[sacm] Resolving DISCUSSes on draft-ietf-sacm-coswid-21
Roman Danyliw <rdd@cert.org> Sun, 20 March 2022 15:58 UTC
Return-Path: <rdd@cert.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B1C63A0E5B for <sacm@ietfa.amsl.com>; Sun, 20 Mar 2022 08:58:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJPehQkQQtPi for <sacm@ietfa.amsl.com>; Sun, 20 Mar 2022 08:58:36 -0700 (PDT)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0130.outbound.protection.office365.us [23.103.209.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EB143A0E58 for <sacm@ietf.org>; Sun, 20 Mar 2022 08:58:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=XoNvoT5I+0ciDfAE/ULj+GeFCcOyN5W2DGG0R0Tsfz4lpxFzFST1aZWVYcRkSWDRywtPajGxlaj4IfkmAH4JL0eTnqmCBCeEFUOsZrLXjoDbIt24CcsY3c+wdQ/c53qQ51JTySied3Et6Z91uEasvHF6MlnXr08T4rumegt1Ozf8LCAjHSVSlkBLJFVtqv8sT0mtj70dwYWr5tRNrZdjekvOwwScjzj7quN18N6M+HpczXzYTrGO61EJwgSFnkI9qYCx0gzlUxsMve8AUgi4Unjz45A415DM3BJlI/AF17t53qKzib22v9nGzERKmbHT+8oDofMJqd3Gf9UH8sDHzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0cG+9Kco2qBGxUvvNmjPPVVjpk0rDb7H2F1KFmFUuTk=; b=TNVVklfwpQhjEy7EkGU6WEPzdiIWhWJka3yiayXjYffYKrbBkd/mQ+31VD/EYvUPjXl9HKrQ8Z4Ba+x0XiMYp1oiMoIznTRbBgDijT7liIIFGPO2q+psL3+mQG2B21Xwyp+MnTBC1sTcmAzvsB95zkursNYhdUtbxJXonG1oOjt9hsrhvzKYIPIasohlz15c3Te2ZIbX0ik/z6dQSkwLpEBGEBmPK5pKQLyyJm/zHUGgPnlvVNS1ceb0ESB2IPXRzSJwMe9/Da6B2NJ5GK36aQ0QwWdReUSzQNqZ0T/KLDIHdH7bOCO+Jso1hq3sNSO5MFllSksw089P4pJNoB/HtA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0cG+9Kco2qBGxUvvNmjPPVVjpk0rDb7H2F1KFmFUuTk=; b=bIp3kamj2CZdspUvC1X02Xiv6Mayv9S7TnJZuG5+mUlyMZ/z8CnKVJc/O+oo5wMLfKQDKkLAEf4qI2wkxt+eDxkyPZQLj84OtqXV3hpUTkmapiZfAUB4rhrJE/1c99sSwYCVlMhSJ4KQG/uQ2o8a4M2Mgh7Ok63bXKeRtESs7bU=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1060.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:169::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.13; Sun, 20 Mar 2022 15:58:31 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::3525:e765:3ea4:f086]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::3525:e765:3ea4:f086%5]) with mapi id 15.20.5061.024; Sun, 20 Mar 2022 15:58:31 +0000
From: Roman Danyliw <rdd@cert.org>
To: "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: Resolving DISCUSSes on draft-ietf-sacm-coswid-21
Thread-Index: Adg8cKKNQPY67o2OSamIUgLV6mURbA==
Date: Sun, 20 Mar 2022 15:58:31 +0000
Message-ID: <BN2P110MB110735596771746965786FA5DC159@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a3737d31-eb7f-40d1-77a7-08da0a8a7b0d
x-ms-traffictypediagnostic: BN2P110MB1060:EE_
