Re: [Uri-review] swid and swidpath URI scheme registration request
"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Fri, 08 October 2021 19:01 UTC
Return-Path: <david.waltermire@nist.gov>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 306923A0E08; Fri, 8 Oct 2021 12:01:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.063
X-Spam-Level:
X-Spam-Status: No, score=-3.063 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.612, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FT93m700Iz4a; Fri, 8 Oct 2021 12:01:18 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on20725.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d05::725]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F4B03A0E26; Fri, 8 Oct 2021 12:01:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fG/k2r+w71oP+5kE7gPtXipXL4NwCE3ApXlsOht/RKZ8fvk2O/zR9xBu0uUb+747ICjaJaWZUgq25G9ZMKo84UffCLdShNIsK2ny3atGDI0AzPyP2Whql2NCJ3KCKIlwbVQ4GG9aLUQ8neDpHT8nBbqRMOpWnMa9a4HCm33g8oDLJxdyXYkq8PuzROpZWg01VO61wzVsiFG6ba/SCwTbxjV0G/q9cATrJh4MlVX/AAMWjns8CYq6XT9li4LA5TauGdserW656xj8A0fsjIwjag36+EQYOVBNbznHDhDLmyy1HE5Z977T9/D7j9HmPxY7T21Fi9ESmucsCRE/xRqTFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Hz+UTENL8mwy+ix11MC5nHDyBT6v5wBaY2PDmREdBwY=; b=jb8RBPG8LMi7Cxf9f2oVaWD8qb2T/YTCD45h6uJ5aIVuz60OSNK2TtY/CYmTxWXZtDkzXRNPE079i9z54diWbLOSyvipYvTXkS/P2xUiQKvPMOuaoOr1+arFWrQpSb4N7y7RVC0o8qJZ9M5rLBLEalglRlN75rOJZKjctpwM50+iBoo5tK4BQC4rHoKRKHGaXpntb4mhyD74sDnmhN7GbqsRf2lIHl80HV127Il1F7o2rXoU9jaWLd2nAXrKKWw0grD7tJN8xF+79eGABnSFpTqsnCY6avx9r5VILChFlAyrEBi32ArNZTaTBWZBuynH0NC2uAum2ylRfiBPUuuNfw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hz+UTENL8mwy+ix11MC5nHDyBT6v5wBaY2PDmREdBwY=; b=PtW4HP/vZPyU4PubZTstnWRWeb2bKz2NJw23wy5H1Zu5Kw4nj6Q/wji18d64e9RZY6vaq1NN9V/ehdyNo46pACKBLdyg4jtTQZ1mOvBJpas3WeJX9knvZQxKPviplheAheRGjR+ZMJbSg3+pWWJjQwwReSTEs9+S30DlwpNeXQ4=
Received: from MN2PR09MB4841.namprd09.prod.outlook.com (2603:10b6:208:21e::21) by MN2PR09MB5900.namprd09.prod.outlook.com (2603:10b6:208:220::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.18; Fri, 8 Oct 2021 19:01:09 +0000
Received: from MN2PR09MB4841.namprd09.prod.outlook.com ([fe80::ece5:9df1:9ea9:a2ed]) by MN2PR09MB4841.namprd09.prod.outlook.com ([fe80::ece5:9df1:9ea9:a2ed%5]) with mapi id 15.20.4587.022; Fri, 8 Oct 2021 19:01:09 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Ted Hardie <ted.ietf@gmail.com>
CC: "iana@iana.org" <iana@iana.org>, "uri-review@ietf.org" <uri-review@ietf.org>, "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: [Uri-review] swid and swidpath URI scheme registration request
Thread-Index: Ade8SgHBb/7ceUf6QX6HGZyHbUTezAADy8yAAAbBjuA=
Date: Fri, 08 Oct 2021 19:01:09 +0000
Message-ID: <MN2PR09MB48417AE1F2996DD5999766ADF0B29@MN2PR09MB4841.namprd09.prod.outlook.com>
References: <MN2PR09MB48411AC3E02F488F11DE8252F0B29@MN2PR09MB4841.namprd09.prod.outlook.com> <CA+9kkMBxFQdG8=tEbRo_D6YvjLNfjCVJtZVXPUriWnOOoVZusw@mail.gmail.com>
In-Reply-To: <CA+9kkMBxFQdG8=tEbRo_D6YvjLNfjCVJtZVXPUriWnOOoVZusw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cd8939a1-112f-4a5c-55e0-08d98a8dfd42
x-ms-traffictypediagnostic: MN2PR09MB5900:
x-microsoft-antispam-prvs: <MN2PR09MB5900D7E904845B9E641FE955F0B29@MN2PR09MB5900.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dphXltpy9+5849xhVBES0DkT4QJ/VrA9VVCLBKfQMq1YP+C1aF4d+Qvn/3qja0zLFofvBYJVFSCEZxolS7DyJUPDxe6fAs0YfXj/OdkfOJezPLiSuztZQWaDVZZnYMnw+gyDc1K9IzYYv3+SGWMLFUm20PS6pLtnjNT85nlij2tNjTwrLzFCcZBYy+6t4g7GvtF8CmEsX49gANESRtIDzDiM2SLHm6c3SEA84jffEixkcYib0y/SW9R9hI+Yjmaj6W/xHANIWpPWIT4wwCYNfrf5aogii3vjMs3le51GziyAeaK5DzW8CqnsnrQaIFvpnCiFOFCQ1at/FO+unj8avUzGwIogFP8UnGHIwdR3f/bQi5fw0ikOCVqS59sUvZq6F4BHycVaE0Ga3O6/7AKesIvHBB1j+wM7hA+n7s99Q/s3HxRSgdfIBqymI7sIGxAqVyO8ilg7a6rp4Tt7K2HqhwF3FJ5rqlO7FuKnoMvCyQur+aUmkL1teFZW4VVhvtSbv+cC5NpR/0VAcoPaqAsFn0Ei+zSGjPCvrk7J4R6JgTGzdMaOHd10/dCsZJN/6hm4A7G4xlJP8VQLuiodNYTzCoW/Q4egHl//3SGgZdRarI3gwc1sxazncLPVv7sKuhOxtXm3fU85Ede/2IKpV73id6TV1AAX/FZ1M2R2KPtKvtDAuQFzuu94pNr4OsMHWn3TsZKGJLh6xcvUNIIhSKm/GgIzKUrvwRqvsol3EhLr9cjTFMjFDNivo3yNWjD0AmrAAggp7TaC/E5NJ7hDJYGfYNVvDeAZKd/LfOEotFcbPjc=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR09MB4841.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(38100700002)(86362001)(33656002)(38070700005)(166002)(122000001)(83380400001)(2906002)(26005)(186003)(55016002)(52536014)(8936002)(71200400001)(508600001)(54906003)(966005)(5660300002)(6916009)(4326008)(9686003)(7696005)(64756008)(66446008)(76116006)(6506007)(66946007)(8676002)(53546011)(66476007)(66556008)(316002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VFPqNazkwp0rEkWCHAThUGvEbEpmY3sQAN9DPVr8FqklhDTyrlWAQLlBbPiK8O/MWgHiSurPIvIYBx7BatJ3C1dCEGCZHKbVa4tYMQ8npgrmwDmQ7deD8lIosRr9xday1WJ1H/hTjiUTj4mq4g5piPVWM2EQdCjVM5f39yjkYhO7UIA0veGE0JJeeaF8qe7A7jRStJC9DNUiE3DH1uSzXIO6GFK22xHO5n/FQ9ZYgNQv0nMTgBIalCigQVhfRSFFDhv9voTI9RDng1NnD1pFaHbGmEKSRwy05N2XhWtzTKG+ykNGG8qbShcOVrDu6rb/cWEV6AIdaW35auCf9J9n2D72HaILuz66vgHc8C3VniWwPxHjcX3MOBYEua9KifyaAjqYZ8bljdmF3o4rH640YOkxiMc1jxVidPM+rPsTD8ThYH45b4LLX5StZo0qQANmJJvo4v7R5NPxxrqD8aGSKH6o1WPGHf8Gfx9SXzlWoFTShv8qDave0pr4zfG9jBXYmUUYfiAK5Slpx3hL/QoJfRDb4iSchOPbrhzddZaPBAmH/CqL5yPdZ/jd5i4VkAZGASmsx/2pZGDwJckdMIbyVvqtGkgFDs9cxtfnvnvFFP8w8lrDK62oS9Mrnqx9RxE2QZ2RpfKXkV6R09YMQDY97RuHs4HjzYJDf++YmoJHbz+uHcmlZrxCW7hh3yU18a53ThcPTa6QBoVVZfM2CX+P5ca+1pwbFXIjOKxlMVScuVHOwZzPoT57nLEWBzOd5oDKiW6mgV52QPLDMdflSiEd9EAPDXh11PI0nGgFZ/XD7TxNSb3jW0Vp02heWhzA9eXT51/trC7Ekv8JT7cqv1Ox2rWWWhkmODJfIOOwzwt2y+etJMbewwdO2CgUcfHjYW4tsHFHeFAa2BoKFH+PUIgO+1hE1OliAfFBoHHvi/7bLnFmKH5qh8+3RUGwWbbo6UXA5MJJE/m8NY6f8LzQe+15AuRXwqBVwrHaIyW3dxdIIDDL5Cc5bzQGtHx2x50e/j9CYkVI44inWcLGtVGIxVnhC5iwQZwCD9u1v0QVfsPNCRT7K6Xxal3pIiCT37GoxTYiEVH+MGMK/HdwTpXDruwKOLSoAasK1+LwojjvBOdCr9iHsvXkPdUZKya1LKR9t98v7WMe7YgM8/2m3dSmcZL64aMQpUce8IyK6lKJch93pj/Z50gu7tAkk0hoGwFx+C/GOr+n8YtOV2SrF1T8zxKaC5AVTW/gX7+LnAuE4XviVOEssz+s3VeFQ+NgVNkDTuWb+dGW2jvGo2WIhGN93TyEfI4CFgPKvYDaUPXa2qUHJKKljYiOq0B4/ckIHmbox8Ze
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR09MB48417AE1F2996DD5999766ADF0B29MN2PR09MB4841namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR09MB4841.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cd8939a1-112f-4a5c-55e0-08d98a8dfd42
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2021 19:01:09.1579 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR09MB5900
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/nx8tbCs-7IjVQr_viOIkIepAszk>
Subject: Re: [Uri-review] swid and swidpath URI scheme registration request
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2021 19:01:33 -0000
