CD6B7EDCBF9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <BN1P110MB09393F74F44A974C60D81FB7DC6A9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <BN2P110MB1107647B715B63BA6A83633ADC539@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <BN2P110MB1107647B715B63BA6A83633ADC539@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AS8PR07CA0042.eurprd07.prod.outlook.com (2603:10a6:20b:459::29) To DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9ed4014f-c299-45d2-d279-08d9df2e02c0
X-MS-TrafficTypeDiagnostic: DB8P194MB0871:EE_
X-Microsoft-Antispam-PRVS: <DB8P194MB08715EE8FDCC9ADE00D0482AA85E9@DB8P194MB0871.EURP194.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: TZE5U9EdIjpDTnXy0g8pU1J2juNvtfcHC6VJ7Ww7YwAx6RBCRV75zD17R41cVXPK3pP/JCF+hcc1Dh5K/kZjhT7IUANEV2m3Fi0SId4TQTSngpLEvh1c3/oWS3ZVKP7uv77adSXDmrOh4+EzSBRBWWZyl4OW5W+sHDcXi3T9H2GMm4kv8V1xoYvwjfozEHTMNMLBtKCcXoReiOO96248qnI2Xs0BoSp27a+kTsLdMQUDuhtpzBcPfWWwFLQJygu9rj4c0RfEY0BkaU1CFIES97LUdfJKs8R/dFcrcy3BD6cBLTTQRYbcrdSksg8OxcAtE8+Urt9vITSJXcpSC5tS/U/8jkMjTlkhMJgvF7tT7OZk+Tvh1AA/l6Di3tmxSXJTulYU0hflAeyd+Nom+c+Nnl98bZaQhEude0qIOpHX1wj57Qb2ALPDdcKVDngDEFxatWUBXjkQyemMmHctBcq/nEd+CeoyO9ZWnqJ75NoKNJhu9j3CRIyY+q39weUoi+zf3Na4rywWF4fp+G7q4Q5ALeiWpLjWvX/ryNuNwrBwGSGE1revzN9yhXUejWP9ZAJwKUIMv2wrdzvy8+iAOaYPmzwha9VD/9tbzG9Dgj/O6DNtGllLzdm9300Sf8Pcc+WP3wIiWnLlcoWjFmGV/pnAQc8VrnzuzdGmvTbwRXRCC9K2eaM8cmtdi3COtd82sHZBRoN6rLvtAvZBdEghELHsPTLEwYt2f+2A/KuzPUvqqiiR2IoOPD2Fo/dQtw8u+N8mC7cD3/QNFMkOK+ta4kT7pEvjWzTL+siPUA7R1gZbiPb5j3o+K8rnjd9T/5bjEzcNQoNTvNsZ8J+QRfr5vmX58NEg2GdhUZ4edWdsVuVOWimUmhU/6BZc6Le6fQUDxWyR
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2P194MB1709.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(508600001)(83380400001)(53546011)(8676002)(38350700002)(31696002)(2906002)(966005)(186003)(26005)(86362001)(8936002)(38100700002)(6512007)(6506007)(52116002)(6486002)(5660300002)(82960400001)(66556008)(31686004)(66946007)(66476007)(2616005)(316002)(44832011)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: