Re: [OPSAWG] Roman Danyliw's No Objection on draft-ietf-opsawg-sbom-access-16: (with COMMENT)

Thu, 27 Apr 2023 06:29:40 -0700

Righto.  Thanks for catching that Roman.  I will work with the AD to make sure that gets corrected prior to publication. 

Eliot

On 27.04.23 14:15, Roman Danyliw via Datatracker wrote:

Roman Danyliw has entered the following ballot position for
draft-ietf-opsawg-sbom-access-16: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to 
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you to Christian Huitema for the SECDIR review.

Thank you for addressing my DISCUSS and most of my COMMENT feedback.

** Section 5.1

==[ snip ]==
The second example demonstrates that just SBOM information is included.

{
   "ietf-mud:mud": {
     "mud-version": 1,
     "extensions": [
       "transparency"
     ],
     "mudtx:transparency": {
       "sbom-local-well-known": "https"
     },
     "mud-url": "https://iot.example.com/modelX.json";,
     "mud-signature": "https://iot.example.com/modelX.p7s";,
     "last-update": "2022-01-05T13:29:47+00:00",
     "cache-validity": 48,
     "is-supported": true,
     "systeminfo": "retrieving SBOM info via a cloud service",
     "mfg-name": "Example, Inc.",
     "documentation": "https://iot.example.com/doc/modelX";,
     "model-name": "modelX"
   }
}
==[ snip ]==

In -15 systeminfo said "retrieving vuln and SBOM info via a cloud service".  In
response to my ballot, -16 now reads "retrieving SBOM info via a cloud
service".  However, since the sbom-local-well-known field is present and the
narrative text says "The second example demonstrates that just SBOM information
is included", systeminfo should read "retrieving SBOM information locally from
the device" (or something to that effect).



_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg



_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to