Re: [Suit] Ripple20
Roman Danyliw <rdd@cert.org> Tue, 16 June 2020 21:22 UTC
Return-Path: <rdd@cert.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 040E83A07A6; Tue, 16 Jun 2020 14:22:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QT-r7qIrPGY0; Tue, 16 Jun 2020 14:22:50 -0700 (PDT)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF8423A079C; Tue, 16 Jun 2020 14:22:50 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 05GLMnLx005911; Tue, 16 Jun 2020 17:22:49 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 05GLMnLx005911
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1592342569; bh=A3kozX8xFdy0RmG87nz/zVCU8xykaXrYg0GzsuRk2a8=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=Y91wOvx4HToo8e2dqeU8ysASq00XtoEwVXMCka9hxGwdbYJvTfKR7cHAnyTXrSuhm R0RGAlFva0i6Bjjp54tyKGVGNd1fK7fC941Y3cJ1fsQTM7x5OAnyZ1eQ9kJeMTeWyK CHxahO3aSb6OaTnoQ2v9ZXCHz8c/DPKJBmr4ZCDg=
Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 05GLMkJL016810; Tue, 16 Jun 2020 17:22:46 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by CASSINA.ad.sei.cmu.edu (10.64.28.249) with Microsoft SMTP Server (TLS) id 14.3.487.0; Tue, 16 Jun 2020 17:22:46 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Tue, 16 Jun 2020 17:22:46 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.1979.003; Tue, 16 Jun 2020 17:22:46 -0400
From: Roman Danyliw <rdd@cert.org>
To: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>, Dick Brooks <dick@reliableenergyanalytics.com>
CC: suit <suit@ietf.org>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [Suit] Ripple20
Thread-Index: AQHWQ/pXXQHVoeXZe0arK47SDGK5j6jbtH+AgAAJGACAAAUFAP//+mGw
Date: Tue, 16 Jun 2020 21:22:45 +0000
Message-ID: <6e24de15cc5e4477aed5ec9914893e6c@cert.org>
References: <F6BDED6E-B812-4CE8-9CDF-FC0CC2D4DB38@vigilsec.com> <9D9F401F-3DD8-48F7-92F5-9B5AAEF1D8E0@cisco.com> <44c701d64401$415e3f40$c41abdc0$@reliableenergyanalytics.com> <A3E64275-F85F-4706-A69B-2A4C4C9AD02A@cisco.com>
In-Reply-To: <A3E64275-F85F-4706-A69B-2A4C4C9AD02A@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.241]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/tZrXD7C3JZqGVOJmCZJWv7V3MAQ>
Subject: Re: [Suit] Ripple20
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2020 21:22:52 -0000
Hi! [snip] > I do have a question for the chairs/AD. I realize that this is a bit out of scope for SUIT. > Is there a more appropriate list we should be vectored to? Thanks for the group’s indulgence to this point. A timely and important topic here. Indeed, solving SBOM directly is out of scope for the current SUIT charter, but this list seems like the closest we currently have to discussing security issues in the software supply chain. I'm fine with it staying on suit@ietf. If the volume increases, we can certainly make a dedicated list. As exchanging CVE data was discussed too, the MILE WG has work in exchanging vulnerability data, but not with the lens suggested here. Thanks for checking Regards, Roman
- [Suit] Ripple20 Russ Housley
- Re: [Suit] Ripple20 Eliot Lear
- Re: [Suit] Ripple20 Dick Brooks
- Re: [Suit] Ripple20 Eliot Lear
- Re: [Suit] Ripple20 Roman Danyliw
- Re: [Suit] Ripple20 Dick Brooks
- Re: [Suit] Ripple20 Kathleen Moriarty