Re: [sacm] Revised ID Needed: draft-ietf-sacm-coswid-21
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 12 May 2022 06:59 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A051CC157B57 for <sacm@ietfa.amsl.com>; Wed, 11 May 2022 23:59:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.756
X-Spam-Level:
X-Spam-Status: No, score=-8.756 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYqV88xYW3QC for <sacm@ietfa.amsl.com>; Wed, 11 May 2022 23:59:20 -0700 (PDT)
Received: from mail-edgeF24.fraunhofer.de (mail-edgef24.fraunhofer.de [192.102.164.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38C36C159487 for <sacm@ietf.org>; Wed, 11 May 2022 23:59:18 -0700 (PDT)
IronPort-SDR: NBHwiqXNA3ypZ1mLcmr1RGXAaFRc3s+pxiRPsWkns//AfbTVZRmVDBvBzu/aTBdeH+KxLOdjj9 MTODQ2AnImFw==
X-IPAS-Result: A2FhBgAAsHxi/xmkZsBaHgEBCxIMQINzfoFUhE+OCYMCA4ETmiWBQIERAxgWIAYLAQEBAQEBAQEBBwEBLA0JBAEBAwSCB4J0AncBhEgmOBMBAgQBAQEBAwIDAQEBAQUBAQYBAQEBAQEGBAICgRiFLzkNgnBjTQY1AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBQINNB4pDDEBAQEBAgEBASEPAQUIAQEsDAQLCQIOCgICJgICJwslBgEMBgIBAYJ5AYJjAw0zj2ObF3qBMYEBgggBAQYEBIE3AQMCAQsCAkABSII3GFyBXAMGCQGBBiyDFItMFyCBVUSBFScMA4I9Nz6CYgEBA4EoAQsHAQcag1aCZY8vg16CTygEDwMdOIEGEoEhcQEKBgMDBwoFMgYCDBgUBAIVEU0GHgITBQcKBhYOFBwSEhkMDwMSAxEBBwILEggVLAgDAgMIAwIDLgIDGAkHCgMdCAocEhAUAgQTHwsIAxofLQkCBA4DQwgLCgMRBAMTGAsWCBAEBgMJLw0oCwMFDw8BBgMGAgUFAQMgAxQDBScHAyEHCyYNDQQcBx0DAwUmAwICGwcCAgMCBhcGAgIZWQooDQgECAQYBB4mEwUCBzEFBC8CHgQFBhEJAhYCBgQFAgQEFgICEggCCCcbBxYZHRkBBTcnBgsJIxYGCiQNBgUGFgMnMigBGwJSj0eCHoMeB4EMARBCGQcBHh4mBA0iFA0DIAEBJAkBCypAFSMGAg4DJxGMe6EYkUt8NAeCE4E7gT0GDIlLjW+GawYTLYN1jDoDhiaRe5ZlII0HlFWEfwIEAgQFAg4IgXiBD3BNJE+CNAEBMlEZD44gDBaDUIUUhUxzOwIGAQoBAQMJikaBal4BAQ
IronPort-PHdr: A9a23:yBVgPBf8/djl2a6VET+3Jw3AlGM/vYqcDmcuAtIPh7FPd/Gl+JLvd Aza6O52hVDEFYPc97pfiuXQvqyhPA5I4ZuIvH0YNpAZURgDhJYamgU6C5uDDkv2ZPfhcy09G pFEU1lot3G2OERYAoDwfVrX92az8XgcABziMwpyKOnvXILf3KyK
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,218,1647298800"; d="scan'208";a="39760980"
Received: from mail-mtaf25.fraunhofer.de ([192.102.164.25]) by mail-edgeF24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2022 08:58:48 +0200
IronPort-SDR: dODwuTnh96XEA0nD+XKYKIcDoyl2y0U5DqOsMG3w2DJPEpEp2mJ7pdsWu5DpPfb/qG9K0eUrx+ npXMJqVm9wqx4Xk1hg+tilLkPCQmm3PV8=
X-IPAS-Result: A0CHFwAcr3xi/3+zYZlaHgEBCxIMQAmDGFIHd1gnVYROg00BAYUxhQlegiQDOAFamiWBQIERA1QLAQMBAQEBAQcBASwNCQQBAYIOgnQCdgGERgImOBMBAgQBAQEBAwIDAQEBAQUBAQUBAQECAQEGBIEJJwZeBmiBT4FhEws0DYZCAQEBAQIBAQEQEQ8BBQgBARQYDAQLCQIOCgICJgICJwsHHgYBDAYCAQEeglsBgmMDDSMBAQ6PYo83AYE+AoofeoExgQGCCAEBBgQEgTcBAwIBCwICQAFIgjcYXIFcAwYJAYEGLIMUi0wXIIFVRIEVJwwDgj03PoJiAQEDgSgBCwcBBxqDVoJljy+DXoJPKAQPAx04gQYSgSFxAQoGAwMHCgUyBgIMGBQEAhURTQYeAhMFBwoGFg4UHBISGQwPAxIDEQEHAgsSCBUsCAMCAwgDAgMuAgMYCQcKAx0IChwSEBQCBBMfCwgDGh8tCQIEDgNDCAsKAxEEAxMYCxYIEAQGAwkvDSgLAwUPDwEGAwYCBQUBAyADFAMFJwcDIQcLJg0NBBwHHQMDBSYDAgIbBwICAwIGFwYCAhlZCigNCAQIBBgEHiYTBQIHMQUELwIeBAUGEQkCFgIGBAUCBAQWAgISCAIIJxsHFhkdGQEFNycGCwkjFgYKJA0GBQYWAycyKAEbAlKPR4Iegx4HgQwBEEIZBwEeHiYEDSIUDQMgAQEkCQELKkAVIwYCDgMnEYx7oRiRS3w0B4ITgTuBPQYMiUuNb4ZrBhMtg3WMOgOGJpF7lmUgjQeUVYR/AgQCBAUCDgEBBoF4JWlwTSRPgjQBATJOAQIBAg0BAgIDAQIBAgkBAQKOHQwWg1CFFIVMczsCBgEKAQEDCYpGgWpeAQE
