IETF Logo Mail Archive

Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document

"Schmidt, Charles M." <cmschmidt@mitre.org> Tue, 14 June 2016 19:02 UTC

Return-Path: <cmschmidt@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E98712D8F1 for <sacm@ietfa.amsl.com>; Tue, 14 Jun 2016 12:02:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.626
X-Spam-Level:
X-Spam-Status: No, score=-5.626 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FyIvclmZhpLE for <sacm@ietfa.amsl.com>; Tue, 14 Jun 2016 12:02:32 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 4675412D8DB for <sacm@ietf.org>; Tue, 14 Jun 2016 12:02:29 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 96B2DABC357; Tue, 14 Jun 2016 15:02:28 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (imshyb01.mitre.org [129.83.29.2]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 41BD0ABC36A; Tue, 14 Jun 2016 15:01:54 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Tue, 14 Jun 2016 15:01:53 -0400
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Tue, 14 Jun 2016 15:01:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=U5ywvJ6ggm/TV1VXLLHgB5WN3/HuAgYJ9iM3PnMvrvo=; b=eEZqQ6+l7mEiNVcnKoZO3ohOf0jeebBhc9vz9nwz4FHjrfnyB8uQynomwCQuXeiP76caDtTwpw+We5aK9Ks2oLsUgC/ri+kUHiw5KiTTmjBWxNIRjOXXwoWpQvzwV7Znt5xrIhbeSu3pWumr4ctr30IZUEg597SDFOJti9tNBW8=
Received: from SN1PR09MB0990.namprd09.prod.outlook.com (10.166.69.8) by SN1PR09MB0989.namprd09.prod.outlook.com (10.166.69.7) with Microsoft SMTP Server (TLS) id 15.1.517.8; Tue, 14 Jun 2016 19:01:51 +0000
Received: from SN1PR09MB0990.namprd09.prod.outlook.com ([10.166.69.8]) by SN1PR09MB0990.namprd09.prod.outlook.com ([10.166.69.8]) with mapi id 15.01.0517.013; Tue, 14 Jun 2016 19:01:51 +0000
From: "Schmidt, Charles M." <cmschmidt@mitre.org>
To: Gunnar Engelbach <gunnar.engelbach@threatguard.com>, "tony@yaanatech.com" <tony@yaanatech.com>, Adam Montville <adam.w.montville@gmail.com>, "<sacm@ietf.org>" <sacm@ietf.org>
Thread-Topic: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
Thread-Index: AQHRwrFMhZw7lyao2UagUav4D+Ed8p/pV3Bg
Date: Tue, 14 Jun 2016 19:01:51 +0000
Message-ID: <SN1PR09MB0990FB5BD43F1E78C84CAD11AB540@SN1PR09MB0990.namprd09.prod.outlook.com>
References: <17198AFF-DF5A-46BC-B84A-2AAF1717BD90@isoc.org> <EC234EFE-95AB-444B-8A5D-782ADBD60559@gmail.com> <1c99b26c-bdac-5798-1bd9-e957b11ae4bd@yaanatech.com> <db612b00-c11a-88c1-45da-35e0693305e9@ThreatGuard.com>
In-Reply-To: <db612b00-c11a-88c1-45da-35e0693305e9@ThreatGuard.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cmschmidt@mitre.org;
x-originating-ip: [192.160.51.89]
x-ms-office365-filtering-correlation-id: 42172336-0e1d-4e9e-70d1-08d39486580f
x-microsoft-exchange-diagnostics: 1; SN1PR09MB0989; 6:g2FbFydke0ioEuvzxJ4AFKuEwiPxwOhA4dZV7tPH3Lqemnh4+sIhrJmXOYplQH0d56K2ZL6oI9OWnEQ6zPcXKaA9xP90mQ92/x4Y2nD7TNHzfbDc5DBn2PLScoZi2qV+sC0WBPa45gZxgiTgeszZrawt9R4ffOQrQaBX7EWwv1SotCchoqHS7sq58S/bYQ3+GOwXMu7pYww5XGMy8FjPGvoLnKZre71dKAS7ZSajlX5KexBvIfB5U4lP2mN5VLuNUExmmUnbv5I3xFUvFhVV/jvK7gUpxA2fgC1AJ1jLMka8xl3s6RFbAFglipivvO0f9X0kd/nfOFKpfzKLSrzTmA==; 5:ijIIjqQorM4sEMn+D7wialJEtL+9jKj1SRUDdyDthz4PPJpFXOvrGp2MzQvWNAk2Khi3Yzkj9Rp6jOOUUMReP85HdbRSXSFQk3pqsuJMLcITLvl2wsS4jqF8xa8DUb4FwGIMdRRZOU6SeV7of4kY5Q==; 24:BEPSivnu1/i3Ux3wPcUYtoNaINXtUWoIOaI87rFi19hW1xczP5E6A2Ec+U4xbEhrRKU+MFi/rs1AJzpNTFn+fz7pNdAvpBzJLFUtz/diuFI=; 7:XDAvrn/tm7skbnbbjA50VntU1Z42SYD58+Zqsvcnp85p/Ue+OXVrUPLs50WpNLPTrair6xJPacaVfe3W5OfGdFQsykQeQRbTo2H/XiBnLa1KGnLDWDGlFCsM8c4t9xCVGcgD99LGiJUX41jUYdi+0efeao7qVTYNxrBHJn7sSFVD17WD/M5IgOHr7X9oyZUoXhTbeaPDY9X8XpfKIlSgBqJ05XPlnJJevRx3ICssQVk=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR09MB0989;
x-microsoft-antispam-prvs: <SN1PR09MB098947160C44382A98FB1933AB540@SN1PR09MB0989.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415321)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:SN1PR09MB0989; BCL:0; PCL:0; RULEID:; SRVR:SN1PR09MB0989;
x-forefront-prvs: 09730BD177
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(189002)(199003)(13464003)(377424004)(71364002)(51914003)(24454002)(52044002)(377454003)(76576001)(87936001)(189998001)(2950100001)(33656002)(15975445007)(5002640100001)(77096005)(19580405001)(5004730100002)(2900100001)(74316001)(19580395003)(54356999)(76176999)(3660700001)(99936001)(50986999)(97736004)(68736007)(5001770100001)(107886002)(5003600100002)(92566002)(93886004)(101416001)(3280700002)(5008740100001)(81166006)(8676002)(81156014)(66066001)(99286002)(106116001)(2906002)(105586002)(106356001)(230783001)(122556002)(86362001)(2501003)(10400500002)(9686002)(8936002)(586003)(11100500001)(102836003)(3846002)(6116002)(491001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR09MB0989; H:SN1PR09MB0990.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; CAT:NONE; LANG:en; CAT:NONE;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0107_01D1C645.48FE6650"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2016 19:01:51.1901 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR09MB0989
X-OriginatorOrg: mitre.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/q3qsBelmcLZlvlbqnje-GwLK0OE>
Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2016 19:02:34 -0000