hEdqNn/H9wWgQ4UPSPHq0irv1zdCFbyo5HUH8MNPDc0ijR86VsGXYepyCmMQPN8lUl1fQbxWoLo1pxOO4dgvMYhW6u0mgfGtbNkC8fMMw8M6X/387hG5FaoKwcL45kLqUVJSy4SpjqfUEEafDpfsvIMz3tifijgFse87WaZBMMVYx1HfuOqupx7yt+FVLIiDj6VscS9jiel8XA3+qtXZZihEyUoqzX5fyBdraWj3nnGFCVUjaL2GtS7OXIbNOnNNdU9Wua/r1EL3/oMV77FTuAHoMu2VQ43i9+5VUKw3WpLy5VUb3GY73cKmDu6M6VnGNOWGsSkdPyREHf7BIjfA/SsJ33My2ZXTf0LUB0v9Fd0YEr+3nb9uyZ/j++HA4qzOg51mgoExO2XNWJOeGFGVU8JyKQYLxgsqhk3qtg3LIj585jhM7TSTjCnDYUyFgk6cs+EXyqBNNDA2nOSVX790Av6FRkW+CnIcPBLxzBhVK00cyIlH4WIi8OEfzZl98ljJ9QR+qXPcyKgQqnbWPjwOw9cxu6oDvFMPjT+BGdhcv+9vszpWuGjEO8rY6g+L6EfciB9jm6Esvl0BXgEBS+pJVrV2wqY74ZXQtlZcPKPOm4/KRpVFkCIQ6t3hrpMt4foJO/n7Iv2t/eUAbsXknsEfG5ilCc2DeWN6z5Jv8RFPDsLN3gnSByOgdvxajkqntZQe6hiAqNvsbSGE6gJ0D6vh5Fl7toAGO1NNvKVCn7T//E7QBapRdG98AGb1gbJZA5WJdXjW/TewqYyn5yid2qS2lNKtCUOtGd4JXgNUC3vCX7ZsYpWCb/60OAvifc/JTzWcw7Du+15qZCaw0KH/InYbTjHJ884ZMwR9gvGLcNtgRm2zW9So9xZjIqzKO3jQJ39Bqc1TuqD2SV+/SengYaJC1p3FBIaKjhyob/pV6XCK8MsnzzFBPOMJbXZphROWXuNrUqPEqkY7iD4uPkJsIQRfy8BihUCmLoScLJR9FVkniiDks9KLx7761SW8uYsbTA36RKiUsdG1x4Mvy9YKOtjX/hlRK3qHw0GCPQma6EFiM8TelfsE7UrFU9IphDbwidxOj+PjRgMcB/5p0PoJGLyd8x8GCLC6ZTBRc7idk2x21HmUETog6M8lYytBLdUUeCdrn0FdYkzsC4Aepmqd/xutZdo5d/ltMfoJxxOoJ9KzFKGl21kLTVgdan614ZUJMkROjrRNlYkZFNHwOH+7VaEWeHK/dkYdoNEVoPB16FodMPcIU87svYmooqxNcsgkhjQBbvr7JISEkM+iewMJL0eZhfV1/ctgbkor4hXp0CSFj+RrBGknaMn1ZbqI6UjhG1wYR+KOUWzgznNfFg00M6v5uFv1Kff112Pwq56bYR2GTZuyvSdSvoOzXFe/uUKxEqeqIcFClXPgXPA7EEuHTr45DlhNrzCZUIPwE5HNw3FQr4QpF+3aVBdVEqT3eSzuITU6Genb9B40xmkD33mGz7sXZSGocQILl01woPmzISy2s4f6WqJA87mikLoF26CrQ65yFW4j3C4wf8UJRjpinPpE4rXc3bGJkXb3PNeYRUX2b489HTWV0usONo5ej3tSCN1X/zhxHPxOXrykP4dTvlHDtRSurmUvYDFAR6t7JH3xXEyuXjEEt89gIeOKZiQ5E5j0j3oczefxhHNNxW9FY/IxDA==
X-MS-Exchange-CrossTenant-Network-Message-Id: 9ed4014f-c299-45d2-d279-08d9df2e02c0
X-MS-Exchange-CrossTenant-AuthSource: DU2P194MB1709.EURP194.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2022 11:38:15.8254 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 9rqc7SEnbYhlwMmcLFbat5Ox9oYMdU6LaL55vghyCnUKDs2SIisJp/Xb4SSZgdkvq89TxkISvmLJwM8/7JTkQID6R15Tq45U9yFQEI/RXPg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P194MB0871
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/Pl2BpLpm6AqZBhYvXL6w2iSNnbg>
Subject: Re: [sacm] IETF LC Directorate reviews for draft-ietf-sacm-coswid
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2022 11:38:31 -0000

