Re: [SCITT] [EXT] Summarizing comments on the Company Identifier discussion

Isaac Hepworth <isaach@google.com> Thu, 28 September 2023 16:43 UTC

Return-Path: <isaach@google.com>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B45ECC15199A for <scitt@ietfa.amsl.com>; Thu, 28 Sep 2023 09:43:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.606
X-Spam-Level:
X-Spam-Status: No, score=-17.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CS7aBXvDSp-n for <scitt@ietfa.amsl.com>; Thu, 28 Sep 2023 09:43:49 -0700 (PDT)
Received: from mail-vs1-xe2b.google.com (mail-vs1-xe2b.google.com [IPv6:2607:f8b0:4864:20::e2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69ED1C151999 for <scitt@ietf.org>; Thu, 28 Sep 2023 09:43:49 -0700 (PDT)
Received: by mail-vs1-xe2b.google.com with SMTP id ada2fe7eead31-4526f0bdf72so5699343137.1 for <scitt@ietf.org>; Thu, 28 Sep 2023 09:43:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1695919428; x=1696524228; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=kR2wnFKfd3884E8Uf0fARcSvMUoNWwAGRQhi+nMsCo8=; b=YL3XyO+eo7L5QSqOwNbu9HdEPX83cWQVk2XgBzSzZIztgpBzxTPaGoHOHtsFq8MrPv EzQO2LopnVdYhMZcUih1yQJwwA2fuWIMr560NYrykEyJKr07R3cZDWSlteCTNvc5GoN4 ZZnmpZw01vUHhVS4ROtxiEEM8sLlQWC+HlYD4GA1vkwPalKq3wVwVIgvmYmgNnDpcvrj acCyYRw84BOVlmszLKT1nR9yBk3P1GvrWjOyLENy7jJ9Dlnn+YOQGTJp0JbmP2CEeE3p of9F2b1vC1Cuk9xjZjsfVqRg8D+T2p/Wd0bBVaeVs+tL+tcIRsXVd6Nd/WR8g+DJFBub cHhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695919428; x=1696524228; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kR2wnFKfd3884E8Uf0fARcSvMUoNWwAGRQhi+nMsCo8=; b=FuNIaVT8zYaEjxMRPnmUN/3P3sLNgZD+B3bDa1VR2887y/uBu9FtxUwySK+rElGLHc AM8nqAVNJRT+D7k+oP8I3QcoQkxi6lKvgwPPzSX3t93ZyC76z2k7lvOIq7vEb8QJp0Ui LBnEE+hJD3GsYmYtkgZDGuNZ16Vzf7MwYx9evIvRfIVBB7FY1g2GgiGD7MCbwkxy6jL4 Tp5msboACKusBVIRXOuvPPbBEAuoqDwTGG7Qa8qJEVOEPNU9Krz+RjmQDdz1MOuAezo2 XL2bQdM89g/Af7m0NqnaSucAqEh589AynluWGX5YhmdI+hLPJ8GVolZyxnIsghJjW7jP cTlQ==
X-Gm-Message-State: AOJu0YwKE6UzWvgtPUKyisiizwh3PqeYi9s3y2ECyqBpPLN6F/OBd5wB k7hdwEbmYiAZSZqsSZBY2UIgQBlTCkPEFsTAyfD/Ng==
X-Google-Smtp-Source: AGHT+IHbM+jlj69cB6tcq1UB6e7g2A8jif6BUikhPz9YcYeOB1Jin5kvnUfB8Ziyrjo824bJ3fT2DRa5y8ey66mK3EE=
X-Received: by 2002:a67:e3d1:0:b0:451:40b:2210 with SMTP id k17-20020a67e3d1000000b00451040b2210mr1574882vsm.3.1695919427706; Thu, 28 Sep 2023 09:43:47 -0700 (PDT)
MIME-Version: 1.0
References: <3f3c01d9f065$ca8a6190$5f9f24b0$@reliableenergyanalytics.com> <OS3PR01MB75272A4D45709ADFDAD043EBD1C3A@OS3PR01MB7527.jpnprd01.prod.outlook.com> <45d101d9f08f$a62c4910$f284db30$@reliableenergyanalytics.com> <BDEA977C-01D4-41F7-B607-674477F13A91@edvina.net> <465801d9f091$9e974c20$dbc5e460$@reliableenergyanalytics.com> <CAPFAYiXe1-Tnpoe6W=9+Y_NjLQHderzE-gWT77wONypmVi86aQ@mail.gmail.com> <489b01d9f09e$72680920$57381b60$@reliableenergyanalytics.com> <OS3PR01MB7527E2A7D6D72EB61A10DA41D1C3A@OS3PR01MB7527.jpnprd01.prod.outlook.com> <4a1901d9f0aa$73ce0b50$5b6a21f0$@reliableenergyanalytics.com>
