Re: [sacm] WGLC for draft-ietf-sacm-coswid
Carsten Bormann <cabo@tzi.org> Fri, 05 July 2019 10:21 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0A1412009C for <sacm@ietfa.amsl.com>; Fri, 5 Jul 2019 03:21:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08TtWUJ4c18t for <sacm@ietfa.amsl.com>; Fri, 5 Jul 2019 03:21:09 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 961E012017C for <sacm@ietf.org>; Fri, 5 Jul 2019 03:21:09 -0700 (PDT)
Received: from client-0014.vpn.uni-bremen.de (client-0014.vpn.uni-bremen.de [134.102.107.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 45g9q66RjSzyrW; Fri, 5 Jul 2019 12:21:06 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <C9EA170C-8435-427D-A483-E4A0BEA706BA@isoc.org>
Date: Fri, 05 Jul 2019 12:21:06 +0200
Cc: "sacm@ietf.org" <sacm@ietf.org>
X-Mao-Original-Outgoing-Id: 584014862.6816961-512a09849d749a0407f6a14af51bbeee
Content-Transfer-Encoding: quoted-printable
Message-Id: <8D332E03-0255-42E6-9603-142800C10F2B@tzi.org>
References: <C9EA170C-8435-427D-A483-E4A0BEA706BA@isoc.org>
To: Karen O'Donoghue <odonoghue@isoc.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/dlXLh3_nbELuICphhKrV0vlf2Sk>
Subject: Re: [sacm] WGLC for draft-ietf-sacm-coswid
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jul 2019 10:21:13 -0000
Nice piece of work. While I didn’t have time to fully check the whole I-D, I skimmed it, and came up with the following. I’ll also send a few editorial comments to the authors. Grüße, Carsten # Major The term "private use" is used repeatedly but not explained. Is this meant for random software authors to dump random information into their coswid tags? Are there any usage guidelines? This sounds like an X-Dash problem waiting to happen (please see RFC 6648). The document qualifies some values as 8-bit, 16-bit etc. That is unnecessary. Any value ranges that are important should be given, and they need to be consistent (version-scheme cannot be both 8-bit and have a private use range of 32768-65535). If a value range is important, it should also be visible in the CDDL. The way URIs are used is trampling on the URI scheme space (coswid:, swidpath:). Maybe not much can be salvaged there, but shouldn't these be registered? # Minor [SEMVER] -- is this really needed as a normative reference? Please also compare draft-verdt-netmod-yang-semver Similarly, [SWID-GUIDANCE] is not a great source for a normative reference. AFAICS, this is used to define "primary/patch/corpus/supplemental". Can this be drawn out of the original [SWID]? I don't think you have a fragment identifier scheme, even though the media type registration is written for one (with a dangling internal reference). Since this is a +cbor media type, any fragment identifier scheme would also have to include any defined for CBOR itself (none so far), but beyond that RFC 7049 gives you freedom. Do you want to use those fragment identifiers? If no, please update the fragment identifier scheme text in the media type registration to no longer point to it. Is there a point in carrying around GUIDs in text form? Text (in RFC 4122 form) is 36 bytes, binary is 16. > On Jun 27, 2019, at 22:36, Karen O'Donoghue <odonoghue@isoc.org> wrote: > > Folks, > > As discussed at our virtual interim on Tuesday, this begins a three week working group last call for: > > Concise Software Identification Tags > https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/ > > Please reply to this email thread with an indication that you have read the document, any comments you may have, and your assessment of whether or not it is ready to proceed to publication. > > DEADLINE: Please reply by Friday 19 July 2019. > > Thanks! > Karen and Chris
- [sacm] WGLC for draft-ietf-sacm-coswid Karen O'Donoghue
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Nelson, Alexander J. (Fed)
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Waltermire, David A. (Fed)
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Ira McDonald
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Carsten Bormann
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Carsten Bormann
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Fuchs, Andreas
- [sacm] REMINDER: WGLC for draft-ietf-sacm-coswid Karen O'Donoghue
- Re: [sacm] REMINDER: WGLC for draft-ietf-sacm-cos… Adam Montville
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Ira McDonald
- Re: [sacm] REMINDER: WGLC for draft-ietf-sacm-cos… Monty Wiseman
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Mark D. Baushke
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Jarrett Lu
- Re: [sacm] REMINDER: WGLC for draft-ietf-sacm-cos… Smith, Ned
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Nelson, Alexander J. (Fed)
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Waltermire, David A. (Fed)
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Waltermire, David A. (Fed)
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Nelson, Alexander J. (Fed)
- Re: [sacm] WGLC for draft-ietf-sacm-coswid Waltermire, David A. (Fed)