x-microsoft-antispam-prvs: <BN2P110MB1060FE692C42B0F4FBD0D46FDC159@BN2P110MB1060.NAMP110.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JtzKC3c4QgBqfz8mJI1kv6Nf06OixZkdW9Azl45NFbD1Zf4VCyoyrEiOaF5988p38rSMDW71sEfubAWZLY9mNSlfQdhMxCgSybhGj3rkBV1w0oUJp6sw8ZeFvf4tOPs3zV1tDVlhI+9Kn4NswHdxo2kfFtVWro+Fn5LbOZg5e794dAdMvUD0NRoc+wZWf2DugSL45n0o6ARhMzPT1cnHvnet5Dd60a/di6Bs0X8D2xRuFDLn5sMmeaWbqZFsODu5Hn6pFVGG2qIArAC3OIByuZ16+8takSLnFsis2XQSDIjmlhAulBHPjmkSOTNORvvk6tGjtVByIk5Sr7w7IaIYkR9JyZKlZWrZ5ERy0/64eKXmHxS0k00s19LxeX2HXaRQoxUkATl8ft32mWnHjYqEwkflPBuCXwjo7dif0WZgau+5FZ/pdaVPQ16xD43p5xyMxeizrQ3LgYuYJ9PF8+TkEKl3FdVDuJIeKlxNyyYhmfIuw+uAEthZf57NYVFg6/7iexNukWDFsgk2MV6yqd5EP/7gL6cvREJBXJZigKaNP/B/dCe+3BS7/T+1oetfI0d0SjI2Bgo6Qkl9SE09gu1y34CEokSXoXXhVGufBfMQDBnIses3wU0kmVO+hyFId1rx5ZS2jje5fI7/5pHeVwYVGQeMZPkaYEKer3JnHv6dLCWD9rwUovtImXwv6RB8TWfBME5VX9MLTOehvkNKoujUkjeID0jGf9gaxbNsC1mdElJgvoameqRbzLvpuYZAZ4ahXG9LE7fkrXZw7ZmZdCyjQA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(5660300002)(2906002)(66446008)(66476007)(66556008)(66946007)(8676002)(6916009)(76116006)(52536014)(8936002)(71200400001)(498600001)(966005)(6506007)(7696005)(33656002)(55016003)(9686003)(64756008)(83380400001)(38070700005)(38100700002)(82960400001)(122000001)(26005)(86362001)(186003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PHb9zy4qDy3BVCONRspXydrbtQ49/VavUCk62e9jT56CwvQ/ufpJwfsfMuvaS208TEo3iE36XMlrfeN1ovoNK20t3afYJgxb/RW51kHtd9zx/lsAIcZ2HTeq7wJzCvmG4owkoZga4furqelYyNy4KOLbfY7fmi88xN4ufMpOB/SrrQJ6lAwQkvzZ4/EESIwfEzgbvm4tt7kGgVMx7wfZSQF0zBq+iP6DJF+srW1Z9Pt1rqYDbKWAvMtOE1Yzw5mza6pladoUfqjT1xMODnz30ANlAqhh00AeFCAtKCLehxn53kVky3hDKj/CfKQ2r+jeMq5YPILyR4RrhFM/H402WoPFE2oFetnilu7jL6/NiuMyKyfy+fTUTBdluLEEKdvT+lL2IvMW9CAsa4SyvJ1ezvZr36vJO6C/SNG2lqWmtQ+cElYclaLYNFkMEXADryXr/9lFz3ucU3PFT7OaSXKdqspbRNsrGKn4l0nrxxn8wjqI0SxzOx9NbcF2aQ8ubKzAomOwPFpbbEuPHvvYS85+cH3kH9yhsmKxG66fpRo1EGBGbPUFusYjRY9zv8scbXkyyRAK7DnEU4iSNsbeosQ/QN/cVM9PjnMG5fbOhKDzGuCGKCtsd7Lgm2V5hR0l9Fv5pqKC8b9BK0HvKEZBSDOSK+4t6dpuqLEptetUMkHvxnm5cUyBhfK6mXOm5HYi2AOL3asYaxf9w9F7oBBh+R/yuvZ150kSTijfw/M+yZY0dRnqHgosxVjCPGzddRWDSkkXBtRBmsOYwacXudRBnlmbrP0FNsNc03cqyCtVUZiykb8EG3BpJ2LwVzIcJ+ap+/ABDKtKx1Lvbsz+txtgUKc4nEPSJR9KlZ4DFtjoQP6TXTw/wQsjrfO3tm2vybCHWVWXe9uWzWKENcia52K9ixLzzbUspS9HOMTIGyX9Kx6hnaFWsRm5RVYhrLYWbma083J8+7mj/n0noDycaNL9R2ZszJY2+TXNsLUGuBHzlRw2lVjkT/YNoy9ms8MKJaxAhK7BB4OtwFEmBxb83dBIZentdlqIQuWt9VbxKCapmXWi1DOuR2ZZ+sZ8Z0LT5lrT2m8P5Lzv8X+L73thaBI42IKhkcnfWUOpAdRs38X3m0R11JsTVXvH1hr15WVNHDsGohkC4lTt87+kPgsW2XWfYKXqgj85wjnlktg5UNBX/VdvGCn9246b6e1G7DWzmWiJD9MKY/OCNsW9lDHpoBAL/qj+hEUz+Yx1LoPdPWam2225bcH9ePfSlgSYMB86Gzk55fTTeuqdwMsLQJXZ4lUJT1UVuOL0uIWiyFqu4SRk4eOyVN/OiWtUKjyG6Sr/pGLRr7J6LPqqjgbNF1gM1Q01JY4GUOirepSi7IkBmDnQTcxAcnM=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a3737d31-eb7f-40d1-77a7-08da0a8a7b0d
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2022 15:58:31.1498 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1060
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/xg3s8630uKPS_KkCZA_22cpv2wA>
Subject: [sacm] Resolving DISCUSSes on draft-ietf-sacm-coswid-21
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Mar 2022 15:58:42 -0000