In-Reply-To: <4a1901d9f0aa$73ce0b50$5b6a21f0$@reliableenergyanalytics.com>
From: Isaac Hepworth <isaach@google.com>
Date: Thu, 28 Sep 2023 10:43:36 -0600
Message-ID: <CAMYDBzHgCUTCcKRCt0dzq1ry5=GU6m6iiYCcTkDnTh=_QX_zeA@mail.gmail.com>
To: dick@reliableenergyanalytics.com
Cc: "Hart, Charlie" <charlie.hart@hal.hitachi.com>, John Andersen <johnandersenpdx@gmail.com>, "Olle E. Johansson" <oej@edvina.net>, scitt <scitt@ietf.org>
Content-Type: multipart/related; boundary="0000000000000f5d7f06066e038c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/X6Z0EABNrKhLxZYuW81wsn-ghm8>
Subject: Re: [SCITT] [EXT] Summarizing comments on the Company Identifier discussion
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2023 16:43:53 -0000

Seems to me that there are four main options here, for how SCITT should
identify organizations:

1. Invent its own scheme
2. Identify a sufficiently workable existing scheme and mandate ("MUST")
its use
3. Identify a sufficiently workable existing scheme and recommend
("SHOULD") its use
4. Stay silent on the matter; multiple schemes are allowed, without a
preferred one

Option (1) makes no sense to me
<https://mailarchive.ietf.org/arch/msg/scitt/DQod9UruKF8p-1vAP7J67wzZnNo/>,
for what it's worth.
After many rounds of discussion I don't think we're close to getting
consensus on a scheme suitable for (2).
Dick, my understanding is that you're advocating for (3).
Charlie, "allow multiple formats and move on" reads like (4) to me.

My vote is also for (4).

Isaac

On Tue, Sep 26, 2023 at 12:51 PM Dick Brooks <
dick@reliableenergyanalytics.com> wrote:

> Excellent point Charlie.
>
>
>
> Let’s bring this to a discussion for consensus on a “default” Company
> Identifier approach for SCITT and we can all live with the consensus and
> move on.
>
>
>
> Thanks,
>
>
>
> Dick Brooks
>
>
>
> *Active Member of the CISA Critical Manufacturing Sector, *
>
> *Sector Coordinating Council – A Public-Private Partnership*
>
>
>
> *Never trust software, always verify and report!
> <https://reliableenergyanalytics.com/products>* ™
>
> http://www.reliableenergyanalytics.com
>
> Email: dick@reliableenergyanalytics.com
>
> Tel: +1 978-696-1788 <(978)%20696-1788>
>
>
>
>
>
> *From:* Hart, Charlie <charlie.hart@hal.hitachi.com>
> *Sent:* Tuesday, September 26, 2023 2:28 PM
> *To:* 'John Andersen' <johnandersenpdx@gmail.com>;
> dick@reliableenergyanalytics.com
> *Cc:* 'Olle E. Johansson' <oej@edvina.net>; 'scitt' <scitt@ietf.org>
> *Subject:* Re: [SCITT] [EXT] Summarizing comments on the Company
> Identifier discussion
>
>
>
> DID is a valid solution which I hope happens soon for companies, but it is
> not yet viable for that.