Ted, These schemes will be used in the link structure of a coswid (see section 2.7). In a link the href is represented as text. The structure of the text would not need to be parsed, so a textual comparison I believe is appropriate. The text string form would be percent encoded as you indicated. The UUID form would follow the "UUID" BNF defined in RFC4122 in section 3 and would also be represented as text. If the text string contains Unicode characters, the codepoint would need to be converted to a byte sequence in UTF-8 and then each byte would be encoded per RFC3986 section 2.5. Regards, Dave From: Ted Hardie <ted.ietf@gmail.com> Sent: Friday, October 8, 2021 11:29 AM To: Waltermire, David A. (Fed) <david.waltermire@nist.gov> Cc: iana@iana.org; uri-review@ietf.org; sacm@ietf.org Subject: Re: [Uri-review] swid and swidpath URI scheme registration request Hi David, My apologies, but I think I'm missing part of the scheme definition. In Section 5.1, I see: For URIs that use the "swid" scheme, the scheme specific part MUST consist of a referenced software tag's tag-id. This tag-id MUST be URI encoded according to [RFC3986] Section 2.1. The following expression is a valid example: swid:2df9de35-0aff-4a86-ace6-f7dddd1ade4c I would have typically expected an ABNF production for the tag-id. Instead, I see the following: tag-id (index 0): A 16 byte binary string or textual identifier uniquely referencing a software component. The tag identifier MUST be globally unique. If represented as a 16 byte binary string, the identifier MUST be a valid universally unique identifier as defined by [RFC4122]. There are no strict guidelines on how this identifier is structured, but examples include a 16 byte GUID (e.g. class 4 UUID) [RFC4122], or a text string appended to a DNS domain name to ensure uniqueness across organizations. Given the free-form nature of the text alternative, do I understand correctly you intend to percent encode any reserved character? Is this still the case if the DNS domain name is an IDN? Since the text format subsumes the UUID format, is there a presumption that the equivalence rules for text are always preferred to the arithmetic equivalence rules that UUIDs may use? regards, Ted Hardie On Fri, Oct 8, 2021 at 3:18 PM Waltermire, David A. (Fed) <david.waltermire=40nist.gov@dmarc.ietf.org<mailto:40nist.gov@dmarc.ietf.org>> wrote: This request is for the registrations of the "swid" and "swidpath" schemes defined in sections 6.6.1 and 6.6.2 of https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/18/<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-sacm-coswid%2F18%2F&data=04%7C01%7Cdavid.waltermire%40nist.gov%7C7c47eb061ac54402154108d98a706a24%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637693037692730320%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UYeM%2BXa%2BnhIiI%2FSAtmcmpAbA4hRPbPACzEdkNbh%2F8qY%3D&reserved=0>. Please let us know if there are any questions or concerns. Regards, Dave Waltermire _______________________________________________ Uri-review mailing list Uri-review@ietf.org<mailto:Uri-review@ietf.org> https://www.ietf.org/mailman/listinfo/uri-review<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Furi-review&data=04%7C01%7Cdavid.waltermire%40nist.gov%7C7c47eb061ac54402154108d98a706a24%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637693037692730320%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AgSzdoVPSaUOj5EOpkc%2BrehZjTA9UlsfYXFgAUNd7gA%3D&reserved=0>
- [Uri-review] swid and swidpath URI scheme registr… Waltermire, David A. (Fed)
- Re: [Uri-review] swid and swidpath URI scheme reg… Ted Hardie
- Re: [Uri-review] swid and swidpath URI scheme reg… Waltermire, David A. (Fed)
- Re: [Uri-review] swid and swidpath URI scheme reg… Ted Hardie