Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt

Kent Watsen <> Fri, 09 February 2018 04:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EEB881242EA for <>; Thu, 8 Feb 2018 20:01:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id N7BIBxgzU3Rj for <>; Thu, 8 Feb 2018 20:01:49 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8EDF1127137 for <>; Thu, 8 Feb 2018 20:01:49 -0800 (PST)
Received: from pps.filterd ( []) by ( with SMTP id w193xckb014903; Thu, 8 Feb 2018 20:01:48 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=UO9tFGA42NbmIpvfCK0B2bMAu3rskifhrUPCfEUtAwA=; b=CgsNA1m9O1swNYq6tYsKM9j/Ckj7G4X+UgfgWnKLkeVwcJHDQUXZEbabxTnJI/ZkpXwf 8/uOBcNhlp65I1bxu4+d4l9AAN5iqoSbvgGY/5Vf0Q0QIWv2tIv9PuHgv/yHmoUKfbgP u+HtKDba0Fcr1kBN5x2oDtWb6JasHshFi5P8gAxEvOp7tTSc9AI2iKERjOCe0YHm5X+j tg1XOx2obdYRXy1o9CBG1ZMqTdh5qu3KSQGS6y2Ed1js9DEY2uvDJFwbZKQDLf7C3dXi lw+ZU+6UYoTRG5a58oulEslrRGoCAIf2HUYnzsOYsbpnI/kGEPLLTfsRPD+DQLz8nyB8 pg==
Received: from ( []) by with ESMTP id 2g13mug1mg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 08 Feb 2018 20:01:48 -0800
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.3; Fri, 9 Feb 2018 04:01:47 +0000
Received: from ([fe80::7433:3915:f20d:6747]) by ([fe80::7433:3915:f20d:6747%13]) with mapi id 15.20.0506.007; Fri, 9 Feb 2018 04:01:47 +0000
From: Kent Watsen <>
To: "Clyde Wildes (cwildes)" <>, "" <>
Thread-Topic: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
Thread-Index: AQHTi/jgm64n1kE5c0S5iq2VpQaBSqN2at0AgAznHmeAFJ1egIABnPeAgAG9VAA=
Date: Fri, 9 Feb 2018 04:01:47 +0000
Message-ID: <>
References: <> <> <045f01d39534$c02ba480$> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR05MB2906; 7:/qu4IFK/ObF+6GH1NPhlieVeaT4z6u0Zmt+A6ns0qKE52Pbg8kglUVPMnKzik5MjWS+W0MM1QZujGARLcDLeqUkrwOn4qxiZAq+PWshSomMhjG+S6w8LiGYzzJB2aE4GwOVS9BD8f7nXels/EdLNYPbtS9uZNhwvHUzBMmwblKJF/G9WuTkqolr4BklOdjjy8n8/Y+0Wbeb78e7ss9ysRrrTHZU3BbNG5seiX2VwjIW/sfpj3dkfuReKhJgera8n
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: db09c53f-4edb-4fe8-d5f8-08d56f71d6f1
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:DM5PR05MB2906;
x-ms-traffictypediagnostic: DM5PR05MB2906:
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(10436049006162)(209352067349851)(192374486261705)(138986009662008);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231101)(2400082)(944501161)(10201501046)(6055026)(6041288)(20161123562045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011); SRVR:DM5PR05MB2906; BCL:0; PCL:0; RULEID:; SRVR:DM5PR05MB2906;
x-forefront-prvs: 057859F9C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(366004)(396003)(39860400002)(39380400002)(199004)(189003)(13464003)(51444003)(52314003)(2950100002)(316002)(966005)(3280700002)(81156014)(8676002)(81166006)(2906002)(36756003)(3660700001)(8936002)(229853002)(14454004)(93886005)(97736004)(2900100001)(33656002)(2501003)(106356001)(5250100002)(102836004)(53936002)(76176011)(86362001)(25786009)(478600001)(82746002)(6436002)(6486002)(66066001)(83716003)(6246003)(6512007)(6306002)(68736007)(99286004)(575784001)(26005)(59450400001)(305945005)(58126008)(7736002)(110136005)(6116002)(3846002)(83506002)(6506007)(53546011)(186003)(105586002)(5660300001)(6346003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB2906;; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
x-microsoft-antispam-message-info: B22jWE5Vp+BCouEs22oHH49mhnmq0pla3c1tkAYQ98M+6dmnI3gb4tL6zecXLAhUriLFE1ELE077w70Y9K0thA==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: db09c53f-4edb-4fe8-d5f8-08d56f71d6f1
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2018 04:01:47.0485 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB2906
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-09_02:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802090049
Archived-At: <>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 09 Feb 2018 04:01:52 -0000

Hi Clyde.

> I will remove TLS if that is the preference of the chair and the working group.

We'd have to ask the WG, since it's not a chair or shepherd decision.  If you're okay leaving it in, and dealing with the fallout later, and no one objects, then I'm fine leaving TLS in.

> RFC 6587 can be made Informational.

Okay, but you have never mentioned if you know if anyone (Cisco?) is using it?  Juniper doesn't.   My first preference is to remove TCP support altogether.

> Working with an editor might help to avoid additional revisions.

Actually, it would be more like replacing you as the Editor.  You could stay on as an Author.  The point is, we need to have more timely responses...

> Unless I hear otherwise I will post another update on Friday with TLS, and its references, removed as well as the change to make RFC 6587 informational.

You can make those changes, but most importantly, you need to make sure it passes idnits.  BTW, I was wrong before, there is an error in the 2119 boilerplate (idnits verbose output shows it)

> Thanks,
> Clyde


====== original message =====

On 2/6/18, 4:49 PM, "Kent Watsen" <> wrote:

    Hi Clyde,
    The chairs were discussing the HISTORIC reference to RFC 6587.   As we understand it, RFC 6587 was actually originally published as a HISTORIC document to accommodate Security area concerns.  Apparently, Benoit was AD at the time, so he may recall.  The IETF took special effort to publish RFC 6587 anyway, likely due to TCP being in common use.  Anyway, we're wondering, must this document have a normative reference to RFC 6587?  - could it be made Informational instead?  Is understanding RFC 6587 necessary to implement the syslog draft?
    We also discussed the normative references to the keystore-and-friends drafts.   As it stands, my shepherd write-up is going to have to call these out as unstable dependencies.   I know that it was discussed before, but would you have any appetite to revisit having TLS in the first version of this module?  Perhaps it could be picked it up in a bis?
    When can you post an update?  Would you rather us appoint an Editor to help get it done sooner?  I think that we've been in this post-LC phase for nearly four months now...
    Kent // shepherd
    ===== original message =====
    My request for a reference for Posix hs been fixed in -19.
    Tom Petch
    ----- Original Message -----
    From: "Kent Watsen" <>
    To: <>
    Sent: Tuesday, January 16, 2018 4:59 PM
    > Clyde,
    > This draft still isn't passing idnits.  I provided the link to idnits
    previously, but here it is again:
    Below is the idnits output for -19 with inlined comments.
    > PS: I didn't also checked the other issues we're tracking, but will
    when we get past these idnits issues.
    > Kent
    > ===== START =====
    > idnits 2.15.00
    > /tmp/draft-ietf-netmod-syslog-model-19.txt:
    >   Checking boilerplate required by RFC 5378 and the IETF Trust (see
    >   --------------------------------------------------------------------
    >      No issues found here.
    >   Checking nits according to
    >   --------------------------------------------------------------------
    >      No issues found here.
    >   Checking nits according to :
    >   --------------------------------------------------------------------
    >   ** There is 1 instance of too long lines in the document, the
    longest one
    >      being 1 character in excess of 72.
    > Kent: this isn't a big deal IMO, but if it's easy to fix, it saves the
    RFC editor a step later on.
    >   Miscellaneous warnings:
    >   --------------------------------------------------------------------
    >   == Line 352 has weird spacing: '...gorithm    ide...'
    > Kent: this is fine.  it is in a tree diagram.
    >   == The document seems to lack the recommended RFC 2119 boilerplate,
    even if
    >      it appears to use RFC 2119 keywords -- however, there's a
    paragraph with
    >      a matching beginning. Boilerplate error?
    >      (The document does seem to have the reference to RFC 2119 which
    >      ID-Checklist requires).
    > Kent: I can't find the error.  Looking at the xml, it is verbatim what
    I have in the zerotouch draft.  my guess is that this is a tooling error
    and we should ignore it.
    >   -- The document date (January 12, 2018) is 4 days in the past.  Is
    >      intentional?
    > Kent: this is fine, it is intentional.
    >   Checking references for intended status: Proposed Standard
    >   --------------------------------------------------------------------
    >      (See RFCs 3967 and 4897 for information about using normative
    >      to lower-maturity documents in RFCs)
    >   == Unused Reference: 'I-D.ietf-netconf-keystore' is defined on line
    >      but no explicit reference was found in the text
    > Kent: looking at the XML, I see that the entire paragraph uses '[' and
    ']' as opposed to <xref .../>.  Please fix this.
    >   == Unused Reference: 'RFC7895' is defined on line 1456, but no
    >      reference was found in the text
    > Kent: looking at the XML, I see two instances of an unwanted "/&gt;"
    string.  For instance: <xref target="RFC7895"/>/&gt;  Please fix this.
    >   ** Downref: Normative reference to an Historic RFC: RFC 6587
    > Kent: hmmm, what's going on here?  This YANG module is providing an
    ability to configure the "tcp" transport, even though the IESG made that
    ability historic in 2012 (see IESG Note below).  Searching online, it
    looks like Cisco supports this, but Juniper does not.  What about other
    vendors, is it widely supported?  Was this discussed in the WG?
    Answering my own question, searching my local mailbox, I don't see this
    ever being discussed before, other than Martin questioning if it was a
    good idea in Mar 2016 (no response).  Please start a thread on the list
    to get WG opinion if it's okay for the draft to proceed as is or not.
    Here's the IESG Note from RFC 6587:
    >    IESG Note
    >    The IESG does not recommend implementing or deploying syslog over
    >    plain tcp, which is described in this document, because it lacks
    >    ability to enable strong security [RFC3365].
    >    Implementation of the TLS transport [RFC5425] is recommended so
    >    appropriate security features are available to operators who want
    >    deploy secure syslog.  Similarly, those security features can be
    >    turned off for those who do not want them.
    >      Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment
    >      Run idnits with the --verbose option for more detailed
    information about
    >      the items above.
    > ===== END =====
    > Thanks,
    > Kent // shepherd
    > _______________________________________________
    > netmod mailing list