>
>
>
> PURL/SWID is a canard. Neither is dominant and neither spans big to small
> companies and open source. Both are for software, not company ID. Both are
> just as likely to have multiple values for a single company as not.
>
>
>
> I do not want to relitigate this over and over. Can we please just allow
> multiple formats and move on?
>
>
>
> Over and out.
>
>
>
> Charlie
> ------------------------------
>
> *From:* SCITT <scitt-bounces@ietf.org> on behalf of Dick Brooks <
> dick@reliableenergyanalytics.com>
> *Sent:* Tuesday, September 26, 2023 1:25 PM
> *To:* 'John Andersen' <johnandersenpdx@gmail.com>
> *Cc:* 'Olle E. Johansson' <oej@edvina.net>; 'scitt' <scitt@ietf.org>
> *Subject:* Re: [SCITT] [EXT] Summarizing comments on the Company
> Identifier discussion
>
>
>
> John,
>
>
>
> The uniqueness constraint needs to be enforced. A central “namespace
> administrator” (or distributed coordination among administrators) is needed.
>
>
>
> Thanks,
>
>
>
> Dick Brooks
>
>
>
> *Active Member of the CISA Critical Manufacturing Sector,*
>
> *Sector Coordinating Council – A Public-Private Partnership*
>
>
>
> *Never trust software, always verify and report!
> <https://secure-web.cisco.com/1CsL_Z4roF6ntB37gq_OCTw2n0LY5MRhmkDSZNzOVG_xTn0HTBMD2qs7lwdf3_SQXcAqwC_quwKwTjTOoLjQVoKwDbiDt4HDHE7S63a3iKfuw3JnvZhI5spuRk-C2WVOUSue95-SrAybeDarPlOqm8homWCjprpsOWv96JU6ecXqG05WlRmLPPMvNrywJPyO0mzuvWgsciZXSMsgueaYSPaNbx2nneofvCZI6ClHkZIrR2Sq6IZ63UziPGjqZfiAuzp4kAscpv12KQ9dWhO5stRrLiIDxRoNUgD-CjOYodbDYD6cms2ucfX3Fg8WRUOP2/https%3A%2F%2Freliableenergyanalytics.com%2Fproducts>*
>  ™
>
> http://www.reliableenergyanalytics.com
> <http://secure-web.cisco.com/1xxIL174tCjatpHgYlVR4PM79bvFzNerSi59TsSh6_7BWmY-8qkPnUpKvmy37-9nWPT9MygXAIXdmiDZC6ajiwYfGiImnMX7djhLFczXV7HfOhhPhjja8T08n1xpdgw-gtbUHxDNUoBG7f2vlVIzRAc0eOM4KXks0PvWSnTcbmbi9A8QLRZZBm5DkaKk9AvXpuCRIXc7q-oKKjJGr5BtjhJPLH1xbQUzEEckTOOkB1vpF7W5ZrcJ1sV_vCR-S7Y46WtwfuOtwxGLuShF8mnRSYjbVsmyG50R_a3CP4GI5zYZtgwUXHiulODe1705IFd8G/http%3A%2F%2Fwww.reliableenergyanalytics.com%2F>
>
> Email: dick@reliableenergyanalytics.com
>
> Tel: +1 978-696-1788 <(978)%20696-1788>
>
>
>
>
>
> *From:* John Andersen <johnandersenpdx@gmail.com>
> *Sent:* Tuesday, September 26, 2023 12:38 PM
> *To:* dick@reliableenergyanalytics.com
> *Cc:* Olle E. Johansson <oej@edvina.net>; scitt <scitt@ietf.org>
> *Subject:* Re: [SCITT] [EXT] Summarizing comments on the Company
> Identifier discussion
>
>
>
> Could DIDs be used for company identification? Registration with a central
> authority creates a dependency on that authority and a single point of
> failure.
