[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE ID Syntax Change - Second Round Voting Ballot (Deadline Wednesday, May 22, 2013, 11:59 PM EDT)


Enter your votes as specified in the preceding "Instructions" and
"Filling out the ballot" sections.


Option B

REASONS (first choice):
While considering only technical factors, I couldn't see an obvious reason why A
or B should be chosen.  The main reason I'm voting for B is better usability for
humans. I'm afraid that option A, made unwieldy with 8 digits, would discourage
the use of the CVE.

A secondary factor is that it has a similar format to the current one, that
effectively delays the change for as long as possible.


Option A

REASONS (second choice):
-An advantage is that numbering is straightforward, consistent with the
previous format, differing only in the number of leading zeros.

-It has a built-in integrity check, although primitive and of limited value.
With 8 digits, I believe that the value of this integrity check is less than the
loss of usability it causes for humans.  As I noted previously, integrity
checks can be provided separately from the identifier.  This allows the choice
of a better check that makes them more useful for machine to machine
communication, without affecting usability by humans.  Humans could also use
that other integrity check if they wished.  

-There is no normalization of identifiers to make human usage easier (as stated
in Steve's email).

Page Last Updated or Reviewed: October 03, 2014