RE: Candidate numbering scheme
>If N will become the CVE-N, I think this will work fine.
>Otherwise, we need to add references to CAN-NETECT-19990514A
>to CVE-00666 to reference the discussion that lead to its
Um, so that means that "CAN-NETECT-19990514A" would become CVE-A,
Let's assume that NTBugtraq is assigned the <id> of "01". A candidate
proposal from me today would then get;
another, later today, would get;
and so on. One tomorrow would get;
and the last number would start to increment again.
This works well if CAN-01-1999051401 becomes CVE-01-1999051401 when and
if its accepted as a CVE. I do not think it should get some other
number, or else we'll have to include a reference to the CAN number in
This allows everyone to assign numbers as needed without having to use
any central numbering system or wait for someone to respond. It allows
people to assign the number internally before disclosing it to the
CVE-review list. It make the CAN number directly and obviously
associated to the CVE number (when/if accepted) and makes revisions to
any internal dBs far less work.
The CVE numbers would always increment (meaning they wouldn't be lower
than any that came before it).
I vote for this numbering mechanism.
Russ - NTBugtraq Editor