Re: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls
<Pasi.Eronen@nokia.com> Tue, 25 May 2010 10:54 UTC
Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B1D63A7044 for <syslog@core3.amsl.com>; Tue, 25 May 2010 03:54:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.738
X-Spam-Level:
X-Spam-Status: No, score=-5.738 tagged_above=-999 required=5 tests=[AWL=0.261, BAYES_00=-2.599, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nfsokZLKUDqj for <syslog@core3.amsl.com>; Tue, 25 May 2010 03:54:48 -0700 (PDT)
Received: from mgw-mx03.nokia.com (smtp.nokia.com [192.100.122.230]) by core3.amsl.com (Postfix) with ESMTP id 259C23A705A for <syslog@ietf.org>; Tue, 25 May 2010 03:54:47 -0700 (PDT)
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-mx03.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id o4PAsCil026962; Tue, 25 May 2010 13:54:34 +0300
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 25 May 2010 13:53:43 +0300
Received: from smtp.mgd.nokia.com ([65.54.30.5]) by esebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 25 May 2010 13:53:43 +0300
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.106]) by nok-am1mhub-01.mgdnok.nokia.com ([65.54.30.5]) with mapi; Tue, 25 May 2010 12:53:43 +0200
From: Pasi.Eronen@nokia.com
To: ietfc@btconnect.com, turners@ieca.com
Date: Tue, 25 May 2010 12:53:42 +0200
Thread-Topic: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls
Thread-Index: Acr79hJa9wBDkSu1RLaOgW8JblkkpgAAWRwo
Message-ID: <808FD6E27AD4884E94820BC333B2DB775BC0E09529@NOK-EUMSG-01.mgdnok.nokia.com>
References: <20100511182040.16429@web6.nyc1.bluetie.com><01c701caf904$d1662c40$4001a8c0@gateway.2wire.net>, <4BF7F544.70004@ieca.com> <808FD6E27AD4884E94820BC333B2DB775BC0E09522@NOK-EUMSG-01.mgdnok.nokia.com>, <000b01cafbed$37c29380$4001a8c0@gateway.2wire.net>
In-Reply-To: <000b01cafbed$37c29380$4001a8c0@gateway.2wire.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 25 May 2010 10:53:43.0923 (UTC) FILETIME=[8B31AC30:01CAFBF8]
X-Nokia-AV: Clean
Cc: syslog@ietf.org
Subject: Re: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2010 10:54:49 -0000
RFC 4346 (from which this text comes from) mostly did not use RFC2119 keywords, but instead informal language like the lowercase "should not" you quoted. AFAIK it was meant to express a strict limit, not a recommendation (this is implied by other text in the spec, and as you noticed, we clarified this in RFC 5246). But even though DTLS records are limited to 2^14 bytes, syslog messages are not! The current spec seems to support 64K (minus some small number of overhead) just fine -- the message will be split to multiple DTLS records (max. 2^14 bytes each), but those DTLS records are then combined to a single UDP datagram. Best regards, Pasi ________________________________________ From: ext t.petch [ietfc@btconnect.com] Sent: Tuesday, May 25, 2010 12:31 PM To: Eronen Pasi (Nokia-NRC/Helsinki); turners@ieca.com Cc: syslog@ietf.org Subject: Re: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls ---- Original Message ----- From: <Pasi.Eronen@nokia.com> To: <turners@ieca.com>; <ietfc@btconnect.com> Cc: <syslog@ietf.org> Sent: Monday, May 24, 2010 9:54 AM I haven't followed this discussion in detail, but it looks like there's some confusion about the basic "units" of transmission. As far as I can tell, we have four different layers: - a syslog message (SYSLOG-FRAME in ABNF) - a DTLS record - a UDP datagram - an IP packet As noted in Section 5.4, "It is possible that multiple syslog messages be contained in one DTLS record, or that a syslog message be transferred in multiple DTLS records." The maximum size of a single DTLS record is 2^14 bytes (this limit comes from TLS). <tp> Where?:-) TLS provides fragmentation and says that "length MUST NOT exceed 2^14." [RFC5246 s6.2.1] so that the upper layers can send larger messages which TLS then fragments for them. DTLS provides fragmentation for handshake messages [RFC4347 s3.2.3] but not for the record layer; rather it says, " As in TLS 1.1, the length should not exceed 2^14." should not, no MUST NOT as in [RFC5246] (and draft-ietf-tls-rfc4347-bis has the same text) So while 65535 byte messages are not generally acceptable, where the users know their network and its MTU, then we should let them do what they know best. I see the main use of syslog in switched Enterprise LAN where large MTU are a commonplace. Tom Petch </tp> One DTLS record must fit in one UDP datagram, but one UDP datagram can contain more than one DTLS record. The maximum size of UDP datagram is 64K (this limit comes from UDP), but it can be fragmented to multiple IP packets as needed. There's one additional restriction that I'm not sure is really mentioned anywhere: A single syslog message has to fit in a single UDP datagram. So while it can be split to multiple DTLS records, all those records have to be in a single UDP datagram (so the syslog layer does not reassemble syslog message pieces from multiple UDP datagrams -- SYSLOG-FRAME does not have sufficient information to do this anyway). In addition to the "hard" size limits (coming from DTLS and UDP), we probably need a recommendation saying that it's better if you can avoid IP fragmentation -- but this is precisely the same as normal syslog-over-UDP (minus the small overhead from DTLS). Best regards, Pasi ______________________________________ From: syslog-bounces@ietf.org [syslog-bounces@ietf.org] On Behalf Of ext Sean Turner [turners@ieca.com] Sent: Saturday, May 22, 2010 6:16 PM To: t.petch Cc: syslog Subject: Re: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls t.petch wrote: > I see that this I-D had entered 'Revised I-D needed' which I would like to > progress. > > I see several comments about maximum record size, including a suggestion that we > should make the 'SHOULD NOT' a 'MUST NOT' exceed 2**14. > > I am dead set against this change. We had a clear requirment, early on, to > allow 65k messages, and I think it wrong to MUST NOT that requirement. The text > in the other I-Ds is a compromise to strke a balance between this and having > everything fit in 576 byte; I think we have the balance right. Tom, My response to Alexey was that this I-D borrows that particular requirement from RFC4347 and that this I-D shouldn't be upping the requirement. If it's okay with you, I'll forward him your response. The way I read his comment was that he's just asking why - he's not really requesting a change. spt _______________________________________________ Syslog mailing list Syslog@ietf.org https://www.ietf.org/mailman/listinfo/syslog=
- [Syslog] AD review comments for draft-ietf-syslog… Sean Turner
- Re: [Syslog] AD review comments for draft-ietf-sy… Chris Lonvick
- Re: [Syslog] AD review comments for draft-ietf-sy… Joseph Salowey (jsalowey)
- Re: [Syslog] AD review comments for draft-ietf-sy… Sean Turner
- Re: [Syslog] AD review comments for draft-ietf-sy… Joseph Salowey (jsalowey)
- Re: [Syslog] AD review comments for draft-ietf-sy… tom.petch
- Re: [Syslog] AD review comments for draft-ietf-sy… Chris Lonvick
- Re: [Syslog] AD review comments for draft-ietf-sy… Sean Turner
- Re: [Syslog] AD review comments for draft-ietf-sy… Tim Evens
- Re: [Syslog] AD review comments for draft-ietf-sy… tom.petch
- Re: [Syslog] AD review comments for draft-ietf-sy… Tim Evens
- [Syslog] AD review discuss/comments for draft-iet… t.petch
- Re: [Syslog] AD review discuss/comments for draft… Rainer Gerhards
- Re: [Syslog] AD review discuss/comments for draft… Sean Turner
- Re: [Syslog] AD review discuss/comments for draft… Pasi.Eronen
- Re: [Syslog] AD review discuss/comments for draft… robert.horn
- Re: [Syslog] AD review discuss/comments for draft… t.petch
- Re: [Syslog] AD review discuss/comments for draft… t.petch
- Re: [Syslog] AD review discuss/comments for draft… Pasi.Eronen
- [Syslog] AD review discuss/comments for draft-iet… t.petch