IronPort-PHdr: A9a23:M/yvgR+d81eNQf9uWC3oyV9kXcBvk7n3PwtA7J0hhvoOd6m45J3tM QTZ4ukll17GW4jXqpcmw+rbuqztQyoMtJCGtn1RfJlFTRRQj8IQkkQpC9KEDkuuKvnsYmQ6E c1OWUUj8Wu8NB1OGdq4aUfbv3uy6jAfAFPzOFkdGw==
IronPort-Data: A9a23:ZewHdqnhscRnCuwTXCtlPyLo5gxVJkRdPkR7XQ2eYbSJt1+Wr1Gzt xIdDWzTafnfY2D9LtgjPY639k5VupDXzoQ2SFBk/C4zH1tH+JHPbTi7wugcHM8ywunrFh8PA xA2M4GYRCwMZiaH4ErrbtANlFEkvU2ybuOU5NXsZ2YgHGeIdA970Ug5w7Ng29Yz6TSEK1rlV e3a85W31GCNhmYc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pDTU2FFEYUd6EPdgKMq 0Yv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOjzAazhHe3JrXO9INQ1xolGiGlupt7 9NR6ZGbTAQpF67TzbF1vxlwS0mSPIVd/aPfZ3WvuszVwVfPbn3sxPtjFgc6MOX0+M4uXDoIp KNecW9cKEnZ2Ipaw5rjIgVorsQuKsqtNoIFuXFnySPxFvc6B57ZSrjM5dhW0S12is0m8fP2P pVCNWc0NUWQC/FJEngmLYIHjtr0v0TUKG1aiFiN9PQH5EGGmWSd15CoarI5YOeiX8lZtk2Vv H6A+H72ajkBPdea4TuI7nzqgfXA9R4XQ6pLSeb9p6Ev2QLCgzVJV1sIUB2w5/ejg1O4W9VRJ lZS9idGQbUOyXFHh+LVB3WQyENodDZGMzaJO+FlugyL1ITO5AOVWjoNQjJbMYN0r84qAzIw3 0KPn9TnCCYpvLDMESCR8bKdrDWTPykJLDZeNHFeElZfu4Hu8NMpkxbCbtd/C6rr3Nf7LjHHx WzYpiYJgbhO39UA0L+2/Aycjj/1/srJQwc56x/5RGWg6g8lNoepa5bxtgrA7OoGIpyQU1+Bu 3YJgY6S4blWX52KkSWMRsQLHa2ovqrUbmeD3AQ3R5R4rmaj4X+ue4xU8QpSHkYxP5ZWYyLtb W/SpRhVus1ZMkyqWqkrMYi/PMInkPr7HtP/W/GINddDb8QjdAKD+y0yN0ec03q3yxo3lL0nf 5qLesbqA2wTFKJnyzS7XaER3OZzlCw5wGrSQ7H9zgimiObPOiTKFO1daFbePPok6K6koRnO9 4oNPcW9zRgCAvb1ZTPa8NJOIF1Wf2I3A4v6955eeuKZeVE0QTx6Tq6OhOp+Ksk8xfsTiOKO9 TezQEZFzlr4i3DdbwmHMygxZLTqVJd5jHQ6IS11YQf2gSd+O9734fdNbYYzcJkm6Pdnkax+Q c4DdpjSGf9IUDnGp2kQYJSVQFaOr/h3ad9i5xaYXQU=
IronPort-HdrOrdr: A9a23:/mE6Y64tYpXCIRedPQPXwMrXdLJyesId70hD6qi5ISYlFPBws/ re+8jzsiWE7Ar5OUtQ/OxoV5PufZqxz+8X3WBzB9mftWvd1FdARbsKheCJrgEIcBeOlNK1u5 0BT0EzMrzN5IdB/L/H3DU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.91,218,1647298800"; d="scan'208";a="173453198"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaF25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2022 08:58:46 +0200
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Thu, 12 May 2022 08:58:46 +0200
Received: from DEU01-BE0-obe.outbound.protection.outlook.com (104.47.7.171) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22 via Frontend Transport; Thu, 12 May 2022 08:58:46 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mg3hgfZGfKDY3aqWPuGcBnWsgZfmgY8W60ex6uY4XiMd/9GexepDMHlSuykXnnMSXjOBkivEKRQG81ce1CbezCcBXXehXMKybrYZWQbLEwVZixOryLboKTHF+7sAS2zD8D82THjwT8GDh+fyRMcvAxDKuwR1+sUdbGvbcB0XkRxVTADflA2Ivf226L1Ra+zncckqzFg6IhEGOPMhI8WyLYFFBpVueoIVUdToZKGE7EcBu86iqP91KjHs8IfBwB3LFlniMMlhFbjHAIePp76tboKP4cthMG3ISTWrWIESafFImbmjY/lKE5AwGbk2m21RC6dRhg2Qn1rrBbyrME7mKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UnSwzCgLLcFMzAP1zmDT5OmIT598Olq1m5