Re: [sacm] Benjamin Kaduk's Discuss on draft-ietf-sacm-coswid-20: (with DISCUSS and COMMENT)
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 17 February 2022 10:14 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90ACD3A08B0; Thu, 17 Feb 2022 02:14:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.613
X-Spam-Level:
X-Spam-Status: No, score=-7.613 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NPcuOjSWnHVf; Thu, 17 Feb 2022 02:14:35 -0800 (PST)
Received: from mail-edgeDD24.fraunhofer.de (mail-edgeDD24.fraunhofer.de [192.102.167.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEAE23A08AD; Thu, 17 Feb 2022 02:14:30 -0800 (PST)
IronPort-SDR: CHMZPnr0uyGy9I0TiEP6G0VGb2gw8QzCu0buQdErRSYgNJoteI0oDJs2fJj84eGr+DAWTaWxhk oOk7puGIzzhw==
X-IPAS-Result: A2HXAAALHw5i/xmnZsBQCg4NAQEBAQEBAQEFAQEBEgEBAQMDAQEBQIFHBQEBAQsBAYImfoFThFWOFYJULgOBE48pinCBLhSBEQMYFiYLAQEBAQEBAQEBCAE1DAQBAQMEgguCdQKEAyY1CA4BAgQBAQEBAwIDAQEBAQUBAQYBAQEBAQEFBAICgRiFLzkNQAEBAQMHBAUBghljTQY1AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBQINNB4pDDIBAQEDGgkPAQUIAQEFJAIMAQ8JAhgCAiYCAjIlBgEMAQcBAYMAAYJlAz2QP5wMgTGBAYIIAQEGBAQygRlBgn8YXIFbAwYJAYEGLAGBXIExhySCYjR7FyCBVUSBFScPgj03PoJjAgOBKAEHCwEJgzCCZZMpAS8NAQEHDRkIBhoGCgwCJAQNEAUFCwkICgMDAgcLDAElBwMNHgoCEQIFJAoHAQIDBAEFCAwKAQEBAwYFARgRAgkCBAIBDQiRbgkbBjaCVIpXnmx6NAeCEIE6gTkGC4k6lEgGFC6Dcowjhic1kR+Td4JUIIxylB4HCwsNAReEVwIEAgQFAg4IgWMCfyNwTSRPgmlRGQ+GQYdfCQIBFhWDOoUUhQVGdDgCBgEKAQEDCYgKgXiDFYFBAigFghcBAQ
IronPort-PHdr: A9a23:pk/FORBsGTKMUJwO3/y+UyQVYBdPi9zP1kY95pkmjudIdaKut9TnM VfE7PpgxFnOQc3A6v1ChuaX1sKoWWEJ7Zub9nxXdptKWkwJjMwMlFkmB8iIQUTwMP/taXk8G 8JPHF9o9n22Kw5bAsH7MkbTvju89zcPHBX4OwdvYOj4Sebv
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.88,375,1635199200"; d="scan'208";a="49513396"
Received: from mail-mtadd25.fraunhofer.de ([192.102.167.25]) by mail-edgeDD24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Feb 2022 11:14:26 +0100
IronPort-SDR: GKSsBZl7c9VtdOtfiV7bRvhrrzT7VL2vwqPpcq8CpIRYFgmnTsse1R6mxwj7421WAn/ORvdbad fOcGmwl9KPa1FYBC/UAM3BGXRT1gkLlG0=
X-IPAS-Result: A0B9AAC35wxiej6wYZlQCg4NAQEBAQEBAQEFAQEBEgEBAQMDAQEBQAmBPgUBAQELAQGBUFZ+WSZUhFSDSwEBhTmFD16Bdi4DOAFajyiKcIEuFIERA1QLAQMBAQEBAQgBNQwEAQGCEoJ1AoQBAiY1CA4BAgQBAQEBAwIDAQEBAQUBAQUBAQECAQEFBBQBASMHBA4DEBA7Bl4GaIFPgWETCzQNQAEBAQMHBAUBhWwBAQEDEggJDwEFCAEBBQ8VAgwBDwkCGAICJgICMgceBgEMAQcBAR6CYgGCZQMtAQEOj2ePNgGBOgKLGYExgQGCCAEBBgQEMoEZQYJ/GFyBWwMGCQGBBiwBgVyBMYckgmI0excggVVEgRUnD4I9Nz6CYwIDgSgBBwsBCYMwgmWTFQEvDQEBBw0ZCAYaBgoMAiQEDRAFBQsJCAoDAwIHCwwBJQcDDR4KAhECBSQKBwECAwQBBQgMCgEBAQMGBQEYEQIJAgQCAQ0IkW4JGwY2glSKV55sejQHghCBOoE5BguJOpRIBhQug3KMI4YnNZEfk3aCVCCMcpQeBwsLDQEXhFcCBAIEBQIOAQEGgWMCNkgjcE0kT4JpTgECAQINAQICAwECAQIJAQEChj6HXwkCARYVgzqFFIUFRkIyOAIGAQoBAQMJiAqBeIMVgUECJgIFghcBAQ
IronPort-PHdr: A9a23:iwwVHREtztMaz8JvvVcBfJ1Gfi4Y04WdBeZdwpYkircbdKOl8tyiO UHE/vxigRfPWpmT8PNLjefa8sWCEWwN6JqMqjYOJZpLURJWhcAfhQd1BsmDBAXyJ+LraCpvG sNEWRdl8ni3PFITFtz5YgjJo2H04yQbBxP/MgR4PKL5F926sg==
IronPort-Data: A9a23:3ZHr0aM7uKIJZ5nvrR1jkcFynXyQoLVcMsEvi/4bfWQNrUok3zMGn GceWzjXOfyOazb1c98lOt+/90IHsJPXxoMwGXM5pCpnJ55oRWUpJjg5wmPYZX76whjrFRo/h ykmQoCbap1yEhcwnz/1WlTbhSAUOZqgG/ysWIYoBggrHVU+EH141ko68wIEqtcAbeaRU1vlV eza/pW31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eC/5UhN6/zEInqR5fOrim4KcbhL wrL5OnREmo0ZH7BAPv9+lrwWhVirrI/oWFih1IOM5VOjCSuqQQqj5QGJsVAYH1a0S2zld5K6 9pKmYa/HFJB0q3kwIzxUjFDFj1me6BW87+BL2K2rMqTyEPLaT3gzp2CDmlvYNZeq7kxWD4Qs 6JCQNwORkjra+aewL+9Sa9mh94gLM7vLqsEu20mwyvQEPAmRp7OWePG6Le02R9p3Z4WRKuPP ZdxhTxHLxf/PTxFZE4sMa0cvsz13nnOLSdTgQfAzUYwyzKKl1UqgOmF3MDuUt+DSdhWtkOZu iTL83mRKhAXL9O3yDeZ/DSrnOCntS/hUYwOUby16vAvm1SYwykYDwYJVFeToPSlhAi5Qd03A 1cd8S9rpqg79VawZtjwQxP+p2SL1jYHUtFVO+w39A/LzbDbiy6YAGEPTzlpY9E8qIkxXzNC/ liFmNXuCjxyvZWUUnWWsLCOoluP1TM9dDJZIH5bCFJavZy9+scti1TECNh5GbOzjtr7FCu2z z3iQDUCa6s7lZM56reEoVn9jmi0nJLHdS064SnNUTfwhu9mX7KNa4ut4FndyP9PKoeFU1WM1 ETofeDDsYji6rnQzESwrPUx8KKBuq/fYWyH6bJ7N8h9pm31k5K2VdoIuFlDyFFV3tEsVRKBX aM+kVoMv9oCYz7zMvEyPdj3FcFsxu7uD934UPDTYNdUJJR8HONmwM2MTRDNt4wOuBJ3+U3aB Xt9WZrwZZr9If82pAdav89HjdcWKtkWnAs/v6zTwRW9yqa5b3WIU7oDO1bmRrlnsP7c+1uPq 44Db5fiJ/BjvAvWPXS/HWk7cgliEJTHLcqo+qS7i8bcc1E5QDt9YxMv6ehwI9A/90iqqgs41 ivkARYDmAuXaYzvJQiXdmtoaL70FZh4t2kwPTEqMk2u1mQxCbtDH49AH6bbiYIPpbwL5actF 5EtIpzcatwSG2iv02lMMvHV8tc4HDz13l3mAsZQSGJlF3KWb1CRoY+Mk8qG3HVmMxdbQuNl8 uf/iF2KGstYL+mgZe6PAM+SI5qKlSB1sIpPs4Hge7G/oW3gr9pnLTLflPgyL51eIBnP3GLFh R2XHVEWv+DQpY8y/tTTw6yJ9t/7H+x7F0tcPm/a8bfvaXiEpDX+m9cYXbbaZy3ZWUP15L6mO 7dfwcb8B/tbzlxEhIxxTuRwxqUk6tqz/LJXl1w2HHjCY1mxJKlnJ32KgZtGuqFXn+ALogqqH EyV88RcObKHNdmjHFNIfFgpaeGK1Pc1nDjO7K1pcRugu3ItpOKKCBwAMQONhSpRKKpOHLkkm epx6tQL7wGfiwYxNojUhC5j91OKci4KXZIhu8xIG4TskAcqlgpPbJGAWC/75JaDN4dFPkUwe GTGn6/en/JR1kHCNXQpHGXL3e1TiI5ItB0TlA0OIFGAm9zkgP4r3UQNoGptEVkPlk1Kg7BpJ 2xmF0xpPqHSrT1ms85OAjK3EAZbCRzFp0H8lwkTmGvCQxX6X2DBNjZna7/QpwVIrCcFIWYeo uve1mOjWnDkZsjs2Cs1V0N/7fDuFIQj+grHkcGhPsKEA5hjPWu72PDzPzJQpku1G941iW3Gu fJuoLR6Z5r9OHNCuKY8EYSbiekdRR3syLaumh29EH7lxV3hRQw=
