Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
Alex Campbell <Alex.Campbell@Aviatnet.com> Tue, 16 January 2018 21:46 UTC
Return-Path: <Alex.Campbell@Aviatnet.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B45A212EB47 for <netmod@ietfa.amsl.com>; Tue, 16 Jan 2018 13:46:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iO9ldMRwurTR for <netmod@ietfa.amsl.com>; Tue, 16 Jan 2018 13:46:22 -0800 (PST)
Received: from mail-send.aviatnet.com (mail-send.aviatnet.com [192.147.115.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F9DC12EB3E for <netmod@ietf.org>; Tue, 16 Jan 2018 13:46:22 -0800 (PST)
From: Alex Campbell <Alex.Campbell@Aviatnet.com>
To: Benoit Claise <bclaise@cisco.com>, Kent Watsen <kwatsen@juniper.net>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
Thread-Index: AQHTi/jfigWQjGIjg0uBhuY8mQzMfKN3RMsAgAAG6ID//8MWuw==
Date: Tue, 16 Jan 2018 21:46:20 +0000
Message-ID: <1516139180331.69061@Aviatnet.com>
References: <151579789446.21777.985631371557420470@ietfa.amsl.com> <B21EB766-3A67-4642-9791-16586449E885@juniper.net>, <c6151263-7f62-b8c3-98d5-02ffc2040b94@cisco.com>
In-Reply-To: <c6151263-7f62-b8c3-98d5-02ffc2040b94@cisco.com>
Accept-Language: en-NZ, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.15.6.10]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/E63IHy1Z5cAmW0al5549GTK5NxY>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jan 2018 21:46:23 -0000
By the same reasoning surely UDP should not be available either, because it also doesn't provide security. ________________________________________ From: netmod <netmod-bounces@ietf.org> on behalf of Benoit Claise <bclaise@cisco.com> Sent: Wednesday, 17 January 2018 6:23 a.m. To: Kent Watsen; netmod@ietf.org Subject: Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt Hi, > > ** Downref: Normative reference to an Historic RFC: RFC 6587 > > Kent: hmmm, what's going on here? This YANG module is providing an ability to configure the "tcp" transport, even though the IESG made that ability historic in 2012 (see IESG Note below). Searching online, it looks like Cisco supports this, but Juniper does not. What about other vendors, is it widely supported? Was this discussed in the WG? Answering my own question, searching my local mailbox, I don't see this ever being discussed before, other than Martin questioning if it was a good idea in Mar 2016 (no response). Please start a thread on the list to get WG opinion if it's okay for the draft to proceed as is or not. Here's the IESG Note from RFC 6587: > > IESG Note > > The IESG does not recommend implementing or deploying syslog over > plain tcp, which is described in this document, because it lacks the > ability to enable strong security [RFC3365]. > > Implementation of the TLS transport [RFC5425] is recommended so that > appropriate security features are available to operators who want to > deploy secure syslog. Similarly, those security features can be > turned off for those who do not want them. > > > Well, I believe it's clear plain TCP should not be in the YANG module. Regards, Benoit _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
- [netmod] I-D Action: draft-ietf-netmod-syslog-mod… internet-drafts
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Benoit Claise
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Alex Campbell
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Alexander Clemm
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… t.petch
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Clyde Wildes (cwildes)
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Kent Watsen
- Re: [netmod] I-D Action: draft-ietf-netmod-syslog… Alex Campbell