Either HTTP or HTTPS should be allowed and supported.
fYI: I just attended a Venable session on SBOM adoption and Matt Fussa of Cisco indicated that Cisco is making SBOM's available on customer protected portals. This is the most predominant delivery mechanism for SBOM's that we have encountered at REA. We have not retrieved a single NTIA compliant SBOM from a device since the Company began in 2018. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 From: OPSAWG <[email protected]> On Behalf Of tom petch Sent: Wednesday, September 7, 2022 11:38 AM To: Michael Richardson <[email protected]>; Eliot Lear <[email protected]>; [email protected] Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sbom-access-07.txt From: Michael Richardson Sent: Wednesday, September 07, 2022 14:51 tom petch <[email protected] <mailto:[email protected]> > wrote: > web should be https not http There are lots of reasons why a self-hosted SBOM might have to be HTTP. <tp> Indeed, but my original comment, April I think, was that http://tools,ietf.org should be https://datatracker.ietf.org in the YANG contact information. tools is now datatracker but I expect that the IESG will still want https:. Tom Petch > On 02.09.22 18:57, [email protected] <mailto:[email protected]> wrote: >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. This draft is a work item of the Operations and >> Management Area Working Group WG of the IETF. >> >> Title : Discovering and Retrieving Software Transparency and >> Vulnerability Information Authors : Eliot Lear Scott Rose Filename : >> draft-ietf-opsawg-sbom-access-07.txt Pages : 21 Date : 2022-09-02 >> >> Abstract: To improve cybersecurity posture, automation is necessary to >> locate what software is running on a device, whether that software has >> known vulnerabilities, and what, if any recommendations suppliers may >> have. This memo specifies a model to provide access to this >> information. It may optionally be discovered through manufacturer >> usage descriptions. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/ >> >> There is also an htmlized version available at: >> https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-sbom-access-07 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-sbom-access-07 >> >> >> Internet-Drafts are also available by rsync at >> rsync.ietf.org::internet-drafts >> >> >> _______________________________________________ OPSAWG mailing list >> [email protected] <mailto:[email protected]> https://www.ietf.org/mailman/listinfo/opsawg >> > _______________________________________________ OPSAWG mailing list > [email protected] <mailto:[email protected]> https://www.ietf.org/mailman/listinfo/opsawg
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
