Re: [sacm] AD Review of draft-ietf-sacm-coswid-15
David Kemp <dk190a@gmail.com> Wed, 17 February 2021 22:45 UTC
Return-Path: <dk190a@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 919723A11AE for <sacm@ietfa.amsl.com>; Wed, 17 Feb 2021 14:45:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id axxPm5KgAuY1 for <sacm@ietfa.amsl.com>; Wed, 17 Feb 2021 14:45:28 -0800 (PST)
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC9D43A11AD for <sacm@ietf.org>; Wed, 17 Feb 2021 14:45:28 -0800 (PST)
Received: by mail-oi1-x231.google.com with SMTP id d20so16740927oiw.10 for <sacm@ietf.org>; Wed, 17 Feb 2021 14:45:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eHeo7/WDWj07iQBEHAP/AmGjOo8q9cE5rJbZWD9YsGE=; b=u5qm30zxyYJdjMGMi03+Gu4wr/EG0Pr4fWXVYnL5GidA1nwL5vIgM8loSFegRvtxG+ Fdd1fcz03Ew0U0mZKDg1iHwzGI0w22QbyH9cRYk6LxkfQfzaplFarOS4DtVTTYCaJHuT nFMOhO8DS/Wxo9eM9e0XwlUluK4FZ3M2pXfCPenZ0jTbnLkE6Y04v+CcrMx0+9pw/aWX 7G22J2lonpg9mUprgw2x0NYAvCyuirpAPBwryJIUMN78TutVVpGTCK85H9V6oHehAUsJ +JTC3XCntYMGvNDT/VWMiwARoOqnc3aWmHIRSBBY6VqqzYBZ8ezu12QPNdXTHzXiHfdo EPiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eHeo7/WDWj07iQBEHAP/AmGjOo8q9cE5rJbZWD9YsGE=; b=giFrBq8uedoJ5a7wymCuj7M/gCs+0mSx7cZ2G0FYnpfuzBsz3ITr1O7Y4dipUnystT /ewFPC6rfm7b3Z8fWBfLI8tiUosXfynYzhcO1qDLeOfyT6nUee2TqkEYGEF/zPex3GGz pWEyIq0XNIt0lXfiuZ+gwjl+uF2XlPbFcABfchtAVCGjpBlOXCjyFqFpfO4MKvj/WjjW NNUqG3SPOF+0kjAHJEog09Yn7E1Dzxosgfz79dwVGjEYaPzn3jtVwRWz1Z16Wbpes7XZ 7PGvrn531xKDSn34j7c7B48lMwEsti129IYrx2zquzjmyusuSD8XGCse6M++bY1FBIH/ Jk8w==
X-Gm-Message-State: AOAM531MG4QHvbyCdcu2vpk0a/9NbTq8r+GwKBfvLzoOCHE+ijLZ1sRK KlpjWkxQ4iT4ou0z+RSzL8SQLHNJdiCxdZngnyc=
X-Google-Smtp-Source: ABdhPJyQ+Qz+Os5kLz8D2qyxWHA1tBFC4iBpan+Y4Nxp+lNpSntZFEQqSMPk6ezg7aEL3yvssN1v5N+r9InfMwNP/eE=
X-Received: by 2002:aca:d8c6:: with SMTP id p189mr757049oig.54.1613601928085; Wed, 17 Feb 2021 14:45:28 -0800 (PST)
MIME-Version: 1.0
References: <d2439fe599dd48508c7cedaed3be7764@cert.org> <CAM+R6NXLyOFm10omDFLKS=EGv6xq77r9+dVPFwY=CCAGuuWL8g@mail.gmail.com> <c25873c6f6834d74a6bf7cf1c314bfad@cert.org> <DD21CD76-E713-4EDC-880C-8DC98547A243@tzi.org>
In-Reply-To: <DD21CD76-E713-4EDC-880C-8DC98547A243@tzi.org>
From: David Kemp <dk190a@gmail.com>
Date: Wed, 17 Feb 2021 17:45:16 -0500
Message-ID: <CAE5tNmoMkLMo--MqoQbsvJdtWPmLzYVsmdx4znGdE_sDoFoYRw@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: Roman Danyliw <rdd@cert.org>, "<sacm@ietf.org>" <sacm@ietf.org>, Jessica Fitzgerald-McKay <jmfitz2@cyber.nsa.gov>, "Waltermire, David A." <david.waltermire@nist.gov>, Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, "Schmidt, Charles M." <cmschmidt@mitre.org>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Content-Type: multipart/alternative; boundary="000000000000bb825c05bb8ff9af"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/bI1mKrNOEc9I55lyagub9IN1aOs>
Subject: Re: [sacm] AD Review of draft-ietf-sacm-coswid-15
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2021 22:45:31 -0000
I believe CoSWID should use RFC 7049 Tag 1 (POSIX Time), with or without the tag, defined as seconds since the epoch. POSIX time is both more compact and more computationally pure than strings and their myriad formats and leap second hacks. CoSWID is a newer document than SWID and should have the flexibility to represent date-time, regardless of whether the current version of SWID is restricted to date only. Use cases should drive requirements, and it seems plausible that software identifiers could be issued more than once per day. And if restriction to date resolution is desired by policy, it should be expressed as policy rather than hard-coded into the underlying data format. Dave On Fri, Feb 12, 2021 at 10:20 AM Carsten Bormann <cabo@tzi.org> wrote: > On 2020-11-15, at 20:15, Roman Danyliw <rdd@cert.org> wrote: > > > > > > ** Section 2.9.4. The date field here is a CDDL time type. In SWID, > the equivalent is a xs:date. Wouldn't it be more appropriate to use a CDDL > tstr here? > > [Update: I see you're tracking this and have a marker for it with > [QUESTION: Is "time" a correct representation of XSD:date?]” > > By now, we have RFC 8943, which defines two representations of calendar > date: > > Tag: 1004 > Data Item: UTF-8 text string > Semantics: [RFC3339] full-date string > Reference: RFC 8943 > > Tag: 100 (ASCII 'd') > Data Item: Unsigned or negative integer > Semantics: Number of days since the epoch date 1970-01-01 > Reference: RFC 8943 > > So tag 1004 is directly equivalent to xs:date’s XML text form, while tag > 100 is a compact form of that that would be more appropriate for COSWID in > my view. > [Note that the conversion between the two is entirely based on the > principles of the Gregorian calendar, it will not be messed with by > politicians (and their desire to get a memorial monument by messing with > time zones) or by the time-nuts and their leap seconds.] > > +==================+==============+=========+ > | Date | Tag 1004 | Tag 100 | > +==================+==============+=========+ > | October 9, 1940 | "1940-10-09" | -10676 | > +------------------+--------------+---------+ > | December 8, 1980 | "1980-12-08" | 3994 | > +------------------+--------------+---------+ > > Table 1 > > As usual, we can import the definitions made in this RFC into other RFCs > without necessarily using it *as a tag* (i.e., we can use a tag in > unwrapped form, if desired). > > Grüße, Carsten > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm >
- [sacm] AD Review of draft-ietf-sacm-coswid-15 Roman Danyliw
- Re: [sacm] AD Review of draft-ietf-sacm-coswid-15 Jessica Fitzgerald-McKay
- Re: [sacm] AD Review of draft-ietf-sacm-coswid-15 Roman Danyliw
- Re: [sacm] AD Review of draft-ietf-sacm-coswid-15 Carsten Bormann
- Re: [sacm] AD Review of draft-ietf-sacm-coswid-15 David Kemp
- Re: [sacm] AD Review of draft-ietf-sacm-coswid-15 Carsten Bormann