RE: [Syslog] stream transportwasdraft-ietf-syslog-transport-tls-01.txt
"Rainer Gerhards" <rgerhards@hq.adiscon.com> Fri, 16 June 2006 09:35 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrAjZ-000333-S8; Fri, 16 Jun 2006 05:35:21 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrAjY-00031i-KP for syslog@ietf.org; Fri, 16 Jun 2006 05:35:20 -0400
Received: from hetzner.adiscon.com ([85.10.201.79]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FrAjX-0007QD-3B for syslog@ietf.org; Fri, 16 Jun 2006 05:35:20 -0400
Received: from localhost (localhost [127.0.0.1]) by hetzner.adiscon.com (Postfix) with ESMTP id 6FB5D27C065; Fri, 16 Jun 2006 11:32:11 +0200 (CEST)
Received: from hetzner.adiscon.com ([127.0.0.1]) by localhost (hetzner [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01904-10; Fri, 16 Jun 2006 11:32:11 +0200 (CEST)
Received: from fmint2.intern.adiscon.com (pd95b68d5.dip0.t-ipconnect.de [217.91.104.213]) by hetzner.adiscon.com (Postfix) with ESMTP id 1DA5227C061; Fri, 16 Jun 2006 11:32:11 +0200 (CEST)
Received: from grfint2.intern.adiscon.com ([172.19.0.6]) by fmint2.intern.adiscon.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 16 Jun 2006 11:35:17 +0200
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Syslog] stream transportwasdraft-ietf-syslog-transport-tls-01.txt
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Fri, 16 Jun 2006 11:35:17 +0200
Message-ID: <577465F99B41C842AAFBE9ED71E70ABA17491B@grfint2.intern.adiscon.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] stream transportwasdraft-ietf-syslog-transport-tls-01.txt
thread-index: AcaRJs1uX145nDUdSsmUw45RzaxolAAADcCQAAA/5sA=
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: Tom Petch <nwnetworks@dial.pipex.com>, syslog@ietf.org
X-OriginalArrivalTime: 16 Jun 2006 09:35:17.0632 (UTC) FILETIME=[2D986800:01C69128]
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at adiscon.com
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 22bbb45ef41b733eb2d03ee71ece8243
Cc:
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org
Oh... and, yes, there is prior Art: This spec was openly discussed some years ago on the loganalysis mailing list. While the text itself can not be used nowadays, I think it conveys many things that need to be considered. http://www.monitorware.com/en/workinprogress/selp.txt Rainer > -----Original Message----- > From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com] > Sent: Friday, June 16, 2006 11:28 AM > To: Tom Petch; syslog@ietf.org > Subject: RE: [Syslog] stream > transportwasdraft-ietf-syslog-transport-tls-01.txt > > I agree with Tom that a TCP document would be useful and probably > needed. Before someone from Huawei comes along and tries to > patent this, > too, I volunteer to write this document... > > Rainer > > > -----Original Message----- > > From: Tom Petch [mailto:nwnetworks@dial.pipex.com] > > Sent: Friday, June 16, 2006 10:13 AM > > To: syslog@ietf.org > > Subject: Re: [Syslog] stream transport > > wasdraft-ietf-syslog-transport-tls-01.txt > > > > I think that this document has some way to go. It has > > introduced, and woven > > together, both TLS and TCP transport, which I think wrong. > > Ideally, I think > > that we should have two separate documents, one dealing with > > TLS, the other with > > TCP issues; given that both would be short, it is probably > > sensible to have only > > the one, but I still see the need for separation within the > > document. After > > all, DTLS exists: an outsider could, should, think that > > syslog is UDP-based, > > DTLS provides UDP security so DTLS is the obvious choice, > > what on earth is this > > document talking about? We need a section on DTLS (if only > > justifying why it is > > not for further consideration). And, for me, that alone > > justifies teasing out > > the TLS issues from the TCP issues; is FRAME-LEN needed over DTLS?. > > > > That said, I do not think that this document adequately > > covers the TCP issues, > > ones that have surfaced on the list before. > > > > TLSoTCP can deliver one syslog message, many syslog messages, > > part of a syslog > > message or a combination thereof - it is in the nature of a > > stream protocol. > > This needs spelling out. > > > > A TCP connection takes time to set up, TLSoTCP longer. This > > needs spelling out; > > if timely delivery is a concern, then the connection should > > be established in > > advance. > > > > The section on TCP termination is too weak. If we are > > recommending a timeout, > > then we should recommend a value, even specifying that it > > should be configurable > > over a range. And if we cannot agree on such values, I do > > not think we should > > be specifying a timeout. > > > > TCP perforce introduces flow control. This will slow down > > and rate limit > > messages; what is the impact of this on the application? > > > > TCP failures can terminate the connection! Again, this has > > an impact on the > > application with the time taken to become aware that the > > connection has failed. > > > > Tom Petch > > > > ----- Original Message ----- > > From: "David B Harrington" <dbharrington@comcast.net> > > To: <syslog@ietf.org> > > Sent: Tuesday, May 09, 2006 4:26 PM > > Subject: [Syslog] draft-ietf-syslog-transport-tls-01.txt > > > > > > Hi, > > > > A new revision of the syslog/TLS draft is available. > > > http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01 > > .txt > > > > We need reviewers. > > Can we get > > 1) a person to check the grammar? > > 2) a person to check the syslog technical parts? > > 3) a person to check compatibility with the other WG documents? > > 4) a person to check the TLS technical parts? > > > > We also need general reviews of the document by multiple people. > > > > Thanks, > > David Harrington > > co-chair, Syslog WG > > ietfdbh@comcast.net > > _______________________________________________ > > Syslog mailing list > > Syslog@lists.ietf.org > > https://www1.ietf.org/mailman/listinfo/syslog > > > > > > _______________________________________________ > > Syslog mailing list > > Syslog@lists.ietf.org > > https://www1.ietf.org/mailman/listinfo/syslog > > > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
- RE: [Syslog] stream transportwasdraft-ietf-syslog… Rainer Gerhards
- RE: [Syslog] stream transportwasdraft-ietf-syslog… Anton Okmianski (aokmians)
- RE: [Syslog] stream transportwasdraft-ietf-syslog… Rainer Gerhards