Hi Roman,
hi list,

the editors finally managed to find joint work time to address the 
remaining issues! To retain some readability, the corresponding 
responses are included in the previous message as a reply to your 
initial email (which actually should have been a following message, but 
I messed that sequence up :-)

Viele Grüße,

Henk

On 13.01.22 22:56, Roman Danyliw wrote:
> Hi!
> 
> Checking in again.  What is the notional schedule to resolve this feedback?
> 
> Regards,
> Roman
> 
>> -----Original Message-----
>> From: Roman Danyliw <rdd@cert.org>
>> Sent: Friday, December 3, 2021 1:40 PM
>> To: Roman Danyliw <rdd@cert.org>; <sacm@ietf.org> <sacm@ietf.org>
>> Subject: RE: IETF LC Directorate reviews for draft-ietf-sacm-coswid
>>
>> Hi!
>>
>> I wanted to check in on the progress of addressing this IETF LC feedback.  At
>> IETF 112, we had discussed and agreed that these would be responded to by
>> the week after the meeting (Friday, Nov 19).
>>
>> Thanks,
>> Roman
>>
>>> -----Original Message-----
>>> From: sacm <sacm-bounces@ietf.org> On Behalf Of Roman Danyliw
>>> Sent: Thursday, October 21, 2021 10:16 AM
>>> To: <sacm@ietf.org> <sacm@ietf.org>
>>> Subject: [sacm] IETF LC Directorate reviews for draft-ietf-sacm-coswid
>>>
>>> Hi!
>>>
>>> Thanks for -19 of draft-ietf-sacm-coswid.  Since the conclusion of
>>> IETF LC, I reviewed it based on the provided feedback.  I didn't see
>>> direct replies to the directorate reviews but from cross-walking their
>>> feedback against the -18-to-19 diff, I believe the following are still
>> unresolved/undiscussed.
>>>
>>> (1) Scott Bradner did an OPSDIR review --
>>> https://datatracker.ietf.org/doc/review-ietf-sacm-coswid-18-opsdir-lc-
>>> bradner- 2021-08-07/.  The following feedback does not appear to be
>>> discussed or
>>> resolved:
>>>
>>>> along the same line - it would seem to me that the IANA repository
>>>> should be at https://www.iana.org/assignments/coswid  (or co_swid)
>>>> not https://www.iana.org/assignments/swid
>>>
>>> I believe the comment is about the following text in a few places in
>>> Section
>>> 6.2.*:
>>>
>>>     [TO BE REMOVED: This registration should take place at the following
>>>     location: https://www.iana.org/assignments/swid]
>>>
>>> Earlier in the text in Section 6.2:
>>>
>>> "6.2.  Software Tag Values Registries
>>>
>>>     The following IANA registries provide a mechanism for new values to
>>>     be added over time to common enumerations used by SWID and CoSWID."
>>>
>>> It would seem that if in fact things should stay in
>>> "assignments/swid", there is a missing registration procedure item --
>>> nothing can be added if it isn't in the SWID specification.  I under
>>> the impression from earlier conversations that we wanted to provide
>>> flexibility for CoSWID to potentially extend it's own data model
>>> independent of SWID (i.e., there could be data elements in CoSWID that
>>> were not in SWID).  If so, this suggests that "assignment/coswid" should be
>> used instead (as Scott was suggesting).
>>>
>>> (2) Rich Salz did an ARTART review --
>>> https://datatracker.ietf.org/doc/review-
>>> ietf-sacm-coswid-18-artart-lc-salz-2021-08-02/.  The following
>>> feedback does not appear to be discussed or resolved:
>>>
>>>> In 2.3, why are there three separate bools for
>>>> corpus/patch/supplemental as
>>> opposed to a single enumeration?
>>>
>>> If this is a design choice, please answer Rich.
>>>
>>>> Can the tag-id be a digest of the source file?
>>>
>>> I think the answer is yes.  It might be worth saying so.
>>>
>>>> What are the implications of it not being unique? That should be
>>>> listed in the
>>> security considerations.
>>>
>>> I see that this new text was added: "Failure to ensure global
>>> uniqueness can create ambiguity in tag use since the tag-id serves as
>>> the global key for matching and lookups".  To Rich's point, there are
>>> likely security implications to this collision.  Please explicitly describe those.
>>>
>>> (3) Robert Sparks did a SECDIR review --
>>> https://datatracker.ietf.org/doc/review-ietf-sacm-coswid-18-secdir-lc-
>>> sparks- 2021-08-11/.  The following feedback does not appear to have
>>> been discussed or resolved:
>>>
>>>> Consider RFC6648 (BCP 178) where you are reserving "x_" name
>>>> prefixes for
>>> private use.
>>>
>>> Section 4.2 says:
>>>
>>>     The values above are registered in the IANA "Software Tag Entity Role
>>>     Values" registry defined in Section 6.2.5.  Additional values will
>>>     likely be registered over time.  Additionally, the index values 128
>>>     through 255 and the name prefix "x_" have been reserved for private
>>>     use.
>>>
>>> Section 6.2.5 says:
>>>
>>>                     +=========+=========================+
>>>                     | Range   | Registration Procedures |
>>>                     +=========+=========================+
>>>                     | 0-127   | Standards Action        |
>>>                     +---------+-------------------------+
>>>                     | 128-255 | Specification Required  |
>>>                     +---------+-------------------------+
>>>
>>>                 +=======+=================+=================+
>>>                 | Index | Role Name       | Specification   |
>>>                 +=======+=================+=================+
>>>                 | 0     | Reserved        |                 |
>>>                 +-------+-----------------+-----------------+
>>> ...
>>>                 +-------+-----------------+-----------------+
>>>                 | 7-255 | Unassigned      |                 |
>>>                 +-------+-----------------+-----------------+
>>>
>>> >From the Sec 6.2.5 text, it looks like values 128 - 255 could in fact be
>> assigned.
>>> However, Sec 4.2 says they are reserved for private use.  There may
>>> other cases of this.
>>>
>>> Thanks,
>>> Roman
>>>
>>> _______________________________________________
>>> sacm mailing list
>>> sacm@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sacm
> 
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm

v2.23.0 | Report a Bug | By Email