Hi Gunnar,

Thanks for the suggestions. I agree with these requirements with a possible
tweak on number 3: I would say that the data model needs to cover a
sufficent "core", but probably does not need to explicitly cover every piece
of information from every reasonable, providing that the extensibility
features described in item 1 would allow that information to be captured.
The end result is the same - the transmitted data can capture all
information from whatever source is used without loss. The difference is
that we only need to identify fields that are likely to be of common
utility, and edge cases can naturally be taken care of through extensions.

Does this seem reasonable?

Charles

> -----Original Message-----
> From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Gunnar Engelbach
> Sent: Thursday, June 09, 2016 7:45 PM
> To: tony@yaanatech.com; Adam Montville <adam.w.montville@gmail.com>;
> <sacm@ietf.org> <sacm@ietf.org>
> Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc
as
> a SACM WG document
> 
> 
> 
> Hey Tony, funny thing that you should say that.  You seem to have a better
> awareness of the other efforts going on out there than I do, so I could
use
> your help in identifying other good candidates and what will be necessary
to
> support as many of them as possible.
> 
> What I'd really like to do is take a more formal approach -- gather some
> requirements and then see from among the existing efforts which is the
best
> from among those that are good enough.  If any.
> 
> But first is a matter of setting the requirements.  Stated generally, I
really
> only have three:
> 
>   1)  Is extensible -- as a fork outside of the current owner, if
necessary, to be
> sure it continues to meet SACM needs without relying on the good graces of
> the current owner
> 
>   2)  Readily accessible (eg., spec is not cost prohibitive for any users)
> 
>   3)  The most complete (that is, closest to being able to represent the
other
> tag types without loss of data or shoe-horning data into fields that
weren't
> really meant for that type of data)
> 
> 
> I'm sure Charles, et al, will have other requirements, so feel free to
chime in.
> However, I think the simpler and more informal we can keep this list the
> quicker we can grind through it.
> 
> 
> --gun
> 
> 
> 
> 
> 
> On 6/9/2016 2:33 PM, Tony Rutkowski wrote:
> 
> 
> 	Hi Adam,
> 
> 	A good solution.  Charles and Gunnar should also engage
> 	in some proactive outreach.  Simply stating that "no other
> 	solutions to the problem of software identification have
> 	been submitted" is preposterous when there are so many
> 	out there.  IMHO, one of the long-standing problems with
> 	SACM is its institutional and participatory insularity in an
> 	arena where so many almost identical activities are occurring
> 	in other venues where there is far greater industry participation.
> 	Ignoring them diminishes the value of whatever SACM
> 	accomplishes.
> 
> 	--tony
> 
> 
> 	On 2016-06-09 3:47 PM, Adam Montville wrote:
> 
> 
> 		All:
> 
> 		After several on-list discussions, the last virtual interim,
and
> the discussions surrounding this call for adoption, the chairs acknowledge
> that there are some key concerns with this draft, but also see that there
is
> rough consensus for adoption.  We additionally note that no other
solutions
> to the problem of software identification have been submitted to the
> working group [1].
> 
> 		Because the topic of software identification, and SWID in
> particular, appears to be a contentious one, we are designating Charles
> Schmidt and Gunnar Engelbach as editors of the working group draft [2].
We
> believe that Charles and Gunnar will bring the necessary balance to this
draft,
> so that the key concerns are sufficiently addressed.
> 
> 		Kind regards,
> 
> 		Adam & Karen
> 
> 		[1] This draft adoption does not preclude future alternative
> submissions
> 		[2] Note that original authors will remain authors, but
Charles
> and Gunnar will hold the pen.
> 
> 
> 
> 			On May 17, 2016, at 11:21 AM, Karen O'Donoghue
> <odonoghue@isoc.org <mailto:odonoghue@isoc.org> > wrote:
> 
> 			Folks,
> 
> 			As discussed during our last couple of meetings,
this
> is the official call for adoption of
<https://datatracker.ietf.org/doc/draft-
> coffin-sacm-nea-swid-patnc/>
https://datatracker.ietf.org/doc/draft-coffin-
> sacm-nea-swid-patnc/ as a SACM working group document.
> 
> 			Please reply with any comments or concerns along
> your support of this action to the mailing list.
> 
> 			Thanks,
> 			Karen and Adam
> 
> 	_______________________________________________
> 			sacm mailing list
> 			sacm@ietf.org <mailto:sacm@ietf.org>
> 			https://www.ietf.org/mailman/listinfo/sacm
> 
> 
> 
> 
> 
> 
> 
> 	_______________________________________________
> 		sacm mailing list
> 		sacm@ietf.org <mailto:sacm@ietf.org>
> 		https://www.ietf.org/mailman/listinfo/sacm
> 
> 
> 
> 
> 
> 	_______________________________________________
> 	sacm mailing list
> 	sacm@ietf.org <mailto:sacm@ietf.org>
> 	https://www.ietf.org/mailman/listinfo/sacm
>

v2.23.0 | Report a Bug | By Email