From nobody Mon May 18 03:12:17 2020 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D26F53A0A6E; Mon, 18 May 2020 03:12:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.7 X-Spam-Level: X-Spam-Status: No, score=-7.7 tagged_above=-999 required=5 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IF3wcTwoIc09; Mon, 18 May 2020 03:12:04 -0700 (PDT) Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 250793A0A6C; Mon, 18 May 2020 03:12:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8748; q=dns/txt; s=iport; t=1589796724; x=1591006324; h=from:mime-version:subject:date:references:cc:to: message-id; bh=xxpW0xl+YMGxMYeKMNVgRIwcWq9l4lPHv6zaDMZFZ34=; b=LBtJXJRxRyyu9K54thuujs0/jEEt7r+sgniPMkQYZKwx+HV7ONRqi0aI NMyIj5JzYiCs//jxYB6D5O10zVZTmb3fQR1DDQoN/4/FtoVagYHlq8QKw 0SYOh+aFGd/ivzTgmoYGBxgTzAjyJqr9T0Iq1beYK56VgygIGnYZ9FTST c=; X-IPAS-Result: =?us-ascii?q?A0DAAABNX8Je/xbLJq1cChkBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QESAQEBAQEBAQEBAQEBQIFHAgGDGFUgEiyNJYgGk1eIDQsBAQEMAQEjDAQBA?= =?us-ascii?q?YFQgnQCgkA5BQ0CAwEBAQMCAwEBAQEFAQEBAgEFBG2FVgxCARABhR0BAQICA?= =?us-ascii?q?XcCBQscAwECL00CCAcSgyYBglwgD65hdIE0hD4CDkGFK4E4AYxbggCBESccg?= =?us-ascii?q?k0+gmcBAQIBAYE0TYMngi0EjmaJPJpuglqCdIUykCEdgl2BDodihFuNLpBDi?= =?us-ascii?q?WuQIYNHAgQGBQIVgT8rIYFWMxoIGxUaSwGCPgk1EhgNmUaFRD8DMAI1AgYIA?= =?us-ascii?q?QEDCYVOiW0BAQ?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos; i="5.73,406,1583193600"; d="scan'208,217"; a="23968253" Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 May 2020 10:12:00 +0000 Received: from [10.61.223.201] ([10.61.223.201]) by aer-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 04IABxdJ025681 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 18 May 2020 10:12:00 GMT From: Eliot Lear Content-Type: multipart/alternative; boundary="Apple-Mail=_504AF03E-D2F1-4EB6-9071-BCA5B722A8F8" Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Date: Mon, 18 May 2020 12:11:59 +0200 References: <158979632988.13399.5709754050042133625@ietfa.amsl.com> Cc: "Rose, Scott W. (Fed)" To: opsawg@ietf.org, mud@ietf.org, iot-onboarding@ietf.org Message-Id: <8239B081-5DC8-46E5-AC5C-44C3CC2CB0BB@cisco.com> X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Outbound-SMTP-Client: 10.61.223.201, [10.61.223.201] X-Outbound-Node: aer-core-1.cisco.com Archived-At: Subject: [Mud] Fwd: New Version Notification for draft-lear-opsawg-mud-sbom-00.txt X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2020 10:12:07 -0000 --Apple-Mail=_504AF03E-D2F1-4EB6-9071-BCA5B722A8F8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi everyone, Below is a draft that Scott Rose and I have co-authored. Its purpose is = to help deployments identify software bills of materials (SBOMs) when = they are available. An SBOM is a software inventory that includes some = additional meta-information, such as what dependencies a component may = have. The idea behind SBOMs is that they can provide licensing status = to developers, and some notion of vulnerability status to everyone (and = I mean everyone). MUD is ideal as a discovery mechanism. The goal is not to create new = ways to retrieve the information, but simply to advertise what ways are = available for a given device. Eliot > Begin forwarded message: >=20 > From: > Subject: New Version Notification for = draft-lear-opsawg-mud-sbom-00.txt > Date: 18 May 2020 at 12:05:29 CEST > To: Scott Rose , Eliot Lear >=20 >=20 > A new version of I-D, draft-lear-opsawg-mud-sbom-00.txt > has been successfully submitted by Eliot Lear and posted to the > IETF repository. >=20 > Name: draft-lear-opsawg-mud-sbom > Revision: 00 > Title: SBOM Extension for MUD > Document date: 2020-05-18 > Group: Individual Submission > Pages: 14 > URL: = https://www.ietf.org/internet-drafts/draft-lear-opsawg-mud-sbom-00.txt > Status: = https://datatracker.ietf.org/doc/draft-lear-opsawg-mud-sbom/ > Htmlized: = https://tools.ietf.org/html/draft-lear-opsawg-mud-sbom-00 > Htmlized: = https://datatracker.ietf.org/doc/html/draft-lear-opsawg-mud-sbom >=20 >=20 > Abstract: > Software bills of materials (SBOMs) are formal descriptions of what > pieces of software are included in a product. This memo specifies a > means for manufacturers to state how SBOMs may be retrieved through > an extension to manufacturer usage descriptions (MUD). >=20 >=20 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > The IETF Secretariat >=20 >=20 --Apple-Mail=_504AF03E-D2F1-4EB6-9071-BCA5B722A8F8 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = everyone,

Below is a = draft that Scott Rose and I have co-authored.  Its purpose is to = help deployments identify software bills of materials (SBOMs) when they = are available.  An SBOM is a software inventory that includes some = additional meta-information, such as what dependencies a component may = have.  The idea behind SBOMs is that they can provide licensing = status to developers, and some notion of vulnerability status to = everyone (and I mean everyone).
MUD is ideal as a discovery mechanism. =  The goal is not to create new ways to retrieve the information, = but simply to advertise what ways are available for a given = device.

Eliot

Begin forwarded message:

From: = <internet-drafts@ietf.org>
Subject: = New Version = Notification for draft-lear-opsawg-mud-sbom-00.txt
Date: = 18 May 2020 at 12:05:29 CEST
To: = Scott Rose <scott.rose@nist.gov>, Eliot Lear <lear@cisco.com>

A new version of I-D, draft-lear-opsawg-mud-sbom-00.txt
has been successfully submitted by Eliot Lear and posted to = the
IETF repository.

Name: = draft-lear-opsawg-mud-sbom
Revision: 00
Title:= = SBOM Extension for MUD
Document date: = 2020-05-18
Group: Individual Submission
Pages:= = 14
URL: =            https://www.ietf.org/internet-drafts/draft-lear-opsawg-mud-sbom= -00.txt
Status: =         https://datatracker.ietf.org/doc/draft-lear-opsawg-mud-sbom/
Htmlized:       https://tools.ietf.org/html/draft-lear-opsawg-mud-sbom-00Htmlized:       https://datatracker.ietf.org/doc/html/draft-lear-opsawg-mud-sbo= m


Abstract:
=   Software bills of materials (SBOMs) are formal descriptions = of what
  pieces of software are included in a = product.  This memo specifies a
  means = for manufacturers to state how SBOMs may be retrieved through
  an extension to manufacturer usage descriptions = (MUD).




Please note that it may take a couple of minutes from the = time of submission
until the htmlized version and diff are = available at tools.ietf.org.

The IETF = Secretariat



= --Apple-Mail=_504AF03E-D2F1-4EB6-9071-BCA5B722A8F8--