Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Security Automation and Continuous Monitoring
charter-ietf-sacm-03

Yes

(Kathleen Moriarty)

(Spencer Dawkins)

No Objection

(Adam Roach)

(Alexey Melnikov)

(Alvaro Retana)

(Ben Campbell)

(Deborah Brungard)

(Suresh Krishnan)

(Terry Manderson)

Ballots:

Note: This ballot was opened for revision 02-02 and is now closed.

Ballot question: "Do we approve of this charter?"

Kathleen Moriarty Former IESG member

Yes

Yes (for -02-02) Unknown

Spencer Dawkins Former IESG member

Yes

Yes (2017-11-29 for -02-02) Unknown

I'm glad to see work in this space going forward (so, "Yes" ballot position), but do have some questions that might be worth considering before the charter is approved.

Disclaimer - SACM is far from being something I understand well, and people with more clue may have obvious answers, but since I had questions, I'm asking. 

I wasn't sure what would actually be extended in the reference to NEA [https://ietf.org/wg/concluded/nea.html]. Can you point to an NEA RFC that this work is starting from?

I realize that SACM and SUIT are now on the same telechat agenda, but is there any relationship between "information about firmware, operating systems, and software installed on an endpoint" and what you're visualizing for SUIT? ("and for TEEP" is another question, and maybe premature)

I guess I should ask the same thing about "- Define a method of expressing software metadata that is suitable for use by constrained devices including a CBOR-based format derived from the ISO/IEC 19770-2 Software Identification (SWID) tag standard", later in the charter.

For the evaluation criteria language - is there a candidate starting point for this work (or even a potential candidate starting point)?

Adam Roach Former IESG member

No Objection