Re: [netmod] draft-ietf-netmod-syslog-model-14 Signing Options

Kent Watsen <kwatsen@juniper.net> Wed, 07 June 2017 18:13 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAD641294FA for <netmod@ietfa.amsl.com>; Wed, 7 Jun 2017 11:13:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dXJHbnDFa-gi for <netmod@ietfa.amsl.com>; Wed, 7 Jun 2017 11:13:29 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0122.outbound.protection.outlook.com [104.47.41.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 986CB128D3E for <netmod@ietf.org>; Wed, 7 Jun 2017 11:13:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=EBq7VGtHnj3iKE25EkgkuTO4MxX0O9omksJeJSubG3E=; b=iykgaAmRCeqZ3g0/X+WwpRrdniHkBArf6+qyTYiwHYM8cuC1TyZEbCpaVNZEPYRU17v/Mod1uZundhrnIVGpb9u7VBvftVCYOgPm4Kbxq7ohLLm4Qo6lZsOjE+cPopQSISGtB3h1vq7EN+SNpPXsQrkY6q0MmX2CppJia0c1v0c=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1315.namprd05.prod.outlook.com (10.160.183.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1157.3; Wed, 7 Jun 2017 18:13:28 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.1157.010; Wed, 7 Jun 2017 18:13:28 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "Clyde Wildes (cwildes)" <cwildes@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] draft-ietf-netmod-syslog-model-14 Signing Options
Thread-Index: AQHS37nDXcXoaZtbs0+6sWnK2+6P1A==
Date: Wed, 7 Jun 2017 18:13:28 +0000
Message-ID: <64ACB130-D685-4A54-AD28-92A7E908AB30@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.241.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1315; 7:FGu51nf/bowQAmJNZ9GrmBcy1jiAuWdcn/hsKAieDmgpmmRV8XZIvN2D/4EswOTLzeYVWvGvshIhn2WbMGs05/Sdf3/RclN0wPWcNzKFMP+LOT/o75v6MqgCpNT4zpnEmschX7LW7Wb2AU3AdxrolNX2lsNaoGXkzmtdzj7CuMFh0vrdkkVEYCBD/3wOLIVUrRZZ3c8043a63Yrgg19GMi0klM1X/7s9LXn8+OHT/lLs0ysbuxPhXPCm3NT7km/vg4YovQxGFWlALwMLkpuQFHwTXHTyN4UBuhXq9kCGfFsKonYNP7zNScdQifMowtHmn3l+i+wALikDXenbxvS3qA==
x-ms-traffictypediagnostic: BN3PR0501MB1315:
x-ms-office365-filtering-correlation-id: f0a742fa-f0d0-4505-8f75-08d4add0e5c8
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:BN3PR0501MB1315;
x-microsoft-antispam-prvs: <BN3PR0501MB131529B3808B6DBDFF6A8BD4A5C80@BN3PR0501MB1315.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041248)(20161123562025)(20161123555025)(20161123560025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1315; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1315;
x-forefront-prvs: 03319F6FEF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39400400002)(39450400003)(39860400002)(39410400002)(305945005)(966005)(66066001)(3846002)(53936002)(82746002)(6512007)(25786009)(189998001)(38730400002)(102836003)(6116002)(2900100001)(6246003)(6306002)(83716003)(99286003)(229853002)(14454004)(83506001)(4001350100001)(2501003)(230783001)(2906002)(86362001)(5660300001)(81166006)(6506006)(478600001)(7736002)(77096006)(3280700002)(8936002)(50986999)(122556002)(6436002)(6486002)(36756003)(3660700001)(54356999)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1315; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <E7F52FB99380BB41A57A8EF847F07024@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2017 18:13:28.3790 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1315
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/VVErxDXn2kSoMBbuI10ujwFA_rU>
Subject: Re: [netmod] draft-ietf-netmod-syslog-model-14 Signing Options
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 18:13:32 -0000

Hi Clyde,

Since no concerns have been raised, should we be expecting an updated syslog draft shortly?

Kent // as shepherd

--

Hi,

As part of the last few steps before again calling for last call for draft-ietf-netmod-syslog-model-14, we are adding certificate support to the signing-options container. RFC 5848: Signed Syslog Messages is the RFC that governs this section.

The signing-options container resides within the remote action destination list section of the model. This means signing-options will be configurable for each remote destination.

RFC 5848 supports four signature groups as defined in section 4.2.3 Signature Group and Signature Priority of the RFC:
https://tools.ietf.org/html/rfc5848#section-4.2.3

We are proposing to limit our support to Signature Group 0 which covers the case for administrators who want all messages of a syslog stream to be signed and Signature Blocks to be sent to a single destination.  We believe this case covers all deployment scenarios that are commonly encountered.  

Support for Signature Groups 1 (each PRI value is associated with its own Signature Group), 2 (each Signature Group contains a range of PRI values), and 3 (Signature Groups are negotiated through a private arrangement) could be added to the model later through augmentation.

Please let us know if you have any concerns about this.

Thanks,

Clyde


_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod