Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
Alexander Clemm <alexander.clemm@huawei.com> Wed, 17 January 2018 02:08 UTC
Return-Path: <alexander.clemm@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3E1712EC1D for <netmod@ietfa.amsl.com>; Tue, 16 Jan 2018 18:08:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.23
X-Spam-Level:
X-Spam-Status: No, score=-4.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LgYMDMh95Fv2 for <netmod@ietfa.amsl.com>; Tue, 16 Jan 2018 18:08:15 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA2EF12EC01 for <netmod@ietf.org>; Tue, 16 Jan 2018 18:08:15 -0800 (PST)
Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id E4518FE3846AE for <netmod@ietf.org>; Wed, 17 Jan 2018 02:08:10 +0000 (GMT)
Received: from SJCEML701-CHM.china.huawei.com (10.208.112.40) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 17 Jan 2018 02:07:24 +0000
Received: from SJCEML521-MBX.china.huawei.com ([169.254.1.83]) by SJCEML701-CHM.china.huawei.com ([169.254.3.207]) with mapi id 14.03.0361.001; Tue, 16 Jan 2018 18:07:19 -0800
From: Alexander Clemm <alexander.clemm@huawei.com>
To: Alex Campbell <Alex.Campbell@Aviatnet.com>, Benoit Claise <bclaise@cisco.com>, Kent Watsen <kwatsen@juniper.net>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
Thread-Index: AQHTi/jz+X7eCw0jfk6j/DOoJ8NZ+qN3RMsAgAAG54CAAElbAP//wJfA
Date: Wed, 17 Jan 2018 02:07:18 +0000
Message-ID: <644DA50AFA8C314EA9BDDAC83BD38A2E0EADB117@sjceml521-mbx.china.huawei.com>
References: <151579789446.21777.985631371557420470@ietfa.amsl.com> <B21EB766-3A67-4642-9791-16586449E885@juniper.net>, <c6151263-7f62-b8c3-98d5-02ffc2040b94@cisco.com> <1516139180331.69061@Aviatnet.com>
In-Reply-To: <1516139180331.69061@Aviatnet.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.209.217.214]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/1QBVNPQMlfjTSk0h2ZgkkucxMNU>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jan 2018 02:08:18 -0000
IMHO, if this module is supposed to be useful in practice, without requiring immediately proprietary augmentations, UDP needs to be supported. RFC 5424 also states that implementations SHOULD support a UDP transport per RFC 5426. Whether TCP support should be included is debatable because not a standard transport. Perhaps it should not, however given that it has already been specified, I don't think it hurts to have it as a feature/option for implementations that require it. --- Alex > -----Original Message----- > From: netmod [mailto:netmod-bounces@ietf.org] On Behalf Of Alex > Campbell > Sent: Tuesday, January 16, 2018 1:46 PM > To: Benoit Claise <bclaise@cisco.com>; Kent Watsen > <kwatsen@juniper.net>; netmod@ietf.org > Subject: Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt > > By the same reasoning surely UDP should not be available either, because it > also doesn't provide security. > ________________________________________ > From: netmod <netmod-bounces@ietf.org> on behalf of Benoit Claise > <bclaise@cisco.com> > Sent: Wednesday, 17 January 2018 6:23 a.m. > To: Kent Watsen; netmod@ietf.org > Subject: Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt > > Hi, > > > > ** Downref: Normative reference to an Historic RFC: RFC 6587 > > > > Kent: hmmm, what's going on here? This YANG module is providing an > ability to configure the "tcp" transport, even though the IESG made that > ability historic in 2012 (see IESG Note below). Searching online, it looks like > Cisco supports this, but Juniper does not. What about other vendors, is it > widely supported? Was this discussed in the WG? Answering my own > question, searching my local mailbox, I don't see this ever being discussed > before, other than Martin questioning if it was a good idea in Mar 2016 (no > response). Please start a thread on the list to get WG opinion if it's okay for > the draft to proceed as is or not. Here's the IESG Note from RFC 6587: > > > > IESG Note > > > > The IESG does not recommend implementing or deploying syslog over > > plain tcp, which is described in this document, because it lacks the > > ability to enable strong security [RFC3365]. > > > > Implementation of the TLS transport [RFC5425] is recommended so that > > appropriate security features are available to operators who want to > > deploy secure syslog. Similarly, those security features can be > > turned off for those who do not want them. > > > > > > > Well, I believe it's clear plain TCP should not be in the YANG module. > > Regards, Benoit > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod
- [netmod] I-D Action: draft-ietf-netmod-syslog-mod… internet-drafts
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Benoit Claise
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Alex Campbell
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Alexander Clemm
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… t.petch
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Clyde Wildes (cwildes)
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Alex Campbell