Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg-pcap and draft-tuexen-opsawg-pcapng
Guy Harris <gharris@sonic.net> Mon, 05 July 2021 01:22 UTC
Return-Path: <gharris@sonic.net>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0EA43A117E; Sun, 4 Jul 2021 18:22:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePXei6gQGP-3; Sun, 4 Jul 2021 18:22:11 -0700 (PDT)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 916E53A11B6; Sun, 4 Jul 2021 18:22:08 -0700 (PDT)
Received: from smtpclient.apple (173-228-4-126.dsl.dynamic.fusionbroadband.com [173.228.4.126]) (authenticated bits=0) by d.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id 1651M6xm027219 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Sun, 4 Jul 2021 18:22:06 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
From: Guy Harris <gharris@sonic.net>
In-Reply-To: <BL3PR11MB568118656EFBB238E0A423CBB8019@BL3PR11MB5681.namprd11.prod.outlook.com>
Date: Sun, 04 Jul 2021 18:22:06 -0700
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "opsawg@ietf.org" <opsawg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <18AF6395-33B1-47C6-ADBE-FED0AC63266A@sonic.net>
References: <162449794730.28597.16572068303470741654@ietfa.amsl.com> <25597.1625012947@localhost> <28704.1625013676@localhost> <BL3PR11MB568118656EFBB238E0A423CBB8019@BL3PR11MB5681.namprd11.prod.outlook.com>
To: "Joe Clarke (jclarke)" <jclarke=40cisco.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
X-Sonic-CAuth: UmFuZG9tSVY/c3gS7dSduwQgnbdjaueikr2cBK75xnuggzH8flwy/rWiYMCqU1N40baNQBHp1a56xWu5lLOJxWNGPc6MJFW+
X-Sonic-ID: C;zj1AaS/d6xG058xNcUAJVA== M;8h5yaS/d6xG058xNcUAJVA==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/3-Q9S9-FOpx41DK9MwykO2799Rc>
Subject: Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg-pcap and draft-tuexen-opsawg-pcapng
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jul 2021 01:22:16 -0000
On Jun 30, 2021, at 12:43 AM, Joe Clarke (jclarke) <jclarke=40cisco.com@dmarc.ietf.org> wrote: > Given how systemd is prone to considerable change, I'd think it would be > best to leave that out. "systemd" is at least two different things. It started out as a replacement for the various versions of the UN*X "init" process in Linux, launching daemons on demand similarly to Darwin's launchd. It then grew into a bigger project providing a bunch of other system daemons, written to assume that the systemd process handled the launching of other daemons. One of the other daemons is journald, which is a syslogd replacement: https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html The "systemd" block in pcapng is called the "systemd Journal Export Block"; it doesn't cover systemd as a whole, it just covers the format that journald uses to export entries from its log file. The description of the export block points to the description of the export format: https://www.freedesktop.org/wiki/Software/systemd/export/ I can't state for certain that this format is intended to be extensible in a compatible fashion, so that it can be *extended* but won't be *incompatibly changed*, but that might end up being the case. Given that the description of the systemd Journal Export Block largely punts the description of the format to the freedesktop.org page about the format, describing only a "wrapper" for a journal entry in the export format, it doesn't bother me *too* much to put it into the spec. By the way, a few registries under https://www.iana.org/protocols that I've looked out have some entries that point to RFCs and other entries that just have an email address for a contact. Do any of those RFCs point to an external specification for most of the information about the item being discussed, similarly to what's the case for the systemd Journal Export Block? Are there any registries that have "less than an RFC and more than a mailto: URL", i.e. that say more than just "ask this person, hopefully they're still around, still have that email address, and still remember what this entry in the registry was all about"? > That said, the pull request language in -03 has > me curious. If someone were to raise a PR against this doc, that would > be outside the IETF process. Is the intent then that this would leave > to a bis or other draft to update this document? And if so, is that > desirable, or would it be better to have this live in GitHub outside of > the IETF process altogether (like the semver spec does)? Is "the server spec" referring to the specifications that draft-claise-semver-00: https://tools.ietf.org/id/draft-claise-semver-00.html is discussing? That sounds as if it's handling the part of the process up to the submission of an I-D, and that the regular I-D -> RFC process takes effect once the spec is submitted as an I-D. That document itself wasn't outside the IETF process, as it was an I-D (now expired), and the prices it described appeared to be for documents that eventually become handled by the IETF process.
- [OPSAWG] adopting draft-gharris-opsawg-pcap and d… Michael Richardson
- Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg… Michael Richardson
- Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg… Joe Clarke (jclarke)
- Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg… Michael Richardson
- Re: [OPSAWG] adopting draft-gharris-opsawg-pcap a… Guy Harris
- Re: [OPSAWG] adopting draft-gharris-opsawg-pcap a… Michael Richardson
- Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg… Guy Harris
- Re: [OPSAWG] adopting draft-gharris-opsawg-pcap a… Guy Harris
- Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg… Randy Bush
- Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg… Michael Richardson
- Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg… tom petch
- Re: [OPSAWG] [Qlog] adopting draft-gharris-opsawg… Michael Richardson