>
>
>
> Thank you,
>
> John
>
>
>
> On Tue, Sep 26, 2023 at 08:53 Dick Brooks <
> dick@reliableenergyanalytics.com> wrote:
>
> Olle,
>
>
>
> I believe PURL/SWID is already capable of supporting company identifiers
> using the optional namespace element that SCITT could make mandatory within
> the Registry.
>
>
>
> I do not see any technical obstacles preventing a general consensus on
> company identifiers in SCITT.
>
>
>
> Thanks,
>
>
>
> Dick Brooks
>
>
>
> *Active Member of the CISA Critical Manufacturing Sector,*
>
> *Sector Coordinating Council – A Public-Private Partnership*
>
>
>
> *Never trust software, always verify and report!
> <https://secure-web.cisco.com/1CsL_Z4roF6ntB37gq_OCTw2n0LY5MRhmkDSZNzOVG_xTn0HTBMD2qs7lwdf3_SQXcAqwC_quwKwTjTOoLjQVoKwDbiDt4HDHE7S63a3iKfuw3JnvZhI5spuRk-C2WVOUSue95-SrAybeDarPlOqm8homWCjprpsOWv96JU6ecXqG05WlRmLPPMvNrywJPyO0mzuvWgsciZXSMsgueaYSPaNbx2nneofvCZI6ClHkZIrR2Sq6IZ63UziPGjqZfiAuzp4kAscpv12KQ9dWhO5stRrLiIDxRoNUgD-CjOYodbDYD6cms2ucfX3Fg8WRUOP2/https%3A%2F%2Freliableenergyanalytics.com%2Fproducts>*
>  ™
>
> http://www.reliableenergyanalytics.com
> <http://secure-web.cisco.com/1xxIL174tCjatpHgYlVR4PM79bvFzNerSi59TsSh6_7BWmY-8qkPnUpKvmy37-9nWPT9MygXAIXdmiDZC6ajiwYfGiImnMX7djhLFczXV7HfOhhPhjja8T08n1xpdgw-gtbUHxDNUoBG7f2vlVIzRAc0eOM4KXks0PvWSnTcbmbi9A8QLRZZBm5DkaKk9AvXpuCRIXc7q-oKKjJGr5BtjhJPLH1xbQUzEEckTOOkB1vpF7W5ZrcJ1sV_vCR-S7Y46WtwfuOtwxGLuShF8mnRSYjbVsmyG50R_a3CP4GI5zYZtgwUXHiulODe1705IFd8G/http%3A%2F%2Fwww.reliableenergyanalytics.com%2F>
>
> Email: dick@reliableenergyanalytics.com
>
> Tel: +1 978-696-1788 <(978)%20696-1788>
>
>
>
>
>
> *From:* Olle E. Johansson <oej@edvina.net>
> *Sent:* Tuesday, September 26, 2023 11:44 AM
> *To:* dick@reliableenergyanalytics.com
> *Cc:* Hart, Charlie <charlie.hart@hal.hitachi.com>; scitt <scitt@ietf.org>
> *Subject:* Re: [SCITT] [EXT] Summarizing comments on the Company
> Identifier discussion
>
>
>
>
>
>
>
> On 26 Sep 2023, at 17:39, Dick Brooks <dick@reliableenergyanalytics.com>
> wrote:
>
>
>
> Charlie,
>
>
>
> Putting a man on the moon is a difficult problem.
>
>
>
> Breaking the sound barrier is a difficult problem.
>
>
>
> Building a nationwide electric grid is a difficult problem.
>
>
>
> Agreeing on a naming convention for SCITT is pale by comparison and well
> within human reach, IMO.
>
> Interesting. I find that the whole world of vulnerability handling are,
> like Charlie, agreeing that this is a very hard problem.
>
> CPE is broken - but what’s the solution?
>
>
>
> I think SCITT should join these discussions and try to aliign with
> whatever comes up there.
>
> Right now many people are pointing to PURL, but that may need extensions
> for corporations.
