IETF Logo Mail Archive

Re: [calsify] Fwd: New Timestamp Draft

Ned Freed <ned.freed@mrochek.com> Sun, 24 January 2021 01:09 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FA8E3A0EB2 for <calsify@ietfa.amsl.com>; Sat, 23 Jan 2021 17:09:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UDYldcQyp5EB for <calsify@ietfa.amsl.com>; Sat, 23 Jan 2021 17:09:36 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [98.153.82.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CF473A0EAF for <calsify@ietf.org>; Sat, 23 Jan 2021 17:09:36 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RUQ4KA3D8G00EYN1@mauve.mrochek.com> for calsify@ietf.org; Sat, 23 Jan 2021 17:04:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1611450273; bh=F2E9G4Kwjw1cCxOBaHmArFqC4ZMcbeaUkYQ3XQTIDtI=; h=Cc:Date:From:Subject:In-reply-to:References:To:From; b=XycsJu3zXtRJ9GnM40RmF20UvsaJ4J37wUBjdKZ8JSh4rsD50gg1LuzaGhM6YAGzJ 9VmYquO0NII2o8DsihjQQcaTrONJGwGqTjEvjxtYEM5S5aluzLgHV8xZcTrfr6Xnad JeV96j8KVElxBHSVZhYe6MYZ0Lw96HpJ71qX7WKY=
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="us-ascii"; Format="flowed"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RUAOXM63XS005PTU@mauve.mrochek.com>; Sat, 23 Jan 2021 17:04:31 -0800 (PST)
Cc: calsify@ietf.org
Message-id: <01RUQ4K8M1RQ005PTU@mauve.mrochek.com>
Date: Sat, 23 Jan 2021 16:00:53 -0800
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Sat, 23 Jan 2021 18:42:57 -0500" <d17b75e7-9720-6bd3-dd23-349e8ceac4a3@gmail.com>
References: <5927c3a3-9539-553d-598a-18d8bdadb244@igalia.com> <c9a1caed-829a-2339-21c1-5f0970110863@igalia.com> <01RUQ0ZW4L3U005PTU@mauve.mrochek.com> <d17b75e7-9720-6bd3-dd23-349e8ceac4a3@gmail.com>
To: Michael Douglass <mikeadouglass@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/U3oetXCoc-0tYtMt54AeSqxNl4I>
Subject: Re: [calsify] Fwd: New Timestamp Draft
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2021 01:09:38 -0000

> On 1/23/21 18:17, Ned Freed wrote:
> > Generality has real costs. To name the obvious example, I don't want to
> > *ever* see a timezone rule in a log file timestamp, or a field in an
> > email message.

> I have had a number of conversations with people tasked with auditing
> log records bemoaning the lack of a timezone id in logs. Without the id
> how do we know how an offset or UTC date was calculated?

The purpose of a time value in the sorts of logs I'm talking about is to
accurately describe the moment in time when something happened. Nothing more,
nothing less. The RFC 3339/ISO 8601 format gives you this along with the
ability to specify the value as an offset from GMT.

If you really want more information along the lines of what this draft
provides, like what timezone rules were in effect somewhere or what calendar it
should be "projected to" (to use the draft's terminology), then by all
means include that in a separate field in the log.

With computers increasingly going back to being shared resources in some random
data center some place other than anyone involved in generating the log entry,
figuring out the right "somewhere" is a highly nontrivial problem. This
is  true even for time zone offsets, and the further you go the harder it gets.
(Of course this doesn't stop people from using offsets in their logs even when
they have nothing to do with anything other than the location of some random
piece of hardware.)

And of course there can be multiple somewheres, which means these values need
to have additional semantics attached in order to be interpreted properly.

All of which argues strongly for not combining what are in fact separate
pieces of information.

Given all this, my advice to your auditor pals is, "Be careful what you wish
for, because you're likely to end up with useless garbage."

There's also very strong trend in the logging world to try and avoid complex
field values because they hugely complicate aggregation, searching and sorting
operations. In this world the use of RFC 3339 may be profiled to GMT only, or
replaced entirely by a UNIX epoch or milliepoch values.

> it's simply an offset showing what's considered to be local time.

? Offsets are a standard part of ISO 8601/RFC 3339.

> Accurately recording the date/time that an event occurred is as
> important for logging as it is for future events.

?? None of this has anything to do with accuracy. If you're not putting
in the correct offset for your time values you're doing it wrong.

> {and I don't think we're talking about rules - just ids]

??? We most certainly are talking about rules. If you think otherwise you
need to reread the draft.

				Ned

v2.23.0 | Report a Bug | By Email