Thank you for these, Thomas. We will make these changes. If you have a preferred bibliographic reference, we can use that. Eliot > On 6 Mar 2023, at 17:47, Schmidt, Thomas <thomas.schmidt@xxxxxxxxxxx> wrote: > > Dear colleagues, > > the draft currently lists in section 9.2 a reference to CSAF: > >> [CSAF] OASIS, "Common Security Advisory Format", July 2021, >> <https://github.com/oasis-tcs/csaf>. > > The correct name is "Common Security Advisory Framework". Please also update the link to the standard to https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html or https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html > > Suggested: >> [CSAF] OASIS, "Common Security Advisory Framework Version 2.0", November 2022, >> <https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html>. > > I guess a similar comment applies to CVRF which is currently listed as: > >> [CVRF] Santos, O., Ed., "Common Vulnerability Reporting Framework >> (CVRF) Version 1.2", September 2017, <https://docs.oasis- >> open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.pdf>. > > But instead should be: > >> [CVRF] OASIS , "Common Vulnerability Reporting Framework >> (CVRF) Version 1.2", September 2017, <https://docs.oasis- >> open.org/csaf/csaf-cvrf/v1.2/csaf-cvrf-v1.2.pdf>. > > You could add the editors for both as well - but I'm not too sure what the recommended format from IEFT looks like. > > Kind regards, > Thomas Schmidt > > -- > Thomas Schmidt > -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