IronPort-HdrOrdr: A9a23:Lwfs5KkHFYqfhCv/JNv4WG1N6YHpDfIk3DAbv31ZSRFFG/Fw9v rFoB1173PJYVoqKRMdcJW7Scy9qBDnmqKdg7N9AV7KZmCP01dAbrsD0WKI+Vzd8kPFh41gPO tbHZSXVbDLfDxHsfo=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.88,375,1635199200"; d="scan'208";a="136015925"
Received: from 153-97-176-62.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.176.62]) by mail-mtaDD25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Feb 2022 11:14:22 +0100
Received: from XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) by XCH-HYBRID-01.ads.fraunhofer.de (10.225.8.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.15; Thu, 17 Feb 2022 11:14:21 +0100
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (104.47.18.110) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.15 via Frontend Transport; Thu, 17 Feb 2022 11:14:21 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=chWlEYLXitNtQU0HP/x3qfl6ZdAGt5A8+d3iEqplBFuTSMg6otAljg4nN9hhRnyI2f9aPP/7sqGHwWu4woih9l+a8m1P7qun/SnPkWS9J9K9VaolmRZhaPuYPl5R87gEEHxEuyJ2fraleDRCZ5wprF99vyFOFeQa7Jv7Wjpoj6+xoNk2dPxOQmIHD395cHfDnyEm43vuc8EwQ9yFdwUm2RXs/34r3et2FsNk9ADRun3aOfNTKMwV0kP3TlgicVlHFqj+rgi8azHqOD8i3Fuh/l/R3s5rNCuRTNzTgZWP/HZnb/sTE1iCxSeICKCyRxrTD0MHRENiIPuAX9QhAeWXlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O8hV2L1v9iK6fladEBqcBtdGefw586OKsFov8GHV3C0=; b=Z8kr1iWJL60o4FDTvfBLOa95ZlpF2Ccnh0wvweiXhUawF27hacbzRH5Dn4xcWqgQEtNXTB9O+5gcCz30fEqI4odMvhCidB5hJOh/HKxPp66OREdJ7e0kvILmGPN8dUlaqwLlnyP/qw3i2fcgH1WxExWU0zkHh5LAtLUtl+88dDfCixMRTiekf8Z3MmkQFgICLOxKSbBptEzsoNtRhLq/d4PPVlz1eVXicjP1RGoI6S3pjB0+P6JQSh2XDf7BW0DCiFW5Br5LKzfiDwMW1ypaZ/4b7KauLUyrjJ9B9/oe1M+y0STKBr137MOHIR6mtjKpgcDIKpnYRa/m+wNReYIwuw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O8hV2L1v9iK6fladEBqcBtdGefw586OKsFov8GHV3C0=; b=dkMtlv9IRCjwDb7KPbCfy+taxhSmYHkGLEDv8KY51gL1ZaELThNimNaB/KO1fi0PZ8R/H/Gh9/z/QbORKpKJG9pd1fun9EMXiXCXGR+EBse05dYx7YCfAM551JXtYyjZAc77li6VdLZbPtoiJ4ZPYBKsP/nHUwslAFHRGcMm9uM=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9) by DBBP194MB1083.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:1ec::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.17; Thu, 17 Feb 2022 10:14:20 +0000
Received: from DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::ec87:f3dc:70f7:2421]) by DU2P194MB1709.EURP194.PROD.OUTLOOK.COM ([fe80::ec87:f3dc:70f7:2421%4]) with mapi id 15.20.4995.016; Thu, 17 Feb 2022 10:14:20 +0000
Message-ID: <6a3688cc-88f2-e787-5ec7-c1afa97070b4@sit.fraunhofer.de>
Date: Thu, 17 Feb 2022 11:14:18 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: en-US
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: draft-ietf-sacm-coswid@ietf.org, sacm-chairs@ietf.org, sacm@ietf.org, Christopher Inacio <inacio@cert.org>, Karen O'Donoghue <odonoghue@isoc.org>
References: <164491166777.25459.5492865802012578305@ietfa.amsl.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <164491166777.25459.5492865802012578305@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: AM6PR08CA0045.eurprd08.prod.outlook.com (2603:10a6:20b:c0::33) To DU2P194MB1709.EURP194.PROD.OUTLOOK.COM (2603:10a6:10:276::9)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 51d31518-bf65-4e2e-f2d7-08d9f1fe434c
X-MS-TrafficTypeDiagnostic: DBBP194MB1083:EE_
X-Microsoft-Antispam-PRVS: <DBBP194MB1083C3D6451E2282118B92F6A8369@DBBP194MB1083.EURP194.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: hVWiyY+kpKDalMB7r2yg7Lcs1YONnTwk8ISRAFYP7sDw86QRe+WqjcK0O8o0R0LilTARrYvuc+IwdN+pKrdu91Y5YUMticPy8iAwWLcLKF/Cv+GujS3l+YpP6l8JxukNyb2HNyEs0iyA6CYE3Qm1GMWFwEq6z+Fdf2/r+uAxYLXVZaKmP/1gyLN5JIHtiMqXDxMfMyt1lCqg7TLjgFTq5AgbuWa0M1pDXSEe3BcQ9GBN/PF88fkwwQ70S4AVGPmH9S6Vaf22ZbS0DX3mBvTGQKhLaDv+NFwHXmgIB3VT0FCOAH1/gTxuLrb4pYmmh34ZTY0WpxtP8jwVhDR6ZodiGV9GaDrC//kTe0LoJcfKzZA7AkEr9UiYcNn0zTsAFp+veDCMI5DWQLF9DceZ4p17b+hsWmFApA+yhHgyY4rhVwDkh4RHu6VwJS6CYEb4WfvAIV2Fi3cjPVuSClWx02vrDLij8UEr2I1OmkGJbXeX37+iPnCJue4JQb65kJDzsv75ikl/XJSIgAsRFGUqJMRDmClHbSo5Kr4gVIl46RmT31u3Bk/tbPJ729EDZUpmcvaF8PTKOPn7JrQF/AKkEMpGv4XUniRUJEWrhDjY9PGv2aNuR4clsARroCwQ5zKYeZBjCZUT3f92Sr9CZhMT50bPWRvMvPbXbDMpbihneP7ve8KE2ODAmN1C5hCAWf50hdlVLC8TqHL9G3ypQ4JmJxkcLEmmaQ8Bx9ao6MMqco2oeKr8uQBm1j9duZjzirYHR2KyWVU64uX+pxQmjiBies6Qf6KfCY9Qu3waR3OzUXJxSkeR47LvE4NmuWPQiloy+9DkP8KgRLh8oIcNS31ODpC5mtJlrJCCD0mZMQgGhMp0fF0=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2P194MB1709.