date:20211213

[OPSAWG] Genart early review of draft-ietf-opsawg-sbom-access-03

2021-12-13 Thread Russ Housley via Datatracker

Reviewer: Russ Housley
Review result: Almost Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at
.

Document: draft-ietf-opsawg-sbom-access-03
Reviewer: Russ Housley
Review Date: 2021-12-13
IETF LC End Date: unknown
IESG Telechat date: unknown

Summary: Almost Ready


Note: I am not a good persone to review the YANG specification.  I
assume one of the YANG Doctors will have a look at this document too.


Major Concerns:

Section 1 says:

   To satisfy these two key use cases, objects may be found in one of
   three ways:

This lead to some confusion for me.  Earlier in the document, it says:

   This specification does not allow for vulnerability information to be
   retrieved directly from the endpoint.  That's because vulnerability
   information changes occur at different rates to software updates.

After thinking about it, I realized that the objects do not include
vulnerability information, but pointers to obtain vulnerability
information.  Please reword to others do not need to give it the
same amount of thought.


Minor Concerns:

Section 1, first sentence: The reference to "A number of activities"
is very vague.  It is not wrong.  Please be more specific, provide
some references, or drop the vague reference altogether.

Section 1 says:

   In the second case, when a device does not have an appropriate
   retrieval interface, but one is directly available from the
   manufacturer, a URI to that information must be discovered.

s/must/MUST/ ?


Nits:

The terms "software" and "firmware" are used with essentially the same
meaning in this document.  If there is a difference, it needs to be
explained.  If they are the same in the context of this document, please
say so.

Abstract, last sentence: please add "(MUD)" and also a pointer to
RFC 8520.

Section 1, first sentence: The reference to "A number of activities"
is very vague.  It is not wrong.  Please be more specific, provide
some references, or drop the vague reference altogether.



___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

[OPSAWG] TR: I-D Action: draft-boucadair-opsawg-add-encrypted-dns-04.txt

2021-12-13 Thread mohamed.boucadair

Hi all,

We updated the draft with a new attribute to associate a priority with the TLV. 

We addressed in previous version the comments received from the list, those 
from Alan in particular.

We hope that a call for adoption is considered for this draft. Thanks. 

Cheers,
Med

-Message d'origine-
De : I-D-Announce  De la part de 
internet-dra...@ietf.org
Envoyé : lundi 13 décembre 2021 09:48
À : i-d-annou...@ietf.org
Objet : I-D Action: draft-boucadair-opsawg-add-encrypted-dns-04.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.


Title   : RADIUS Extensions for Encrypted DNS
Authors : Mohamed Boucadair
  Tirumaleswar Reddy
Filename: draft-boucadair-opsawg-add-encrypted-dns-04.txt
Pages   : 16
Date: 2021-12-13

Abstract:
   This document specifies new Remote Authentication Dial-In User
   Service (RADIUS) attributes that carry an authentication domain name,
   a list of IP addresses, and a set of service parameters of encrypted
   DNS resolvers.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-boucadair-opsawg-add-encrypted-dns/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-boucadair-opsawg-add-encrypted-dns-04

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-boucadair-opsawg-add-encrypted-dns-04


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


___
I-D-Announce mailing list
i-d-annou...@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html or 
ftp://ftp.ietf.org/ietf/1shadow-sites.txt

_

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.

___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

[OPSAWG] Genart early review of draft-ietf-opsawg-sbom-access-03

[OPSAWG] TR: I-D Action: draft-boucadair-opsawg-add-encrypted-dns-04.txt

2 matches

Site Navigation

Mail list logo

Footer information