IETF Logo Mail Archive

Re: [Syslog] Some revised text for syslog TLS

Rainer Gerhards <rgerhards@hq.adiscon.com> Wed, 28 May 2008 15:54 UTC

Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C96673A6CA9; Wed, 28 May 2008 08:54:59 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3751F3A6AC7 for <syslog@core3.amsl.com>; Wed, 28 May 2008 08:54:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.237
X-Spam-Level:
X-Spam-Status: No, score=-2.237 tagged_above=-999 required=5 tests=[AWL=-0.238, BAYES_00=-2.599, J_CHICKENPOX_35=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eU3yyvOZk2CF for <syslog@core3.amsl.com>; Wed, 28 May 2008 08:54:55 -0700 (PDT)
Received: from mailin.adiscon.com (hetzner.adiscon.com [85.10.198.18]) by core3.amsl.com (Postfix) with ESMTP id D13BE28C12F for <syslog@ietf.org>; Wed, 28 May 2008 08:50:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailin.adiscon.com (Postfix) with ESMTP id 564E17AD762; Wed, 28 May 2008 17:47:45 +0200 (CEST)
Received: from mailin.adiscon.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ud7tVOKrenN1; Wed, 28 May 2008 17:47:45 +0200 (CEST)
Received: from grfint2.intern.adiscon.com (p50989a7c.dip0.t-ipconnect.de [80.152.154.124]) by mailin.adiscon.com (Postfix) with ESMTP id 1E2C17AD6FB; Wed, 28 May 2008 17:47:45 +0200 (CEST)
Received: from [172.19.2.1] ([172.19.2.1]) by grfint2.intern.adiscon.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 28 May 2008 17:50:26 +0200
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: "tom.petch" <cfinss@dial.pipex.com>
In-Reply-To: <009a01c8c0ca$14fb4f00$0601a8c0@allison>
References: <AC1CFD94F59A264488DC2BEC3E890DE505DFD90C@xmb-sjc-225.amer.cisco.com> <577465F99B41C842AAFBE9ED71E70ABA309093@grfint2.intern.adiscon.com> <007701c8c015$2e530ca0$0601a8c0@allison> <577465F99B41C842AAFBE9ED71E70ABA3090C1@grfint2.intern.adiscon.com> <009a01c8c0ca$14fb4f00$0601a8c0@allison>
Date: Wed, 28 May 2008 17:50:28 +0200
Message-Id: <1211989828.16825.14.camel@rgf9dev.intern.adiscon.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.1 (2.22.1-2.fc9)
X-OriginalArrivalTime: 28 May 2008 15:50:26.0706 (UTC) FILETIME=[8C2A8720:01C8C0DA]
Cc: syslog <syslog@ietf.org>
Subject: Re: [Syslog] Some revised text for syslog TLS
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org

Tom,

On Wed, 2008-05-28 at 15:51 +0200, tom.petch wrote:
> I encounter networks where the devices do not have names, in any meaningful
> manner (perhaps just a default sysName left in by the manufacturer).  Boxes are
> identified by address, layer 2 - MAC - or layer 3 - IP.  What I am resisting is
> the need to allocate and maintain a namespace where none exists at present.
> 
> This use of IP address is independent of what appears in the IP header of the
> packet; here it is serving as an identity for the box not as something to put in
> the source field of the IP header. In theory, if the IP address of the device
> changed, then you could keep the old address as an identity but I think that
> would be too bizarre.
> 
> Tom Petch

I see your point. I always looked from the security perspective, but
that isn't what you are trying to achieve. It is the need not to start
another new name space... OK.

>From the implementors POV, I think ipAddress will bring in another set
of matching rules (you've probably seen my other message on this topic).
I have seen that, for example, I must support IP range matching. It also
looks like I need to do netmask based matching. Of course, all of this
is not rocket science. It may even be already used in other parts of the
same program. I still wonder if we should really require every
implementation to carry all that additional code just to permit this
scenario which, to be honest, seems to be a quite uncommon case.

May it be a good work-around to simply use the reverse DNS ptr names as
the subject alt name?

Rainer

_______________________________________________
Syslog mailing list
Syslog@ietf.org
https://www.ietf.org/mailman/listinfo/syslog

v2.23.0 | Report a Bug | By Email