Hi Michael, > On 17 May 2021, at 12:03, Michael Richardson <[email protected]> wrote: > > > Eliot Lear <[email protected]> wrote: >> For those not keeping score, SBOMs are entering the world of >> regulation. US President Joe Biden issued an executive order,[1] >> Section 4 of which focuses on supply chain security, and SBOMs. One of >> the key aspects will be how that information is shared. NIST, NTIA, >> and DHS will play a big role. > > What should the IETF do?
I think we’re doing a lot of what we should be doing: finding a means to facilitate information sharing. > > Things I can think about: > 1) Ask Allen Friedman to do an IAB Tech presentation Why not? > > 2) Be clear about what core technologies from the IETF are being leveraged. You bet. > > 3) Find a replacement for MAC addresses as primary key to identify specific > devices Not sure how this applies. > > 4) How do our incident reporting protocols preserve or do not preserve > privacy? Once we have better supply chain security, then we will have > better and clearer statements about vulnerabilities. How does this > translate back to reports about specific devices? > How can an ISP gauge the extent of their vulnerability without actually > having an inventory of devices? > (I think Bloom filters have some role here) Good question. Eliot
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