vbB32ratk=; b=AC0z3DI9bkXEzUAoSLY6zIUbkPCYYh2zE3L1Qb/zBC979W92m0sNm3/aJGwwd+ftvQ51GBFp+Fq0nm9tos0QiMb0V1WULuxGJARJzQYW0ImCuuTZWBMRCuQ5fDvsfWlJJJ8fVYuo7r3B2BFaCRgoKrlx0nbr0Ju5jgrrjdlQPywgrJ1VbKrmGtcm8QwAfEx3skrxqSJoX8Fli5w8dlEqD1EVhDqlniHodl2Zv47qOLIQ+Vs+Q7+l1zC2OeGv0pFDXabLaIFd9+dJ0reM9xEnnub4KU4NbxetTDCtVvVpatyC8NlcK74N034T8zk8fat8Q00nUmN8dnFvwvrv/4perg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UnSwzCgLLcFMzAP1zmDT5OmIT598Olq1m5vbB32ratk=; b=L0jgIj0MhiDckf4S8549VkrYQezcxy1++M/VtNkwJDXl7BpVVeNrqkJLp9kWzr1ornga1TwU0UOzwygu8J05N8v5eILqZujSeGn4msbtX6hnOExu1xN+reWEmkUeHUxcFBYq45aqILC6itCyVoBDQF5WDfjTBVRNG6BzkiwEtb8=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13) by BEZP281MB2087.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:5f::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.12; Thu, 12 May 2022 06:58:45 +0000
Received: from FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::4983:ae3f:b59e:ff62]) by FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM ([fe80::4983:ae3f:b59e:ff62%5]) with mapi id 15.20.5273.004; Thu, 12 May 2022 06:58:45 +0000
Message-ID: <185ad8e1-e610-3003-0f08-e0a5a85140fa@sit.fraunhofer.de>
Date: Thu, 12 May 2022 08:58:43 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1
Content-Language: en-US
To: Roman Danyliw <rdd@cert.org>, "sacm@ietf.org" <sacm@ietf.org>
References: <BN2P110MB1107B6F79F45E9E7EFE86A82DCC59@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <BN2P110MB1107B6F79F45E9E7EFE86A82DCC59@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AS9PR06CA0229.eurprd06.prod.outlook.com (2603:10a6:20b:45e::18) To FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:50::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: bec9f7b1-0fb5-4282-814a-08da33e4db50
X-MS-TrafficTypeDiagnostic: BEZP281MB2087:EE_
X-Microsoft-Antispam-PRVS: <BEZP281MB2087157ECF6A4A211166FD89A8CB9@BEZP281MB2087.DEUP281.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: OqmbVKOg9yG7pxUh1ybrBdwB0qriKDa1wairCU7IM8rxkhioVnLrE8ZZ6wLTzIYQohIj5BCXIoWZP0UFZWAVhHFNJfrSQ8S0jBWkd/ISFpKT8JorncLPPQXhhdI78pbSJhW1a5+L276kLKemcVllpWElytfZ0xoQQ6f0Xb6D0piurka1l4jD708a2Ir5ou0UIM+YQCV6QyjACdiI2DsYzT4qnQOpnSnguD79MDgw3D0AAVha8Z4gKVddBV6A6/YYAFd/Eo2kidoAL8Ho1OHWbK57g4nN+0xtnoz6+gizcUPk16tPGlhXTwB/qRHKsDKuTP9vB0r2XhZ/Vv/DlS8pzzJAoahOX+1eSMw77Chk5gk+0wQMxC83W5pZqKhHL8WgTqGAeFswwmDw0urnU8l34Yap7QTqJpLrMghtjQKECLhH3XG0V15Xvd9WZNFiEU0bH+utbgTFzm7kSLgsa6PvuKbjxzHRJRUNDrOASmadLB4PFEtfTlYneCuYC6kL52FpctxAn8Rtb/QlZyJuLRhtRq1nP/YOgegb5RMnWtwoKXlDaouG4HT5c0L9EhsHIECRulxVTLVILF9LgOebKr2EuqAAvWy9UaTba1a1a0hh+SP9VLVBmXQqK28n/shi3aq/o9VIoMo5JDi2IP7Jup/eFVPMlJ1Ec0Q+0zeUulMOinD+CVkGXQIv4HrNiubHx72uLM0DTgH9FQN3lgK3JAi6QUznIBDcTKGHMfl8vuhJe88Eo/CnsKLK99RqYI+xLnvH5ZzQ9rITNqf852/lqDPyC2VJ8tbdOV91UGi5f91JuAYcGT8v5WUTugWwgjDWpEGz2f5SPRr6qL9X0QFFFkSjrhfbEYvCj9yAjuvGw77nBX63nxIUwISQB+KQZZW0tJyaYi2J4Tutx2xPPeZk1SpM8A==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(31686004)(66946007)(508600001)(83380400001)(6486002)(66476007)(52116002)(66556008)(31696002)(8676002)(86362001)(2906002)(186003)(53546011)(2616005)(5660300002)(26005)(6512007)(8936002)(44832011)(316002)(82960400001)(6506007)(38100700002)(110136005)(966005)(38350700002)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: fQRaq+oy5oSXjeV0UavpevPQfJaxdWvtPe1D/2EtJYZXSy9QIZlbr9kN2daXYErw8IVfY7sCmnE4vrVSLzNRA2MGd9n9XZeOxQiSZpOXsRQtfL3lZ5+GtuVkNaumbQvz/WXw928ukR8kYJVQGc3n/CuCJiLEi/hLIp7Pl3oO24wxMAeL343AbpO0FSP8Z2xP94wAvHV3lSLxXXzvNA7n6CgbHVsu6iB0LPrH35KKR0Z3iEK4EXG2bXXuRl1A2hZStJase3rUcz2QT7vcrtIH7OtTA4ZGzCsFFbYxbNm5XbzazO8Dy2eKWi+vXSBWvtF81NR9mD0/49k4/mohdfU3iIq+lqg7213B21r/97WMxoT6APGK4XI+JBh8+7imT14m14IlWwezJctIKiVcujf7zenBtOuzaWBQuGm4EzehZA/vHBvL7WVbRbZ7bvOkHtCZ0IffjnXDFhj8Tw4jJVgBz/kYcojYJzhrxOc1E4JU4frfi8DjV/iittMcKEoCT3v0On83RqTLvd1lIieSYFeRyvsTq8SoEvcNz8/gvWE256PrEOmacuhFNxHEAsCjO1Snd4V+F0d98js8Sv4kAlBTTgLoT55o6WSkiTn+mJWXC93oZacaw7mhqslz9RHsILHzR9YOVgnFKkzsupZatdgj3cJeWbwQ2z6eps+0QI5tW9IGbxVA4TKN7LmvAc0PijnQsDQswf7qThm38cNWgu7msPIZxqNx+WyCn3gvxOUUKzo7FInLGbBQdEWWKCVXHlznd6YEvkT2GFSPZ1Ztkn/yP3bI2CIQKZ3keJhzrj06FqBGjx2VRLOLzf8IIHsQ1RMmSkdXs5J2iaa+gGP0nO0br6+5TwU9/OU1PbFHbUqpCK3UzqP/B+TdqhBalnRbOT1tZA1VuUM9y8ju35S5rfNKhsoAhNfh5W4ylUERWJs//gDk0yC7S1OgjZvkuemodh8zuss/MDKCIg307akqHVi1l+XBRQ2Ig/SxfdiiZl9efLRq5u/elrlUN2dI9xCFqpuoEwreVwEd9bonQebjcpq/W+jE5XZQ/FpQnmlF3cusW6PG7NwrpfFlYaVJwpbKcRUGYhwTtwwgv3yQ80rOww1K9jE6X4qWRV3s0SMa1beS9rCY8PPow389V2aZnTGzh1fNlBfn7qwm2+/0s7bv3oltgUC6TTDsf/EC6Vim/CVkSDrJlU2eFMAaB5XSwxafpCSYpadpNHMuYTsuM/0tjLLQrjeZvn9RTSNz0uGwkvxT/sCUhe7VyLvdD4WBpP7pMeC6gXXA/VCsYFtw3eW6uxpDOm/aDmY5ZTXMkvJmhQvGkTfJ9c53SYvV8brr6aEPpF4iiqB28v89NHleV7mLIuB0xs3CnswpPYtU7B/UKFdwarkejcaRnOzvfiWWEFIteSolydQfoTUUG2wW/wl+tus4hqS8i2v5aApZsQGSo4AMj9JEw8ZQPtqR0k/53/mVA2LehrS8zMtIm3zqA1Lh/zKm/qDgd2whMikEduWPtQa5bRJen94MJKCCdwl2l9XJLQSB8NyQPVnlO+t7s+acnuUDNr4mOfFnRNqijjm7ayaPytopBZNhqqlUpOm258H9GByAbr1di71FPBiYgsJy1YoaIHcYdr09R8UMHGcoXVe2mGr0FTHWSLYbF3EzO09mbfQWW8wL2A5V3jK0F7PxAUh0Y0NRAxD4UqaGjLWCsm3QdhAyHuAr9lfzDGxfCr2zW08vjPSOaxwRoK76vCTwRxfQfonVh1YBliGAchOKlXjGkYLeLgZC1lmI+PPnTx2NgrBS
X-MS-Exchange-CrossTenant-Network-Message-Id: bec9f7b1-0fb5-4282-814a-08da33e4db50
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB0785.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2022 06:58:45.3416 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: mcPRsZmqpDP9BeC8PHsj51URLQMrDBtwBSH2ZHmysJwgv4Rhf3Wkfh/eqm1wUsjTGSuxQo34o8Z6uUWYxBleiFlYDxHGzsjSXDJMgByWzK4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BEZP281MB2087
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/QLWjAZmBcUk96wmgPnvTsOHJNPM>
Subject: Re: [sacm] Revised ID Needed: draft-ietf-sacm-coswid-21
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2022 06:59:24 -0000
