IETF Logo Mail Archive

Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt

"Clyde Wildes (cwildes)" <cwildes@cisco.com> Wed, 07 February 2018 20:28 UTC

Return-Path: <cwildes@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB153126D05 for <netmod@ietfa.amsl.com>; Wed, 7 Feb 2018 12:28:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.531
X-Spam-Level:
X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rBiv7wIuj_OR for <netmod@ietfa.amsl.com>; Wed, 7 Feb 2018 12:28:03 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EBF512751F for <netmod@ietf.org>; Wed, 7 Feb 2018 12:28:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11442; q=dns/txt; s=iport; t=1518035282; x=1519244882; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=inYwQZBMF6X/za5qsof+p9tWkBfg7Nt2EQk1FwWHolk=; b=Ij/LP/OYDy5vlubqtZubRbUiynwzxxLAwJQXH0XthfUmkNzD7PGOstCw RTB+eI8Qm9RPc0ILq6SeQU3K/FOm47JlhlEIfmECf+XW2RxWyzMccJD/l UiU1MkHgfkpviVVr7/LGr0qbWmCxaA70Wds/Vbo674jDd2nkRG8H4LoyU c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DLAAD7YHta/5FdJa1dGQEBAQEBAQEBAQEBAQcBAQEBAYNRZnAoCoNbiiSOJoFbJ3yWVhWCAwofhRwCGoJPVBgBAgEBAQEBAQJrKIUjAQEBAwEjEToXBAIBCA4HAQQCJgICAjAVEAIEARKKLQixYIInhQCDeIIKAQEBAQEBAQEBAQEBAQEBAQEBAQEBHYEPg2aCFYFXgWgpDIJDNoMvBIEoJQqDLzGCNAEEimqZPwkCiByNXYIeZ4VAi3mLEolBgwoCERkBgTsBHzmBUHAVPSoBghsJhG54i1CBJYEXAQEB
X-IronPort-AV: E=Sophos;i="5.46,473,1511827200"; d="scan'208";a="353255923"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2018 20:27:54 +0000
Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id w17KRs47031581 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 7 Feb 2018 20:27:54 GMT
Received: from xch-aln-015.cisco.com (173.36.7.25) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 7 Feb 2018 14:27:53 -0600
Received: from xch-aln-015.cisco.com ([173.36.7.25]) by XCH-ALN-015.cisco.com ([173.36.7.25]) with mapi id 15.00.1320.000; Wed, 7 Feb 2018 14:27:53 -0600
From: "Clyde Wildes (cwildes)" <cwildes@cisco.com>
To: Kent Watsen <kwatsen@juniper.net>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
Thread-Index: AQHTi/jjJvmTWqOlt0ibymRgFNi7TqN3I0QAgAwuwXGAFVW8AIABSSEA
Date: Wed, 07 Feb 2018 20:27:53 +0000
Message-ID: <5C6AA747-4459-408C-B5CA-12E2210D36EA@cisco.com>
References: <151579789446.21777.985631371557420470@ietfa.amsl.com> <B21EB766-3A67-4642-9791-16586449E885@juniper.net> <045f01d39534$c02ba480$4001a8c0@gateway.2wire.net> <C98C7B05-23F2-4983-9862-DF30F0BF29F3@juniper.net>
In-Reply-To: <C98C7B05-23F2-4983-9862-DF30F0BF29F3@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.154.131.46]
Content-Type: text/plain; charset="utf-8"
Content-ID: <E00C96CB50C9CD4DBCCECC55A0545F77@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/wBgQ9_6NNjRy8-CHWFSnUnqeLQ8>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-syslog-model-19.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 20:28:06 -0000

Kent,

I will remove TLS if that is the preference of the chair and the working group.

RFC 6587 can be made Informational.

Working with an editor might help to avoid additional revisions.

Unless I hear otherwise I will post another update on Friday with TLS, and its references, removed as well as the change to make RFC 6587 informational.

Thanks,

Clyde


On 2/6/18, 4:49 PM, "Kent Watsen" <kwatsen@juniper.net> wrote:

    Hi Clyde,
    
    The chairs were discussing the HISTORIC reference to RFC 6587.   As we understand it, RFC 6587 was actually originally published as a HISTORIC document to accommodate Security area concerns.  Apparently, Benoit was AD at the time, so he may recall.  The IETF took special effort to publish RFC 6587 anyway, likely due to TCP being in common use.  Anyway, we're wondering, must this document have a normative reference to RFC 6587?  - could it be made Informational instead?  Is understanding RFC 6587 necessary to implement the syslog draft?
    
    We also discussed the normative references to the keystore-and-friends drafts.   As it stands, my shepherd write-up is going to have to call these out as unstable dependencies.   I know that it was discussed before, but would you have any appetite to revisit having TLS in the first version of this module?  Perhaps it could be picked it up in a bis?
    
    When can you post an update?  Would you rather us appoint an Editor to help get it done sooner?  I think that we've been in this post-LC phase for nearly four months now...
    
    Kent // shepherd
    
    
    ===== original message =====
    
    Kent
    
    My request for a reference for Posix hs been fixed in -19.
    