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(53546011)(186003)(52116002)(4326008)(66574015)(8936002)(66556008)(6486002)(8676002)(966005)(54906003)(2616005)(110136005)(6506007)(66946007)(508600001)(83380400001)(44832011)(2906002)(66476007)(30864003)(31696002)(31686004)(86362001)(38100700002)(316002)(82960400001)(6512007)(5660300002)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: g5ypGxXiDuck6j4z81eNrcXxg6kShVXCUpmzJ5ZyGCt+0GJldrqg71Lg1zE4EB2PzeGS+zrGq2sHFuKM654pKlHGmzw3ITAjai+sKstIkCbE4eAFyZ0WGhoIQtG3SyNpD5KrZIJdfiYrRdOn8UnI1N8/OHBTf4522sO4Ilg7bMSW6rBqZyM2Vi3iiC9n2KoQ8MhMvzrJWtW2n7oAAeCtf3HVdljjF8JYl4vvoa4GTsAkHSqesccKgBudOX64CazJaWdjXQtPpz1funkBM+GeOv7XN6mJoJ0yKNcA7wgL1jgTpTOqzb9QOTU2BfBBTgyy8JzXo8tgh43++1n464b7fBg/YZeDZj+uxcxhxBj7uSPMK66GX8sIfOEYuW2Yyuc4z10ehE2ZL/0eD+mKiCbl7ie0ilPI/36qBiKuifptejZatwVevYb5JSzD9HFTqdT9gtXyp83yyblLBy7a3jQXRJ/Uq8DkTE+SSekqINzWYy1VS284luAVRdvUVr6D6UJrIOTWLT74tDRU/nqbXWDMrwjXnpInv+90s4LO5jXJxnGIYP5SuBWPOVM3caHBMaMHo2n/rT8JBnut8dBFNNK5SSE3/k5R+0QL0Slne2jg5lj1wATNUUDFBT+k55YTXDvgMpW045AGabVAZyo6h0zzMrWfPk7gcAVtNe2se3rvyxvuPv8+RKkaUeE3GmxaKptV2dVQbUxcNwVTrCIGNaUpd5zY9RZ2YzScHxU7nYDcvFfp369kFlL8hOhjY141XP6DpmCtvItPwItGvKviNH2jWyVssv+k/2/qhQnENbrY2yUDF7MK0MMwzFW7JklhpM+IaN+wpm6JJ3AJlvjqZNdsebAd2z2kt5Z74OtMZBAzf3ZFqak1ASa5JChYe1J9KZvEaewqmzkJ3ZRkBKfUP5y/0DTJJfdvnCgdznRPWLzq55ihOc0clPY9tLHC8QgEAHG/RAIFhgGFuIWaHTFrJlpVq4APrXdznqMFcwnOKJfHp4e86WFKAq/3j/dUlMLN1DBtI7mih14H7eT3mMLVT4HpW3lSwhueEFFD5rIqSvpQ2Df9RVWmBnh23hQ50DHGTx5yJsPsyP3tTbqmSyj2GhppfJKkUnNUG830JyG0uD/3IKV+7JMTqRW0A0hubCXiYVGvETKgpI+2OYgWKLKvMfgrIkE5oYT75gOwHhdQLd5HaVm84JsRasM55YsBqY7r8TJE2WN9KkjWFOs0a+6GPtva8EziIoTpe+Qg7QoEGcupXK/7AuV5yqDMLB/SrlIgzok7wYS9Y57vmp6FfD5nCw/Ie4t54UFWkSHJNEjLT0y6nw0P3hwMNqjmy6oK1DrV1aMr2OuZYDKc7BEwSFoa+xLwEIXF7Po3XynXHFh/Tad2ifgHB9jOf+9mcGLfDoEnCCfY4cZy7cK8ejuhSNVw3yLLRCqZEyu0nm1b5tuUcua7xF73lbpAFwEy4agATuI01tfwsdmrgVsE9hRo9dkVi4hNAgs4elCGS9X4HU+PMhW0S8Dtgwgb4veBIB05pzJKFProdL1O7LsVhhCOxNXAHBY5ZJ9YJtlgRW/5mALvc0H5z/wQtOzeAJI4wrD75cQ7rFrd9vkYSuch6mwJL1mu2cYUMp4XPhCup/bQLYYs9Z9D/SO7rsMDWusf8PO+eNeevPBfaME6Mafqen9mvakaDxxqTg1SCO6dh4XJen+QSHm5O87+VqvtHRvWey2E0yokyVXa1irHi8YkCPR/xzbrmkim4zSEIKuO/GWcb9rvYMkEpt4=
X-MS-Exchange-CrossTenant-Network-Message-Id: 51d31518-bf65-4e2e-f2d7-08d9f1fe434c
X-MS-Exchange-CrossTenant-AuthSource: DU2P194MB1709.EURP194.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Feb 2022 10:14:20.4770 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 1setirM5MccGAbXmbPV1lbKAHNtsz1Y8UzD++DhBUYZ2R6xwady7vstqLqY374/oIxI1f1BTWq4CI1iiwYaga4iZ/zT/dsxUVpKzZPsSKZE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBP194MB1083
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/Sf80GV6Nl68IlNXkNJD2X3NcKKw>
Subject: Re: [sacm] Benjamin Kaduk's Discuss on draft-ietf-sacm-coswid-20: (with DISCUSS and COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Feb 2022 10:14:42 -0000
Hi Ben, thanks for your feedback and yes - that is a lot of feedback. This will require a few cycles for us to process. While you highlight the topics to be "fairly straightforward" each one of them will take some time. I am not entirely certain we can address everything before the IETF cut-off, but we definitely will strive for that target! Viele Grüße, Henk On 15.02.22 08:54, Benjamin Kaduk via Datatracker wrote: > Benjamin Kaduk has entered the following ballot position for > draft-ietf-sacm-coswid-20: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > The volume of my comments notwithstanding, this document was actually > quite nice to read. I think that these discuss points, at least, should > be fairly straightforward to resolve. > > (1) In a number of places we have text roughly of the form: > > String values based on a <particular type of name> from <a particular > IANA registry> MUST NOT be used, as these values are less concise than > their index value equivalent. > > This seems like it could have some nasty interactions with updates to the > IANA registry in question, especially if consumers attempt to enforce the > MUST NOT. Consider a version scheme "foo", used by an implementation M to > emit CoSWID tags. Implementation M is old and predates "foo"'s > registration, so it uses the text form. Implementation N postdates "foo"'s > registration and knows to use the integer form for encoding it. But if N > insists on the integer form for decoding, it will reject M's tags, and > needlessly so. So I think we need a warning that the "MUST NOT" is only for > encoding, and that decoders MUST accept both forms (at least for names not > listed in this document). > > (2) Section 4.1 contains SHOULD-level guidance to use the "semver" version > scheme when the value matches the semantic versioning syntax. That seems > like it would be highly problematic if the version number only happens to > match the syntax by accident and does not actually match the semantic > versioning semantics. Shouldn't we be giving recommendations based on the > underlying (intended) semantics rather than just the syntax? > (A similar concern might apply to the recommendation to use any scheme other > than "alphanumeric", but there are not really well-known