Hi Roman, a big thank you for your support of steering the various inputs. That really helped us moving forward. As a result, there is now: > https://github.com/sacmwg/draft-ietf-sacm-coswid/pull/50 Individual commits addressing distinguishable topics, as well as additional comments are in-line. I messed up one commit (as it addresses two issues) and one issue we will address in a separate email (as is it not solved by a simple commit). Viele Grüße, Henk On 06.05.22 15:26, Roman Danyliw wrote: > Hi! > > Thanks for publishing -21 in response to IESG review. I was asked to clarify why draft-ietf-sacm-coswid-21 is in "Revised ID Needed" state -- a number of COMMENTs from the IESG review still need attention. Specifically: > > [Source: https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/ballot/] > > ==[ snip: Francesca's position ]== > Francesca Palombini No Objection > > 1. ----- > > * If the patch item is set to "true", the tag SHOULD contain at > least one link item (see Section 2.7) with both the rel item value > of "patches" and an href item specifying an association with the > software that was patched. > > * If the supplemental item is set to "true", the tag SHOULD contain > at least one link item with both the rel item value of > "supplemental" and an href item specifying an association with the > software that is supplemented. > > FP: This is missing text about why these are SHOULD and not MUST or MAY. I agree with John Klensin, who formulated it very clearly: > > If SHOULD is used, then it must be accompanied by at least one of: > (1) A general description of the character of the exceptions and/or in what areas exceptions are likely to arise. Examples are fine but, except in plausible and rare cases, not enumerated lists. > (2) A statement about what should be done, or what the considerations are, if the "SHOULD" requirement is not met. > (3) A statement about why it is not a MUST. > > [Roman on -21] Thanks for the new language. It doesn't appear to provide much clarification. The preamble to the bulleted list says "If any of these constraints is not met, a signed tag cannot be used anymore as a signed statement." > > ** I don't follow what "cannot be used anymore" means. Is that saying that a tag is signed with a valid signature, but the contents don't make sense so it should just be ignored? > > ** I'm not sure how to assess conformance when the four subsequent bullets include a MUST (bullet 1), SHOULD (bullet 2), SHOULD (bullet 3) and MUST (bullet 4). If one treats conformance with the mindset of boolean algebra - the bullet 2 and 3 are irrelevant because the weaker SHOULD could go either way. To stay consistent and aligned with the SWID specification all (remaining) bullet items are now MUST statements. The statement on supplemental tag was removed as the index 11 definition in Section 4.4. sufficiently defines the use of supplemental tag use and conditions when to use it and does not require additional normative statements here. Fixed in commit a3ea17a > > > 2. ----- > > *r artifact (index: 37): To be used with rel="installation-media", > > FP: Should "installation-media" be "installationmedia" instead? > > [Roman on -21] Please fix Fixed in commit 0cb7d7d > > 3. ----- > > * date (index 35): The date and time the information was collected > pertaining to the evidence item. > > FP: Please add a reference to Section 3.4.1 [RFC8949] and mention that this is the standard date/time string. > > [Roman on -21] This seems like a helpful clarifying refence for the reader. Fixed in commit aa1c50d (this also includes the next issue 4, sry) > > 4. ----- > > space, the "decimal" version scheme SHOULD be used. > > FP: Here (and following bullets) is another case that either requires a better context description about the use of SHOULD, or should be rephrased (possibly avoiding the BCP 14 SHOULD) for example: > > space, it is expected that the "decimal" version be used. > > [Roman on -21] Thanks for the next text of "the "decimal" version scheme SHOULD be assumed." I don't see how it doesn't simply state ("be used" ==> "be assumed") responds to the ambiguity issued suggested by this COMMENT. Are the "SHOULDs" in these three bulleted clauses needed? Fixed in commit aa1c50d > > ==[ end ]== > > ==[ snip: Rob's position ]== > > Robert Wilton (was Discuss) No Objection > > Comment (2022-03-21) > Hi, > > I've discussed this with Roman and Henk and I've agreed to remove my discuss so that the document can be approved and move forward before the new IESG handover. > > The proposal for the two issues below are: > > (1) I think that it would be helpful to have a liaison statement between the SACM WG and ISO that confirms the ongoing expectation and evolution of SWID and CoSWID, i.e., my understanding is that ISO intends to reuse the IANA registry and I think that it would be good to get that more formally confirmed now whilst everyone agrees, so that this doesn't end up being a problem in future when participants have changed and moved on to new projects. This doesn't need to block the progression of this document, it could be done in parallel. I also don't think that this had to be written into the document, but possibly a comment in the document may be helpful to set the context for future readers. > > [Roman on -21] Rob cleared his DISCUSS on faith to ensure this document didn't lose positions in the AD turnover at IETF 113. I have seen no explanation to back to Rob. > > I share Rob's concerns. The coevolution of this specification with SWID has been a moving target. When I first inquired about this during AD review in October 2020 (https://mailarchive.ietf.org/arch/msg/sacm/lZsk8wlOprU-WKPxgQAYLfBzDdE/), I heard that CoSWID would independently evolve via it's self-defined IANA registries. That was consistent with the current text which effectively positioned this document as a fork. During IETF LC OPSDIR directorate review (https://datatracker.ietf.org/doc/review-ietf-sacm-coswid-18-opsdir-lc-bradner-2021-08-07/) the story changed to SWID now planning to use the IETF registries which suggests that they would co-evolve. This intended co-evolution was the motivation for keeping certain IANA registry names "swid" as opposed to "coswid". However, the document still has the following text in Section 1 (which seems to contradict the co-evolution idea): > > While an attempt to align SWID > and CoSWID tags has been made here, future revisions of ISO/IEC > 19770-2:2015 or this specification might cause this implicit > information model to diverge, since these specifications are > maintained by different standards groups. > > Can the current swid-coswid coevolution plan be explained? Can the basis of this plan also be clarified - one approach could be a liaison statement. > ] > > In addition to this discussion, I believe this document needs to clearly set expectation for implementers with the information we have now - is this CoSWID document (a) an alternative data model for 19970-2:2015/SWID in CBOR with full feature parity (i.e., if I can do it in 19970-2:2015, I can do it CoSWID; and vice versa); or (b) a forked data model of 19970-2:2015/SWID in CBOR that has additional capability (i.e., don't assume that just because something can be represented in the CoSWID data model, that it can be converted/represented in 19970-2:2015 SWID). Please refine this limited set of expectations as appropriate. With respect to (1), we'll split this topic off into a separate thread and will cover that topic last - if that is okay. > > (2) Regarding the Semver 2.0.0 reference, the suggestion from Roman, which I agree with is that it would be better if the SEMVER reference cited the ITU SWID spec as the normative reference and the current accurate github reference becomes informative. > > [Roman on -21] [SEMVER] is still a normative reference. Lazy oversight that is fixed in commit e52b0f7 > > > ==[ snip: from Ben ]== > >>From -20 to -21 a number of internal references changed from Section 2.5 > to "Section 2.4, paragraph 2", which mostly don't seem to make sense to > me. Please double-check. > > Section 2.3 > > * version-scheme (index 14): An integer or textual value > representing the versioning scheme used for the software-version > item, as an integer label with text escape (Section 2, for the > > needs a close paren somewhere > > [Roman on -21] Please fix Fixed in commit 3cb5ea9 and 4f056c5 > > Section 9 > > Converse, generators of CoSWID tags need to ensure that only public > > "Conversely" > > [Roman on -21] Please fix. Fixed in commit fbc5aa9 > > ==[ end ]== > > Regards, > Roman > and thanks again! > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm
- [sacm] Revised ID Needed: draft-ietf-sacm-coswid-… Roman Danyliw
- Re: [sacm] Revised ID Needed: draft-ietf-sacm-cos… Henk Birkholz
- Re: [sacm] Revised ID Needed: draft-ietf-sacm-cos… Roman Danyliw