Reviewer: Scott Bradner Review result: Has Nits This is an OPS-DIR review of Concise Software Identification Tags This ID describes a concise representation of ISO Software Identification Tags and extensions to allow identification of additional types of information. The document is well written and easy to follow, and, as it should be considering the number of revisions, a mature document. I will say that I would not have expected that this much effort would have been applied to this specific problem (reducing the size of SWID repositories) in this day and age of cheap & big storage and where low speed nets are not all that slow - but I guess a bunch of people felt it was worth while I am not sure this is a nit or not, but it seems like the use of the terms "SWID" and "CoSWID" is not consistent for example in the following: CoSWID tags are intended to be easily discoverable by authorized applications and users on an endpoint in order to make it easy to determine the tagged software load. Access to the collection of an endpoint's SWID tags needs to be appropriately controlled to authorized applications and users using an appropriate access control mechanism. I am not sure why "SWID" is used in the second case - if that is purposeful then I missed the explanation of the difference along the same line - it would seem to me that the IANA repository should be at https://www.iana.org/assignments/coswid (or co_swid) not https://www.iana.org/assignments/swid otherwise, nice work (even if I do not understand the "why") Scott -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
