IETF Logo Mail Archive

Re: [sacm] IETF 95 Agenda on SWID world

Tony Rutkowski <tony@yaanatech.com> Thu, 07 April 2016 12:50 UTC

Return-Path: <tony@yaanatech.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BAA012D8F3 for <sacm@ietfa.amsl.com>; Thu, 7 Apr 2016 05:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c-vdOjZfLRWY for <sacm@ietfa.amsl.com>; Thu, 7 Apr 2016 05:50:43 -0700 (PDT)
Received: from sc9-admin2.yaanatech.net (63-128-177-42-static.dzbja.com [63.128.177.42]) by ietfa.amsl.com (Postfix) with ESMTP id 35AFD12D8F1 for <sacm@ietf.org>; Thu, 7 Apr 2016 05:50:38 -0700 (PDT)
Received: from extmail1.yaanatech.com (extmail1.yaanatech.com [63.128.177.51]) by sc9-admin2.yaanatech.net (Postfix) with ESMTP id 18A6911D; Thu, 7 Apr 2016 12:50:38 +0000 (UTC)
Received: from [192.168.1.51] (pool-173-67-205-17.clppva.fios.verizon.net [173.67.205.17]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by extmail1.yaanatech.com (Postfix) with ESMTP id BE3045808E; Thu, 7 Apr 2016 12:47:11 +0000 (UTC)
References: <04C2FAE9-476B-489F-81CB-48BCAAFA29D6@gmail.com> <SN2PR0601MB099226A18B2F660403AB4DC8A89A0@SN2PR0601MB0992.namprd06.prod.outlook.com> <E6535DCE-089D-4EEA-BA8F-AA1F1D5C42A5@gmail.com> <57064BF9.4060805@yaanatech.com> <93818705-EDFF-479F-8D36-930EB2E6BA24@gmail.com>
To: Adam Montville <adam.w.montville@gmail.com>
From: Tony Rutkowski <tony@yaanatech.com>
Organization: Yaana Technologies
Message-ID: <5706579C.5060407@yaanatech.com>
Date: Thu, 07 Apr 2016 08:50:36 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <93818705-EDFF-479F-8D36-930EB2E6BA24@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/rGVwF4fV-4Tpv4_w7SPvijtwZy0>
Cc: "<sacm@ietf.org>" <sacm@ietf.org>
Subject: Re: [sacm] IETF 95 Agenda on SWID world
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: tony@yaanatech.com
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 12:50:45 -0000

Hi Adam,

My apologies for being irreverent, but watching
this OSI SC7 SWID effort unfold over the past ten
years is like watching OSI unfolding in the 1980s.
It's like malware that has now infected the IETF.

There are multiple ways of accomplishing the
objective within the industry today.  You need to
begin to look at how this is being done and how those
different approaches can be made to interoperate
without trying to cram it all into a hopeless ISO
standard with (from what I can tell) 105 different
xml data elements and 43 complex types.

Just as it was in the 1980s, it's a waste of good
talent and resources.

--tony

On 2016-04-07 8:28 AM, Adam Montville wrote:
> Tony,
>
> Thanks for your comments, insights, and references.  I think SWID is a starting point, as any reasonable engineer would recognize that no single software identification standard will get security automation across the goal line.
>
> To clarify the SWID XML/CBOR confusion, that was an example of the boundaries between information models, data models, and serializations.  If you have an opportunity, you should review the MeetEcho recording.
>
> Kind regards,
>
> Adam

v2.23.0 | Report a Bug | By Email