Hi! draft-ietf-sacm-coswid-21 now has enough IESG ballots to clear if the DISCUSS positions are cleared. I haven't seen discussion of these issues since Feb 17, 2022 (https://mailarchive.ietf.org/arch/msg/sacm/4loVm_L97V2-4wPrJ5-GD6vp7w4/) unless they are buried in a github issue. Per Rob Wilton's DISCUSS: > 1. While an attempt to align > SWID and CoSWID tags has been made here, future revisions of ISO/IEC > 19770-2:2015 or this specification might cause this implicit > information model to diverge, since these specifications are > maintained by different standards groups. > > This text concerns me, in that it seems that the IETF is expecting or allowing the SWID and CoSWID > specification to diverge. > > Would it be possible to have stronger text here? E.g., to indicate: > - the intent is to keep the two spec's consistent. > - nothing should be added to CoSWID without working with ISO/IEC to update CoSWID > - if SWID evolves then CoSWID should be similarly updated. > > Or, otherwise, are ISO/IEC okay with the IETF effectively forking their specification in future? What is the desired approach to document this issue? Is there any ISO/IEC artifact we can use? Is there a summarized version from the IETF-side? This link to ISO/IEC SWID has been brought up before and the relationship answer has changed. I last noted that on January 2022 (https://mailarchive.ietf.org/arch/msg/sacm/VYFMLttkbe2u4KfK3v-JgrxLfjU/) during IETF LC feedback processes. > 2. > [SEMVER] Preston-Werner, T., "Semantic Versioning 2.0.0", > <https://semver.org/spec/v2.0.0.html>. > > I want to check whether this URL is stable enough for a normative reference. > During the YANG Semver work we discovered, that despite the Semver > specification stating that is follows the Semver rules, in fact it doesn't! > Specifically, the specification has been updated without changing the version number. > The proposed solution for the YANG semver draft was to reference a specific data > and revision of the "YANG Semver 2.0.0" specification in github. > the YANG Semver 2.0.0 specification on a given data. > > [semver] "Semantic Versioning 2.0.0 (text from June 19, 2020)", > <https://github.com/semver/semver/ > blob/8b2e8eec394948632957639dfa99fc7ec6286911/semver.md>. > > Would doing something similar be wise here? I already proposed the solution for this in my AD review on March 6, 2021: https://mailarchive.ietf.org/arch/msg/sacm/IDi8scO7T4PhTXLA-Wzvl-XnbiQ/ ==[ snip ]== ** [-15] Section 4.1 and 5.2.4. [SEMVER] doesn't meet the threshold for a normative requirement and a "specification required" - it's just a website. If this is used in SWID then that would be compelling argument to waiver it. However, that should be explicitly stated here. If it isn't, we should discuss it a bit more. [-16: Can the ISO spec please be used as the basis for this reference (even it just points to the same website?)] ==[ snip ]== I have spoke with Rob and this change will address his concern. Specifically, move the current [SEMVER] to being an informational reference. Make [SWID] the normative reference for semantic versioning. Regards, Roman
- [sacm] Resolving DISCUSSes on draft-ietf-sacm-cos… Roman Danyliw