semantics for the > "alphanumeric" syntax such that expectations of semantics would fail to be > met if the wrong version scheme was assigned.) > > (3) The integer values assigned to link ownership values disagree between > Table 5 and the CDDL. (The IANA registry guidance matches Table 5.) > I did not attempt to obtain a copy of ISO/IEC 19770-2:2015 to confirm > whether it uses integer identifiers that we want to maintain compatibility > with -- the prose in §4.3 is a little unclear as to whether such > compatibility is relevant since it only talks about "values" that are to > match. > > (4) It's quite possible that I'm just confused about one or both of the > statements in question, but it seems like there may be some inconsistency > between §2.7's "This specification does not define how to resolve an XPath > query in the context of CBOR" and §5.2's "This XPath is evaluated over SWID > or CoSWID tags found on a system" (with, IIRC, a couple other relevant > mentions elsewhere). My understanding is that a CoSWID tag is intrinsically > represented in a CBOR form, so I'm not sure how one could cause an XPath > evaluation to match without having defined semantics for evaluating that > query in a CBOR context. > > (5) There are a couple of references to first-come, first-served > allocations for SWID index value registrations (e.g., §2's "new constructs > are assigned a unique index value on a first-come, first- served basis", > §6.2.1's "New index values will be provided on a First Come First Served as > defined by [BCP26]", but I do not see any direction to IANA to create a > registry using such an allocation policy for any range of the registry in > question. It seems like this indicates some internal inconsistency to be > resolved, but I'm not entirely sure what the proper resolution is. > > (6) Section 6.2.2 attempts to provide a namespaced scheme for distributed > allocation of unique (collision-free) names for private-use index values, > but I do not think it admits a unique partition into "domain.prefix" and > "name" by treating U+002D HYPHEN-MINUS as a separator, since that character > is valid in both LDH hostnames and in NMTOKEN names. This makes it > impossible to guarantee uniqueness, since we could have different > partitionings of the same consolidated name into the underlying components. > > (7) We seem to have conflicting statements in §7 about how a signed CoSWID > tag is represented. First we say that "[a] CoSWID tag MUST be wrapped in a > COSE Single Signer Data Object (COSE_Sign1) that contains a single signature > and MUST be signed by the tag creator", but just a few paragraphs later we > say that "[t]he COSE_Sign structure that allows for more than one signature to > be applied to a CoSWID tag MAY be used", but following the MAY would violate > the MUST. Furthermore(!), the last paragraph of the section says only that > "[a] CoSWID SHOULD be signed, using the above mechanism", which again is in > conflict with the MUST. (Section 8 goes on to admit the possibility of > unsigned tags as well as both forms of signed tag, and Section 9 includes "a > signature provided by the supplier if present in the CoSWID tag".) > > (8) Table 1 seems to be missing an entry for > $$resource-collection-extension, defined in §2.9.2 and appearing in multiple > other locations. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I put the (hopefully!) editorial bits I had specific suggestions for in github at > https://github.com/sacmwg/draft-ietf-sacm-coswid/pull/49 > > Section 1 > > percent reduction of size in generic usage scenarios. Additional > size reduction is enabled with respect to the memory footprint of XML > parsing/validation as well as the reduction of stack sizes where XML > processing is now obsolete. > > I suggest clarifying regarding "stack", i.e., if this is the memory > allocation chunk that is not the heap, or if this is the amount of > executable code on the system. > > Section 2 > > two formats. In such cases, a manual mapping will need to be used. > These cases are specifically noted in this and subsequent sections > using an [W3C.REC-xpath20-20101214] where a manual mapping is needed. > > I feel like there's some additional text needed around the W3C reference. > > Section 2.1 > > All names registered with IANA according to requirements in > Section 6.2 also MUST be valid according to the XML Schema NMTOKEN > data type (see [W3C.REC-xmlschema-2-20041028] Section 3.3.4) to > ensure compatibility with the SWID specification where these names > are used. > > The secdir reviewer notes that NMTOKEN has a very large expansion space and > that some further restriction is likely merited (really, in all instances > where NMTOKEN is used, but I'll just mention it once). What