>
>
>
> /O
>
>
>
> Thanks,
>
>
>
> Dick Brooks
>
>
>
> *Active Member of the CISA Critical Manufacturing Sector, *
>
> *Sector Coordinating Council – A Public-Private Partnership*
>
>
>
> *Never trust software, always verify and report!
> <https://secure-web.cisco.com/1CsL_Z4roF6ntB37gq_OCTw2n0LY5MRhmkDSZNzOVG_xTn0HTBMD2qs7lwdf3_SQXcAqwC_quwKwTjTOoLjQVoKwDbiDt4HDHE7S63a3iKfuw3JnvZhI5spuRk-C2WVOUSue95-SrAybeDarPlOqm8homWCjprpsOWv96JU6ecXqG05WlRmLPPMvNrywJPyO0mzuvWgsciZXSMsgueaYSPaNbx2nneofvCZI6ClHkZIrR2Sq6IZ63UziPGjqZfiAuzp4kAscpv12KQ9dWhO5stRrLiIDxRoNUgD-CjOYodbDYD6cms2ucfX3Fg8WRUOP2/https%3A%2F%2Freliableenergyanalytics.com%2Fproducts>*
>  ™
>
> http://www.reliableenergyanalytics.com
> <http://secure-web.cisco.com/1xxIL174tCjatpHgYlVR4PM79bvFzNerSi59TsSh6_7BWmY-8qkPnUpKvmy37-9nWPT9MygXAIXdmiDZC6ajiwYfGiImnMX7djhLFczXV7HfOhhPhjja8T08n1xpdgw-gtbUHxDNUoBG7f2vlVIzRAc0eOM4KXks0PvWSnTcbmbi9A8QLRZZBm5DkaKk9AvXpuCRIXc7q-oKKjJGr5BtjhJPLH1xbQUzEEckTOOkB1vpF7W5ZrcJ1sV_vCR-S7Y46WtwfuOtwxGLuShF8mnRSYjbVsmyG50R_a3CP4GI5zYZtgwUXHiulODe1705IFd8G/http%3A%2F%2Fwww.reliableenergyanalytics.com%2F>
>
> Email: dick@reliableenergyanalytics.com
>
> Tel: +1 978-696-1788 <(978)%20696-1788>
>
>
>
>
>
> *From:* SCITT <scitt-bounces@ietf.org> *On Behalf Of *Hart, Charlie
> *Sent:* Tuesday, September 26, 2023 11:11 AM
> *To:* 'scitt' <scitt@ietf.org>; dick@reliableenergyanalytics.com
> *Subject:* Re: [SCITT] [EXT] Summarizing comments on the Company
> Identifier discussion
>
>
>
> This is a very difficult problem and I think we have no choice but to punt
> and let companies fill in their own info and format. I have literally been
> considering this problem for my entire career and there is no easy,
> quality, cheap solution.
>
>
>
> In particular, I do not think DNS or Mailto: will work because 1 - they
> both can result in different values when they should have been the same,
> and 2 - both are subject to random changes.
>
>
>
> Consider, for example, Veritas. It has gone through a mind-numbing series
> of M&A and divestitures. I own products from them and still can't figure
> out which of their successors supports them or even what they're called.
> Mailto:support@veritas.com <support@veritas.com> has about a 10% chance
> of being correct, and the same goes for Veritas.com
> <http://secure-web.cisco.com/1jE6i2iYFxEqy2kpguwxbP_XPC_PQhSA0KpAJp8qmnk98CrqVbhupX8UoKR2rGY5N7kfqMeAKZWqRafkIgBZsXmhg1Vkfk40knTuyQ3GkWbOZZPfOoa_YtTRK3GmodeWmDHF106NbReekU2gEeDanxEX7SwxYFW1KADTRPulAm91oafz4fTqbmggJrTod0DSy3Jn4yjFSbI6MimO0aSDwukh8uwk0jEjtUKefOcl1CK7V2so5jxkMECcp1Z6HLIk2c4qCjAAezFhG8eK1O1ME_yes0oErOfBdTsdX87wzp831vtKARu8TuqGGo0X33MoN/http%3A%2F%2Fveritas.com%2F>.
