[Syslog] Antw: [EXT] Re: [Technical Errata Reported] RFC5424 (6927)
Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Mon, 11 April 2022 06:41 UTC
Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: syslog@ietfa.amsl.com
Delivered-To: syslog@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEAB93A1C49 for <syslog@ietfa.amsl.com>; Sun, 10 Apr 2022 23:41:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 87NzNIwhsotC for <syslog@ietfa.amsl.com>; Sun, 10 Apr 2022 23:41:50 -0700 (PDT)
Received: from mx2.uni-regensburg.de (mx2.uni-regensburg.de [194.94.157.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5EDC3A1C45 for <syslog@ietf.org>; Sun, 10 Apr 2022 23:41:49 -0700 (PDT)
Received: from mx2.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 15EFC6000051 for <syslog@ietf.org>; Mon, 11 Apr 2022 08:41:46 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx2.uni-regensburg.de (Postfix) with ESMTP id E8DCE600004D for <syslog@ietf.org>; Mon, 11 Apr 2022 08:41:45 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Mon, 11 Apr 2022 08:41:44 +0200
Message-Id: <6253CDA7020000A100049466@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.4.0
Date: Mon, 11 Apr 2022 08:41:43 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: rgerhards@adiscon.com, rdd@cert.org, clonvick@cisco.com, ietfdbh@comcast.net, lonvick.ietf@gmail.com, kaduk@mit.edu, rfc-editor@rfc-editor.org
Cc: syslog@ietf.org
References: <20220407101253.6A43E6AAD0@rfcpa.amsl.com> <610cdd1b-92e6-e8c4-5e3b-448adc78a660@gmail.com>
In-Reply-To: <610cdd1b-92e6-e8c4-5e3b-448adc78a660@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/syslog/0K6OB35KNLKkLevccSP-Qbf3iLQ>
Subject: [Syslog] Antw: [EXT] Re: [Technical Errata Reported] RFC5424 (6927)
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/syslog/>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2022 06:41:56 -0000
>>> Chris Lonvick <lonvick.ietf@gmail.com> schrieb am 10.04.2022 um 21:10 in Nachricht <610cdd1b-92e6-e8c4-5e3b-448adc78a660@gmail.com>: > Hi Ulrich, > > I suggest rejecting this errata. > > First, changing PRINTASCII to %d32-126 would allow SP characters in > HOSTNAME, APP-NAME, PROCID, and MSGID, which goes against conventions. Hi! at least it's quite confusing as "isprint()" in C is defines as "checks for any printable character including space." The PRINTASCII in the RFC is rather C's isgraph() (checks for any printable character except space). So why when PRINTASCII does NOT include SP is the RFC saying:? SD-NAME = 1*32PRINTUSASCII ; except ’=’, SP, ’]’, %d34 (") To be fair the errata should fix the definition of PRINTASCII and say "except SP" in the cases where it's not allowed. For the implementers it does not mean a real change, but it makes the specification less confusing. As an alternative GRAPHASCII corresponding to isgraph() could be added and used where needed. > That can be corrected in the aBNF, but it would then get messy to > "except SP" from each of those. While taling on the grammar: I also think that PARAM-VALUE = UTF-8-STRING ; characters ’"’, ’\’ and ; ’]’ MUST be escaped. is rather vage, because it's not saying that any unescaped character ’"’, ’\’, or ’]’ terminates PRAM-VALUE. Not saying so makes the value parsed depend on the context where PARAM-VALUE is being used (which is a bad idea) > > Second, iirc it was discussed in the WG and we wanted to keep it there > for emphasis. This is depicted several times in the examples. While this > discussion occurred after the RFC was published, I believe it reflects > the consensus of the WG while the document was an ID under discussion: > > https://mailarchive.ietf.org/arch/msg/syslog/_CeLGoDEivIPfsH5on9SbUioU3Y/ Thanks, Regards Ulrich Windl > > Regards, > > Chris > > On 4/7/22 5:12 AM, RFC Errata System wrote: >> The following errata report has been submitted for RFC5424, >> "The Syslog Protocol". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid6927 >> >> -------------------------------------- >> Type: Technical >> Reported by: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> >> >> Section: 6 >> >> Original Text >> ------------- >> SD-NAME = 1*32PRINTUSASCII >> ; except '=', SP, ']', %d34 (") >> ... >> >> PRINTUSASCII = %d33-126 >> >> Corrected Text >> -------------- >> SD-NAME = 1*32PRINTUSASCII >> ; except '=', SP, ']', %d34 (") >> ... >> PRINTUSASCII = %d32-126 >> >> Notes >> ----- >> When excluding SP %d32 from PRINTUSASCII, then it does not make sense to > state "except ..SP .." >> There are more issues with the grammar: >> SD_NAME forbids ']', but it should also forbid '[' >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC5424 (draft-ietf-syslog-protocol-23) >> -------------------------------------- >> Title : The Syslog Protocol >> Publication Date : March 2009 >> Author(s) : R. Gerhards >> Category : PROPOSED STANDARD >> Source : Security Issues in Network Event Logging >> Area : Security >> Stream : IETF >> Verifying Party : IESG >> >> _______________________________________________ >> Syslog mailing list >> Syslog@ietf.org >> https://www.ietf.org/mailman/listinfo/syslog
- [Syslog] [Technical Errata Reported] RFC5424 (692… RFC Errata System
- Re: [Syslog] [Technical Errata Reported] RFC5424 … Chris Lonvick
- [Syslog] Antw: [EXT] Re: [Technical Errata Report… Ulrich Windl