would motivate > allowing the full NMTOKEN space without such restriction? > > Section 2.3 > > ? payload-or-evidence, > > The prose goes on to describe 'payload' and 'evidence' separately, which is > perhaps a slight bump in the road for the reader. > > identifier as defined by [RFC4122]. There are no strict > guidelines on how this identifier is structured, but examples > include a 16 byte GUID (e.g. class 4 UUID) [RFC4122], or a text > string appended to a DNS domain name to ensure uniqueness across > organizations. > > Is there existing deployed reality w.r.t. "DNS domain name" vs "reversed DNS > domain name"? The latter seems more attractive in theory for this use case. > > * tag-version (index 12): An integer value that indicate the > specific release revision of the tag. Typically, the initial > value of this field is set to 0 and the value is monotonically > increased for subsequent tags produced for the same software > component release. [...] > > I guess "typical" would be "increase by one" each time, which is not exactly > "monotonic" (or even "strictly monotonic" which is what we really need). > > * media (index 10): This text value is a hint to the tag consumer to > understand what target platform this tag applies to. This item > item MUST be formatted as a query as defined by the W3C Media > Queries Recommendation (see [W3C.REC-css3-mediaqueries-20120619]). > Support for media queries are included here for interoperability > with [SWID], which does not provide any further requirements for > media query use. Thus, this specification does not clarify how a > media query is to be used for a CoSWID. > > Following the W3C reference, it's quite hard to see how the media query > would indicate a target platform, but I trust that the authors are > accurately portraying the situation w.r.t. SWID and providing the field for > compatibility purposes. > > Section 2.4 > > Do we want to say what a consumer should do if it encounters a CoSWID tag > that violates the protocol constraints? > > Section 2.6 > > * reg-id (index 32): The registration id value is intended to > uniquely identify a naming authority in a given scope (e.g. > global, organization, vendor, customer, administrative domain, > etc.) for the referenced entity. The value of a registration ID > MUST be a RFC 3986 URI. The scope will usually be the scope of an > organization. > > What scheme(s) might we expect to see for these URIs? > > Section 2.7 > > * artifact (index: 37): To be used with rel="installation-media", > this item's value provides the path to the installer executable or > script that can be run to launch the referenced installation. > > Is this a filesystem path, an arbitrary URI, or something else? > If a filesystem path, does it need to be an absolute path? If relative > paths are allowed, how is the base determined? > > - If no URI scheme is provided, then the URI-reference is a > relative reference relative to the URI of the CoSWID tag. For > example, "./folder/supplemental.coswid". > > What is "the URI of the CoSWID tag"? I don't see a protocol element in > the concise-swid-tag root map that would obviously convey such a thing. > Would this necessarily be a "swid:" URI that leverages the tag-id of the tag > in question? > > * media-type (index 41): A link can point to arbitrary resources on > the endpoint, local network, or Internet using the href item. Use > of this item supplies the resource consumer with a hint of what > type of resource to expect. [...] > > I know we already say "hint", but I'd consider explicitly stating that there > is no obligation for the server hosting the target of the URI to use the > indicated media type when the URI is dereferenced. > > Section 2.8 > > release. This version is intended to be used for string > comparison only and is not intended to be used to determine if a > specific value is earlier or later in a sequence. > > "string comparison" implies automated or mechanical use. Is that the > intent, as opposed to just "interpretation by humans"? > > * generator (index 50): The name (or tag-id) of the software > component that created the CoSWID tag. If the generating software > component has a SWID or CoSWID tag, then the tag-id for the > generating software component SHOULD be provided. > > The 'generator' is only defined to hold "text", but the 'tag-id' could be > either text or "bstr .size 16". How would a bstr tag-id be used here? > > Section 2.9.1 > > The number used as a value for hash-alg-id is an integer-based hash > algorithm identifier who's value MUST refer to an ID in the IANA > "Named Information Hash Algorithm Registry" [IANA.named-information] > with a Status of "current"; other hash algorithms MUST NOT be used. > > "current" as determined when? Surely this is not introducing a requirement > to consult the live registry prior to any operation on the CoSWID tag... > > If the hash-alg-id is not known, then the integer value "0" MUST be > used. This ensures parity between the SWID tag specification [SWID], > which does not allow an algorithm to be identified for this field. > > I'm not sure that "ensures parity" is the best phrasing here; do we mean to > say that it "allows for conversion from" the SWID tags due to the latter > specification not indicating the hash algorithm used? > > Section 2.9.2 > > Some elements of the resource-collection group include information about > filesystem paths. But if CoSWIDs are immutable after creation, does that > force a certain filesystem hierarchy structure on a consumer of that > software (in effect, squatting on the filesystem namespace per BCP 190)? Is > there any mechanism for supplemental tags to indicate that different > filesystem paths are to be used? > > The CDDL for the resource-collection group follows: > > path-elements-group = ( ? directory => one-or-more<directory-entry>, > ? file => one-or-more<file-entry>, > ) > > resource-collection = ( > path-elements-group, > > Is there a reason to not put the "resource-collection" definition first in > the CDDL listing? > > Also, I'm not sure I understand the semantics of the array form for both > 'directory' and 'file'. I guess, in order for there to be a parallel > interpretation between the two, it would have to be that each list holds the > elements of the corresponding type that are children of the current > directory. But an ordered list of "directory" elements might also be > interpreted as a path hierarchy, so some clarification seems in order. > > file-entry = { > filesystem-item, > ? size => uint, > ? file-version => text, > ? hash => hash-entry, > * $$file-extension, > global-attributes, > } > > How would we achieve algorithm agility (BCP 201) for the hash algorithm used > to verify the file's contents? > > * file-version (index 21): The file's version as reported by > querying information on the file from the operating system. This > item maps to '/SoftwareIdentity/(Payload|Evidence)/File/@version' > in [SWID]. > > Not all file systems record file version information; do we want to mention > that limitation here? > > * location (index 23): The filesystem path where a file is expected > to be located when installed or copied. The location MUST be > either relative to the location of the parent directory item > (preferred) or relative to the location of the CoSWID tag if no > parent is defined. [...] > > Does the "location of the CoSWID tag" refer to a location embedded in the > tag or the location on disk where the tag is found? > > * type (index 29): A string indicating the type of resource. > > Is this human-readable, from a registry, ...? > > Section 2.10 > > Thanks for automatically generating the consolidated CDDL block; it saves a > lot of time reviewing it for consistency. > > Section 4.x > > It looks like in the actual registries we are going to mark 0 as reserved; > should we indicate that in these sections as well? > > Section 4.1 > > I suggest including some example multipart version numbers that include > multi-digit components (and confirming that they sort as integers by > component). > > Section 5.2 > > Tags to be evaluated include all tags in the context of > where the tag is referenced from. For example, when a tag is > installed on a given device, that tag can reference related tags on > the same device using a URI with this scheme. > > This definition of "the context" feels rather under-specified and prone to > conflicting interpretations. > > For URIs that use the "swidpath" scheme, the requirements apply. > > Is there a word missing here (maybe "following")? > > Section 6.1 > > Is index 30 available for registration or should it be marked as reserved? > > Section 6.2.2 > > domain.prefix-name > > Where "domain.prefix" MUST be a valid Internationalized Domain Name > as defined by [RFC5892], and "name" MUST be a unique name within the > > I would suggest using the keyword "U-label" from RFC 5890 here. While using > RFC 5892 as the reference implicitly requires U-label form, it seems more > comfortable for the reader to lay it out explicitly. > > namespace defined by the "domain.prefix". Use of a prefix in this > way allows for a name to be used initially in the private use range, > and to be registered at a future point in time. This is consistent > with the guidance in [BCP178]. > > Is the intention that just the "name" suffix part be what is registered, or > the whole "domain.prefix-name" construct? > > Section 6.2.3 > > Designated experts MUST ensure that new registration requests meet > the following additional guidelines: > > If they