IETF Logo Mail Archive

Re: [sacm] IETF LC Directorate reviews for draft-ietf-sacm-coswid

Scott Bradner <sob@sobco.com> Tue, 25 January 2022 20:55 UTC

Return-Path: <sob@sobco.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 718B93A1246 for <sacm@ietfa.amsl.com>; Tue, 25 Jan 2022 12:55:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.916
X-Spam-Level:
X-Spam-Status: No, score=-0.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, PDS_RDNS_DYNAMIC_FP=0.002, RDNS_DYNAMIC=0.982, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iepRlo_fS3oI for <sacm@ietfa.amsl.com>; Tue, 25 Jan 2022 12:55:33 -0800 (PST)
Received: from sobco.sobco.com (173-166-5-71-newengland.hfc.comcastbusiness.net [173.166.5.71]) by ietfa.amsl.com (Postfix) with ESMTP id 4A0003A1201 for <sacm@ietf.org>; Tue, 25 Jan 2022 12:55:33 -0800 (PST)
Received: from smtpclient.apple (golem.sobco.com [136.248.127.162]) by sobco.sobco.com (Postfix) with ESMTPSA id 264552A3845; Tue, 25 Jan 2022 15:55:32 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.40.0.1.81\))
From: Scott Bradner <sob@sobco.com>
In-Reply-To: <b0eee453-b494-591c-b597-508b638680c0@sit.fraunhofer.de>
Date: Tue, 25 Jan 2022 15:55:31 -0500
Cc: Roman Danyliw <rdd@cert.org>, sacm@ietf.org, "Salz, Rich" <rsalz@akamai.com>, Robert Sparks <rjsparks@nostrum.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <50005062-6E2E-4916-925F-7FEDA5F64CDD@sobco.com>
References: <BN1P110MB0939568CF0E61FF364CD6B7EDCBF9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <17f95b5f-2890-b658-eabb-4bee19ad3404@sit.fraunhofer.de> <E77143BB-F615-4DCF-A1EE-3504D88957AC@sobco.com> <b0eee453-b494-591c-b597-508b638680c0@sit.fraunhofer.de>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3693.40.0.1.81)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/VYnqoT1ePYFu4wXpOR-AAoe-UEw>
Subject: Re: [sacm] IETF LC Directorate reviews for draft-ietf-sacm-coswid
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jan 2022 20:55:39 -0000

yup - tnx

Scott

> On Jan 25, 2022, at 3:53 PM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
> 
> Hi Scott,
> 
> yes, we added some clarifying text to section 6.2.
> 
> Does that address your open issue appropriately?
> 
> 
> Viele Grüße,
> 
> Henk
> 
> On 24.01.22 12:32, Scott Bradner wrote:
>>> On Jan 24, 2022, at 6:26 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
>>> 
>>> And here are the corresponding responses. Scott, Rich, and Robert are included to the TO, analogously.
>>> 
>>>> (1) Scott Bradner did an OPSDIR review -- https://datatracker.ietf.org/doc/review-ietf-sacm-coswid-18-opsdir-lc-bradner-2021-08-07/.  The following feedback does not appear to be discussed or resolved:
>>>>> along the same line - it would seem to me that the IANA repository should be at
>>>>> https://www.iana.org/assignments/coswid  (or co_swid) not
>>>>> https://www.iana.org/assignments/swid
>>>> I believe the comment is about the following text in a few places in Section 6.2.*:
>>>>    [TO BE REMOVED: This registration should take place at the following
>>>>    location: https://www.iana.org/assignments/swid]
>>>> Earlier in the text in Section 6.2:
>>>> "6.2.  Software Tag Values Registries
>>>>    The following IANA registries provide a mechanism for new values to
>>>>    be added over time to common enumerations used by SWID and CoSWID."
>>>> It would seem that if in fact things should stay in "assignments/swid", there is a missing registration procedure item -- nothing can be added if it isn't in the SWID specification.  I under the impression from earlier conversations that we wanted to provide flexibility for CoSWID to potentially extend it's own data model independent of SWID (i.e., there could be data elements in CoSWID that were not in SWID).  If so, this suggests that "assignment/coswid" should be used instead (as Scott was suggesting).
>>> 
>>> This seems to be a misunderstanding that we did not capture well. The registry we are looking for must serve both the SWID space and the CoSWID.
>>> While these are fueled by two documents - namely from ISO-IEC and IETF - it is beneficial for interoperoperabitly to align them. Now - we understand that SWID is not CoSWID and that the IETF is not responsible in any way how ISO operates. Yet, IETF will be in charge of the registry from now on - and ISO action will have to work throgh the IETF process as defined in the I-D. And that is a decision made in consensus with the ISO authors and the SACM WG.
>>> 
>>> There is no requirement in CoSWID or the registration procedures that require anything added to a registery must first exist in the ISO-IEC SWID specification.
>>> 
>>> In summary, that is why it is okay to do the registry under 'swid'. This is also why the name 'swid' was chosen as a neutral name for software identification that can serve both uses for the registered values.
>> OK - is that going to be clarified in the document?
>> Scott

v2.23.0 | Report a Bug | By Email