Re: [OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: ?? WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Dick Brooks
Spdx has a registered MIME type, but CycloneDX doesn't appear to have one. https://www.iana.org/assignments/media-types/text/spdx Thanks, Dick Brooks Never trust software, always verify and report! β„’ http://www.reliableenergyanalytics.com Email: d...@reliableenergyanalytics.com Tel: +1 978-696

Re: [OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: ?? WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Dick Brooks
I agree, Henk. I don't know if there are registered MIME content types for spdx and cycloneDX. With RFC 1767, Dave Crocker took care of registering the EDI MIME content types. Thanks, Dick Brooks Never trust software, always verify and report! β„’ http://www.reliableenergyanalytics.com Email: d

Re: [OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: πŸ”” WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Henk Birkholz
Hi Dick, exactly. Now it seems to me, there might be some dependencies on "sbom type definitions" here. What now springs to my mind are the questions: If there are media-types or corresponding content-formats required to be expressed in headers in order to make this work, (1) where are these

Re: [OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: πŸ”” WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Dick Brooks
Thanks, Henk, you raise a good question. I guess it depends: If the goal is to ensure interoperability of SBOM data communicated via an OPSWAG solution, that only exchanges SBOM's then I would imagine that we would need to define which SBOM payloads are supported, to ensure interoperability. I

Re: [OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: πŸ”” WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Henk Birkholz
Hi Dick, this is Henk with no hats on. I am not sure how useful it is to make "formats" an exclusive list here. Following the evolution of SBOM work in NTIA (and in extension in CISQ), it seems to me that the focus starts to move into the direction of information models first and that actual

Re: [OPSAWG] [EXTERNAL SOURCE] [ntia-sbom-framing] Fw: Re: Fwd: ?? WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Eliot Lear
Thanks, Tony. What we’ll to make clear is how to know what to retrieve. HTTP has a pretty good interface for that with media types, and you can match that with an Accepts: header, if one really wants to (my guess is that the tooling will want to take on the burden of implementing both, and the

Re: [OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: ?? WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Dick Brooks
I would support having both SPDX and CycloneDX. Both have proven viable in my testing. Thanks, Dick Brooks Never trust software, always verify and report! β„’ http://www.reliableenergyanalytics.

Re: [OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: πŸ”” WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Eliot Lear
Ok. Should I add something for CycloneDX? Eliot > On 5 Jan 2021, at 16:51, Dick Brooks wrote: > > I concur with Chris. I’ve heard reports of people trying to use SWID to > communicate SBOM information and they are having to make some β€œbrave” > assumptions in the process. SPDX and CycloneDX

Re: [OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: πŸ”” WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Dick Brooks
I concur with Chris. I’ve heard reports of people trying to use SWID to communicate SBOM information and they are having to make some β€œbrave” assumptions in the process. SPDX and CycloneDX seem to be the only viable SBOM formats, based on my testing experience with both formats. There rem

[OPSAWG] Fw: Re: [ntia-sbom-framing] Fwd: πŸ”” WG Adoption Call on draft-lear-opsawg-sbom-access-00

2021-01-05 Thread Christopher Gates
-- Forwarded Message -- From: "Christopher Gates" To: "Eliot Lear" ; "ntia-sbom-fram...@cert.org" Sent: 1/4/2021 2:48:51 PM Subject: Re: [ntia-sbom-framing] Fwd: [OPSAWG] πŸ”” WG Adoption Call on draft-lear-opsawg-sbom-access-00 Eliot, I joined the IETF WG, and I have some feedback.

Re: [OPSAWG] πŸ”” WG adoption call on draft-richardson-opsawg-mud-acceptable-urls-03

2021-01-05 Thread Rose, Scott W.
I have read the draft and support its adoption. Scott On 4 Jan 2021, at 13:05, Henk Birkholz wrote: Dear OPSAWG members, this starts a call for Working Group Adoption on https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-richardson-opsawg-mud-acce

Re: [OPSAWG] πŸ”” WG adoption call on draft-richardson-opsawg-mud-acceptable-urls-03

2021-01-05 Thread tirumal reddy
I have reviewed the draft and support its adoption. -Tiru On Mon, 4 Jan 2021 at 23:36, Henk Birkholz wrote: > Dear OPSAWG members, > > this starts a call for Working Group Adoption on > https://tools.ietf.org/html/draft-richardson-opsawg-mud-acceptable-urls-03 > ending on Monday, January 25. >