MUST be met, that sounds like "criteria" rather than "guidelines". > > That said, in other protocol ecosystems managed by the IETF, we've been > shifting towards much more lenient registration policies, in some cases > essentially a "shall-issue" guidance to the experts. This has been an > evolution in response to codepoint squatting and is an attempt to make > registration so easy that we can pretty reliably have all codepoints being > used be reflected in the registry. Attempting to use the registry and the > experts as a gatekeeping function may not always have the desired effect. > > * Index values and names outside the private use space MUST NOT be > used without registration. This is considered squatting and > SHOULD be avoided. Designated experts MUST ensure that reviewed > specifications register all appropriate index values and names. > > Why are we matching a SHOULD with a MUST NOT? Those are different > requirements levels. > > Section 6.2.4 > > Guidelines on how to deconflict > these value spaces are defined in Section 4.1. > > I'm not sure which part of §4.1 we're trying to refer to, here -- I see > guidance on how to interpret values using the version schemes registered by > this document, but am not finding much about how to define new version > schemes in the future. > > Section 6.3 > > Fragment identifier considerations: Fragment identification for > application/swid+cbor is supported by using fragment identifiers as > specified by Section 9.5 of [RFC8949]. > > Hmm, that reference says: > > % Fragment Identifier Considerations: The syntax and semantics of > % fragment identifiers specified for +cbor SHOULD be as specified > % for "application/cbor". (At publication of RFC 8949, there is no > % fragment identification syntax defined for "application/cbor".) > > I think it might be more typical to repeat the "SHOULD be as specified ... > at publication of RFC-AAA, there is no fragment identification syntax > defined..." text in this document rather than to say that it's supported and > point to a reference that says it isn't supported. (But I'm not really an > expert here, and it's a shame that the request for review on the media-types > list didn't get any responses back in October.) > > Magic number(s): first five bytes in hex: da 53 57 49 44 > > This magic number only holds if the toplevel concise-swid-tag is wrapped by > an explicit tag, but the use of the dedicated media type would normally > render the use of such a tag unnecessary. (It also only holds if the > requested CBOR Tag value is allocated, of course.) Do we need/want to > require the presence of this explicit tag somewhere in this document? > > Section 6.7 > > TAG_CREATOR_REGID "_" "_" UNIQUE_ID > > I think this construction suffers a lack of unique decomposition akin to > what I describe in Discuss point (6) -- underscore, including double > underscore, seems to be permitted in both the reg-id ("any-uri") and in the > textual form of the tag-id. > > Section 7 > > Signing CoSWID tags follows the procedures defined in CBOR Object > Signing and Encryption [RFC8152]. [...] > > draft-ietf-cose-rfc8152bis-struct is in AUTH48 waiting for me to reply to > some RFC Editor questions on Jim Schaad's behalf. I expect it to be > published before this document is ready, so updating the reference may be in > order. > > protected-signed-coswid-header = { > 1 => int, ; algorithm identifier > 3 => "application/swid+cbor", > 4 => bstr, ; key identifier > > I note that the COSE spec does not require kid to be in the protected > headers, since it's not guaranteed to be unique and is just a hint as to > what key was used. > > Additionally, the COSE Header counter signature MAY be used as an > attribute in the unprotected header map of the COSE envelope of a > CoSWID. The application of counter signing enables second parties to > provide a signature on a signature allowing for a proof that a > signature existed at a given time (i.e., a timestamp). > > Mention of COSE countersignatures should reference > draft-ietf-cose-countersign since the RFC 8152 countersignature does not > provide the desired properties. > > Section 9 > > A handful of additional potential security considerations to include: > > We allow the use of hash values accompanied by a "hash algorithm not known" > identifier, which seems to expose some risk of cross-algorithm attacks > that's worth noting here. I believe there only becomes practical impact if > some endpoints allow use of an insecure algorithm, but of course we may not > know immediately if an algorithm becomes insecure. > > We might also note that an attacker might try to prevent a CoSWID consumer > from learning about new (tag-)versions of a given CoSWID. CoSWID tags do > not have expiration dates or required freshness checks, so in principle a > powerful attacker could keep an endpoint stuck on an old (vulnerable) > tag-version for quite some time and leverage the vulnerable old tag in some > manner. > > Does [SWID] have any discussion of security considerations that we want to > incorporate by reference? > > It seems like entitlement-keys have the potential for actually being > confidential information in the CoSWID tag, that should not be distributed > widely. > > The use of "persistent-id" for grouping components could allow an attacker > to maliciously claim that their software is a member of some other group. > > Errors in setting the 'key' field of a filesystem-item could lead to bad > results from a check for whether a given component is installed. > > We probably want to incorporate the security considerations of RFC 8949 by > reference, even if we do already mention that decoders need to exercise > caution in certain regards. > > To support signature > validation, there is the need associate the right key with the > software provider or party originating the signature. This operation > is application specific and needs to be addressed by the application > or a user of the application; a specific approach for which is out- > of-scope for this document. > > I feel like we should say something about the need to protect the integrity > of this database of hat keys are authorized to sign which CoSWID tags. > > When an authoritative tag is signed, the originator of the signature > can be verified. A trustworthy association between the signature and > the originator of the signature can be established via trust anchors. > [...] > > I feel like somewhere in here would be a good place to note that just > because there is a signature, and even that the signature can be validated, > does not mean that the CoSWID tag is suitable for a certain use. The > trustworthy association mentioned here really is required, and it may not be > a simple matter of "all signatures that can be chained to a trust anchor are > trusted for all purposes". > > Consumers of > CoSWID tags would need to validate the tag using the new credentials > and would also need to revoke certificates associated with the > compromised credentials to avoid validating tags signed with them. > > Consumers would not need to "revoke" certificates associated with > compromised credentials, but rather consume revocation information about > those certificates, with the revocation information being issued by the > original issuer of the certificates in question. > > CoSWID tags are intended to contain public information about software > components and, as such, the contents of a CoSWID tag does not need > to be protected against unintended disclosure on an endpoint. > > I know we cover this later on, but we might mention here that the > association of a collection of CoSWID tags with a particular endpoint may > merit confidentiality protection. > > Since the tag-id of a CoSWID tag can be used as a global index value, > failure to ensure the tag-id's uniqueness can cause collisions or > ambiguity in CoSWID tags that are retrieved or processed using this > identifier. [...] > > It seems that a malicious CoSWID issuer could trivially cause such > collisions. It might be worth discussing this, and the potential > mitigations (don't use the issuer anymore!). > > applications that are vulnerable to certain types of attacks. As > noted earlier, CoSWID tags are designed to be easily discoverable by > an endpoint, but this does not present a significant risk since an > > I think we specifically said "*authorized* applications and users" earlier > (emphasis mine), so we might want to qualify the "easily discoverable" here > as well. > > Section 11.1 > > Whether [SAM] or [SEMVER] needs to be classified as normative is not > entirely clear. > > X.1520 probably would be fine as informative. > > NITS > > Section 2.9.1 > > The hash-value MUST represent the raw hash value in byte > representation (in contrast to, e.g., base64 encoded byte > representation) of the byte string that represents the hashed > resource generated using the hash algorithm indicated by the hash- > alg-id. > > I'm not sure that "hashed resource" is the most common phrasing for this > sentiment. Maybe it's the "hash over the [representation of the] resource"? > > Section 2.9.2 > > * root (index 25): A filesystem-specific name for the root of the > filesystem. The location item is considered relative to this > > Is it a filesystem-specific name or a host-specific name? > > >
- [sacm] Benjamin Kaduk's Discuss on draft-ietf-sac… Benjamin Kaduk via Datatracker
- Re: [sacm] Benjamin Kaduk's Discuss on draft-ietf… Henk Birkholz
- Re: [sacm] Benjamin Kaduk's Discuss on draft-ietf… Henk Birkholz