Note: This ballot was opened for revision 02-02 and is now closed.
Ballot question: "Do we approve of this charter?"
I'm glad to see work in this space going forward (so, "Yes" ballot position), but do have some questions that might be worth considering before the charter is approved. Disclaimer - SACM is far from being something I understand well, and people with more clue may have obvious answers, but since I had questions, I'm asking. I wasn't sure what would actually be extended in the reference to NEA [https://ietf.org/wg/concluded/nea.html]. Can you point to an NEA RFC that this work is starting from? I realize that SACM and SUIT are now on the same telechat agenda, but is there any relationship between "information about firmware, operating systems, and software installed on an endpoint" and what you're visualizing for SUIT? ("and for TEEP" is another question, and maybe premature) I guess I should ask the same thing about "- Define a method of expressing software metadata that is suitable for use by constrained devices including a CBOR-based format derived from the ISO/IEC 19770-2 Software Identification (SWID) tag standard", later in the charter. For the evaluation criteria language - is there a candidate starting point for this work (or even a potential candidate starting point)?