    Tom Petch
    
    ----- Original Message -----
    From: "Kent Watsen" <kwatsen@juniper.net>
    To: <netmod@ietf.org>
    Sent: Tuesday, January 16, 2018 4:59 PM
    
    > Clyde,
    >
    > This draft still isn't passing idnits.  I provided the link to idnits
    previously, but here it is again: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_tools_idnits&d=DwICAw&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=vB8Genu4I7nOu9B7lKz5mWWYCBuuHwmgn0HIzePAk6Q&s=HHa4Kg7ZoXOz6uC9VkiT_-jMeGdW9Kbfo1CydiT4bM8&e=.
    Below is the idnits output for -19 with inlined comments.
    >
    > PS: I didn't also checked the other issues we're tracking, but will
    when we get past these idnits issues.
    >
    > Kent
    >
    >
    > ===== START =====
    > idnits 2.15.00
    >
    > /tmp/draft-ietf-netmod-syslog-model-19.txt:
    >
    >   Checking boilerplate required by RFC 5378 and the IETF Trust (see
    >   https://urldefense.proofpoint.com/v2/url?u=https-3A__trustee.ietf.org_license-2Dinfo&d=DwICAw&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=vB8Genu4I7nOu9B7lKz5mWWYCBuuHwmgn0HIzePAk6Q&s=L95k8rDeNKaSZXkCpqx2hwzmGDw8trmzmYOT0SLU-fQ&e=):
    >   --------------------------------------------------------------------
    --------
    >
    >      No issues found here.
    >
    >   Checking nits according to
    https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_id-2Dinfo_1id-2Dguidelines.txt&d=DwICAw&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=vB8Genu4I7nOu9B7lKz5mWWYCBuuHwmgn0HIzePAk6Q&s=wrmo4jVcBb7-_LFH7ty-TOpG80tfe3pWbfCSFZaT6eY&e=:
    >   --------------------------------------------------------------------
    --------
    >
    >      No issues found here.
    >
    >   Checking nits according to https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_id-2Dinfo_checklist&d=DwICAw&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=vB8Genu4I7nOu9B7lKz5mWWYCBuuHwmgn0HIzePAk6Q&s=_seSaCKfzxYeb3b1tfX2RqUk7CKbOsRr3pRVJrQ8lEc&e= :
    >   --------------------------------------------------------------------
    --------
    >
    >   ** There is 1 instance of too long lines in the document, the
    longest one
    >      being 1 character in excess of 72.
    >
    > Kent: this isn't a big deal IMO, but if it's easy to fix, it saves the
    RFC editor a step later on.
    >
    >
    >   Miscellaneous warnings:
    >   --------------------------------------------------------------------
    --------
    >
    >   == Line 352 has weird spacing: '...gorithm    ide...'
    >
    > Kent: this is fine.  it is in a tree diagram.
    >
    >
    >   == The document seems to lack the recommended RFC 2119 boilerplate,
    even if
    >      it appears to use RFC 2119 keywords -- however, there's a
    paragraph with
    >      a matching beginning. Boilerplate error?
    >
    >      (The document does seem to have the reference to RFC 2119 which
    the
    >      ID-Checklist requires).
    >
    > Kent: I can't find the error.  Looking at the xml, it is verbatim what
    I have in the zerotouch draft.  my guess is that this is a tooling error
    and we should ignore it.
    >
    >
    >   -- The document date (January 12, 2018) is 4 days in the past.  Is
    this
    >      intentional?
    >
    > Kent: this is fine, it is intentional.
    >
    >
    >   Checking references for intended status: Proposed Standard
    >   --------------------------------------------------------------------
    --------
    >
    >      (See RFCs 3967 and 4897 for information about using normative
    references
    >      to lower-maturity documents in RFCs)
    >
    >   == Unused Reference: 'I-D.ietf-netconf-keystore' is defined on line
    1386,
    >      but no explicit reference was found in the text
    >
    > Kent: looking at the XML, I see that the entire paragraph uses '[' and
    ']' as opposed to <xref .../>.  Please fix this.
    >
    >
    >   == Unused Reference: 'RFC7895' is defined on line 1456, but no
    explicit
    >      reference was found in the text
    >
    > Kent: looking at the XML, I see two instances of an unwanted "/&gt;"
    string.  For instance: <xref target="RFC7895"/>/&gt;  Please fix this.
    >
    >
    >   ** Downref: Normative reference to an Historic RFC: RFC 6587
    >
    > Kent: hmmm, what's going on here?  This YANG module is providing an
    ability to configure the "tcp" transport, even though the IESG made that
    ability historic in 2012 (see IESG Note below).  Searching online, it
    looks like Cisco supports this, but Juniper does not.  What about other
    vendors, is it widely supported?  Was this discussed in the WG?
    Answering my own question, searching my local mailbox, I don't see this
    ever being discussed before, other than Martin questioning if it was a
    good idea in Mar 2016 (no response).  Please start a thread on the list
    to get WG opinion if it's okay for the draft to proceed as is or not.
    Here's the IESG Note from RFC 6587:
    >
    >    IESG Note
    >
    >    The IESG does not recommend implementing or deploying syslog over
    >    plain tcp, which is described in this document, because it lacks
    the
    >    ability to enable strong security [RFC3365].
    >
    >    Implementation of the TLS transport [RFC5425] is recommended so
    that
    >    appropriate security features are available to operators who want
    to
    >    deploy secure syslog.  Similarly, those security features can be
    >    turned off for those who do not want them.
    >
    >
    >
    >
    >
    >      Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment
    (--).
    >
    >      Run idnits with the --verbose option for more detailed
    information about
    >      the items above.
    > ===== END =====
    >
    > Thanks,
    > Kent // shepherd
    >
    >
    >
    > _______________________________________________
    > netmod mailing list
    > netmod@ietf.org
    > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netmod&d=DwICAw&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=vB8Genu4I7nOu9B7lKz5mWWYCBuuHwmgn0HIzePAk6Q&s=CoIDcNyLYh6-N6JmL2uSR2Mm2Uh1kAOOpYP8YDb0mmc&e=

v2.23.0 | Report a Bug | By Email