CoSWID AD review edits #33
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
** Section 1. Per the remote attestation use case, would the RATS architecture draft be more appropriate than [I-D.birkholz-rats-tuda]?
the Corpus tag appears to have no change of state -- get removed at all during the Lifecycle?
** Section 1.1. Editorial. After reading this section, I was wondering about what's the difference between patching and upgrading? Does one bump the version number and the other does not? Perhaps a forward reference to Section 2.3 would be appropriate here.
** Section 2.1. Recommend using normative language:
** Section 2.3. Global Typo. s/section Section/Section/g
** Section 2.3. Per "This item represents a query as defined by the W3C Media Queries Recommendation (see [W3C.REC-css3-mediaqueries-20120619])" can normative language be applied here to constrain the format. Perhaps "This item MUST be formatted as query defined by the W3C Media Queries Recommendation (see [W3C.REC-css3-mediaqueries-20120619]) format.
** Section 2.6 Editorial. s/an registration ID/a registration ID/ ** Section 2.6. Per "In a given scope, the registration id MUST be used consistently for CoSWID tag production.", can you clarify what you mean by consistently?
** Section 2.7. Typo. s/a Ownership/an Ownership/ ** Section 2.7. Typo. s/Link Use Value Value/Link Use Value/ ** Section 2.8. Typo. s/identfies/identifies/ ** Section 2.8. unspsc-code. Please cite the URL of unspsc.org by reference.
** Section 2.9.1. Should the Status field of the Named Information Hash Algorithm Registry be considered when choosing an appropriate hash algorithm?
** Section 4.1. Typo. s/gudelines/guidelines/ ** Section 4.1. Editorial. s/decimal number ./decimal number./ ** Section 5.2.1. Typo. s/Proceedures/Procedures/ ** Section 5.3. Editorial. s/RFC-7049/[RFC7049] not fixed but first pass: ** Section 5.6.1 and 5.6.2. Please use the template described in Section 7.4 of RFC 7595. The fields below are part of the "old template".
** Section 5.6.1. Typo. s/speific/specific/ ** Section 5.6.1. Global Typo. s/indentify/identify/g ** Section 5.7. Typo. s/ietm/item/ ** Section 6. Per "When an authoritative tag is signed, the software provider can be authenticated as the originator of the signature", what is the binding between the software provider and the key used to provide the signature? Put in another way, how do I know the signature on the CoSWID really belongs to the software provider? Same for a supplementary tag?
** Section 6. "collected from an endpoint in transit and at rest" ** Section 6. Per "For this reason, tools that consume SWID/CoSWID tags ought to treat ...", is normative language or less colloquial language more appropriate here - s/ought/should/?
…h specific focus on SWID/CoSWID issues
…ash with Section in resource-collection
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Edits to address AD review feedback from Roman Danyliw, with specific focus on CoSWID issues