> It would be far worse (~0%) if it was a single user such as
> Mailto:charlie.hart@veritas.com <charlie.hart@veritas.com>.
>
>
>
>  If a company wants to use DNS or Mailto under a "roll your own" approach
> so be it but the onus will be on them to keep the tree straight.
>
>
>
> Charlie
>
>
> ------------------------------
>
> *From:* SCITT <scitt-bounces@ietf.org> on behalf of Dick Brooks <
> dick@reliableenergyanalytics.com>
> *Sent:* Tuesday, September 26, 2023 6:39 AM
> *To:* 'scitt' <scitt@ietf.org>
> *Subject:* [EXT][SCITT] Summarizing comments on the Company Identifier
> discussion
>
>
>
> Very productive discussion yesterday in the SCITT work group on Company
> Identifier.
>
>
>
> This is to summarize my statements in one place, concisely:
>
>
>
>    - A company identifier must be unique, which means it must be a
>    “managed namespace” that will ensure uniqueness (IANA dns and mailto tags
>    may serve this purpose)
>    - Company identifiers must be unique and verifiable, meaning they
>    actually have a viable, provable presence in the digital world, i.e. dns:
>    Microsoft.com
>    <http://secure-web.cisco.com/1lRvaiCyhpsnq95PEBpa0xBW7TLXEZQFmhImhM3ltX6imrLlbeVptZQJZu2TsXs9hE7WQlW2VM-I2_VkoHsXs2pn3KFfP0BRtwhScvGG3yAsIpz6C0SrAA-Z8wbQf98NDKab-_DJM6JVMJeWG00PNJBym4EW_sY6FQp4UE9hkqpv0xubLZWMu7Ywr0O1BhimuYUcyzpBL7PMvdZxcKEW41x_TgPNpeBKav0qu9Egye112m3iZlA62H8yItccztOLUFwQPSqUKUqDobDluMzHRnwmqys-7KJ6CiYErb7T_Xh8mTs6iM9JLkgyDk7-s9v1P/http%3A%2F%2Fmicrosoft.com%2F> and
>    mailto:d.brooks@ieee.org <d.brooks@ieee.org>
>    - Companies that create software own the product and version
>    namespaces; SCITT should avoid being prescriptive with regard to product
>    naming and versioning content and semantics (CSAF created a problem by
>    assuming version is an ordinal value that can be represented with a range
>    value); some versions use hash values which have no guaranteed ordering
>    - The NTIA work on SBOM’s discussed use of dns for unique company
>    identifiers; i.e., dns:Microsoft.com
>    <http://secure-web.cisco.com/1lRvaiCyhpsnq95PEBpa0xBW7TLXEZQFmhImhM3ltX6imrLlbeVptZQJZu2TsXs9hE7WQlW2VM-I2_VkoHsXs2pn3KFfP0BRtwhScvGG3yAsIpz6C0SrAA-Z8wbQf98NDKab-_DJM6JVMJeWG00PNJBym4EW_sY6FQp4UE9hkqpv0xubLZWMu7Ywr0O1BhimuYUcyzpBL7PMvdZxcKEW41x_TgPNpeBKav0qu9Egye112m3iZlA62H8yItccztOLUFwQPSqUKUqDobDluMzHRnwmqys-7KJ6CiYErb7T_Xh8mTs6iM9JLkgyDk7-s9v1P/http%3A%2F%2Fmicrosoft.com%2F> is
>    unique and verifiable
>
>
>
> IMO we need to reach a consensus on one default approach for Company
> identifier that every SCITT Registry Operator must support with room for
> other options, on a mutual basis.
>
>
>
> Thanks,
>
>
>
> Dick Brooks
>
>
>
> *Active Member of the CISA Critical Manufacturing Sector,*
>
> *Sector Coordinating Council – A Public-Private Partnership*
>
>
>
> *Never trust software, always verify and report!
