Re: [SCITT] [spdx] CISA's proposed attestation form is now available and they are seeking comments
|
I'm seeing a good response so far.
toggle quoted message
Show quoted text
Hoping to reach 100 small and medium businesses providing software to the US Government sign-on to this collaborative joint filing effort before the filing deadline for this CISA call for comments. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788 -----Original Message-----
From: SCITT <scitt-bounces@...> On Behalf Of Michael Richardson Sent: Sunday, April 30, 2023 1:18 PM To: ljeanc@...; spdx@...; scitt@... Subject: Re: [SCITT] [spdx] CISA's proposed attestation form is now available and they are seeking comments L Jean Camp <ljeanc@...> wrote: > I am interested. Also I would like to know if anyone else has any interest > in ensuring attestation standards have space to enable cryptographic > agility or move towards self attesting addresses? If you pick an IETF specification like CWT/COSE (EAT) and agility is built in to the specification. Roll your own stuff, and you are probably in trouble. But there is more than formats and specifications needed to support agility. People have to use a variety of things so that software regularly is ready to accept the variety. -- Michael Richardson <mcr+IETF@...> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide |
|
|