> <https://secure-web.cisco.com/1VjLNrRfyCeGE9ESOu_PBdG_ARRYqfLl3HEDe1pzQPZ2IOWHDAI1LAYTvUtKeXCBi5GyEgjId0xvPh4X38NbIIKvhKGKr-QdtqPnxFnb3arXIjSN1emg8xJbOGu393CpdwJFLnbnliaJ16MlgSfRqpddAyElC9InQpqCIPKBS0FScGzYi20Xl4mx6zVegOP_fC6j0PhAIGxFw2VC_fLbPzGAT82SArHJ-_0LTFvMmvDVPmev5LHT2t9YRg3PJd2IB2ExlkeWK7GNzFHmrK547PjP5GkXdysh8iygxd07i3AiJ73BkCm9gDQy2Bii9JogtM8JiEu4eKpXeCBjB0of-7g/https%3A%2F%2Freliableenergyanalytics.com%2Fproducts>*
>  ™
>
> http://www.reliableenergyanalytics.com
> <http://secure-web.cisco.com/1-VTtHEVPUPcN2C1955UTsCzuss1EnORXyNcg7sVt4lN-wM3PPWMQ0lDG3HBKthqsogEnAgDyE_QeHfo6Ukn7jJV2VplkbmUjli9b2r0U3f9VU20qTF8onDtahxBKscap8-fm_fjds5GMyEc1UdQC-xzr-TUjVvLXO0x86LvhM_nttbTQ7ieAlIEtnIwc1Old5XgkRvMvglh8yFo7sN9LiethzURq-EzHjP_VrbCU48lLdI2F0busZQZJ90V5q4f1e1AoFUUlOfQXqim8Eo-ZHEfcZv1uMTRSfy050icg7NHFw-iWg7Nlf2eqwaMbX9kHIIhQyi7o16Dn4gWWblqvaQ/http%3A%2F%2Fwww.reliableenergyanalytics.com%2F>
>
> Email: dick@reliableenergyanalytics.com
>
> Tel: +1 978-696-1788 <(978)%20696-1788>
>
>
>
>
>
> --
> SCITT mailing list
> SCITT@ietf.org
> https://www.ietf.org/mailman/listinfo/scitt
> <https://secure-web.cisco.com/1EYd6oaF67k9klf8WerlBeWsylEH1Su1WHiV7oTIIv9lFIlz9OP8nONs-Th0T-wUP86EjkdmkqVMkgFVmhXffSs09zNVvEspdn8ecYtSkWtB9BDQef-UuoclbCd6pDK7l-eNVV2LVckOPYfmvCEBCxzAZ_041eEal9HarSU4BnmP8EuShzkG7qiRrUBH_HFISb61Dmf7ZxrnzjhQqnfdMoOeTiIZFKhuInxMQOjjKepPPqQZMa-6TD49KzXf__v0maHY3VUjLWHAWAIplJCIRnk2JKFro27nRixnrvvBob-VL_0cxZvCrkgUaxiXat17u/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscitt>
>
>
>
> --
> SCITT mailing list
> SCITT@ietf.org
> https://www.ietf.org/mailman/listinfo/scitt
> <https://secure-web.cisco.com/1EYd6oaF67k9klf8WerlBeWsylEH1Su1WHiV7oTIIv9lFIlz9OP8nONs-Th0T-wUP86EjkdmkqVMkgFVmhXffSs09zNVvEspdn8ecYtSkWtB9BDQef-UuoclbCd6pDK7l-eNVV2LVckOPYfmvCEBCxzAZ_041eEal9HarSU4BnmP8EuShzkG7qiRrUBH_HFISb61Dmf7ZxrnzjhQqnfdMoOeTiIZFKhuInxMQOjjKepPPqQZMa-6TD49KzXf__v0maHY3VUjLWHAWAIplJCIRnk2JKFro27nRixnrvvBob-VL_0cxZvCrkgUaxiXat17u/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fscitt>
>
> --
> SCITT mailing list
> SCITT@ietf.org
> https://www.ietf.org/mailman/listinfo/scitt
>