IETF Logo Mail Archive

RE: [Syslog] delineated datagrams

"John Calcote" <jcalcote@novell.com> Tue, 08 August 2006 19:46 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAXWu-00009O-BD; Tue, 08 Aug 2006 15:46:20 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAXWt-00009C-95 for syslog@ietf.org; Tue, 08 Aug 2006 15:46:19 -0400
Received: from sinclair.provo.novell.com ([137.65.81.169]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GAXWs-0001SP-Re for syslog@ietf.org; Tue, 08 Aug 2006 15:46:19 -0400
Received: from INET-PRV-MTA by sinclair.provo.novell.com with Novell_GroupWise; Tue, 08 Aug 2006 13:46:18 -0600
Message-Id: <44D89525.37FF.0081.0@novell.com>
X-Mailer: Novell GroupWise Internet Agent 7.0.1
Date: Tue, 08 Aug 2006 13:44:05 -0600
From: John Calcote <jcalcote@novell.com>
To: Chris Lonvick <clonvick@cisco.com>, Miao Fuyou <miaofy@huawei.com>
Subject: RE: [Syslog] delineated datagrams
References: <00f801c6af25$a5423c30$8c0c6f0a@china.huawei.com> <Pine.GSO.4.63.0608040708180.13343@sjc-cde-003.cisco.com>
In-Reply-To: <Pine.GSO.4.63.0608040708180.13343@sjc-cde-003.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e8c5db863102a3ada84e0cd52a81a79e
Cc: syslog@ietf.org, 'Tom Petch' <nwnetworks@dial.pipex.com>
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

Chris,

While I agree with you in principle that both forms of delineation are
nice to have for interop, I _wish_ we could get rid of LF - that so
limits the sort of data that can be sent in the message. My two
cents...

John

>>> Chris Lonvick <clonvick@cisco.com> 8/4/2006 8:13 AM >>>
Hi,

I'd like to get this resolved and put into the next version of the
draft.

Many protocols use byte-counting for framing.
Many protocols use a specific character as a delimiter.
Do we need both?

I think that I've seen notes from Rainer, Tom Petch, and Andrew Ross 
saying that we should only use a special character for both simplicity
of 
design and for interoperability with current syslog/tls
implementations.

Are there other opinions on this?   Please speak up now.

Thanks,
Chris


On Mon, 24 Jul 2006, Miao Fuyou wrote:

>
> Hi, Rainer,
>
> Interop is a compelling reason for protocol design, so I tend to
agree with
> you that it is a feature nice to have. I am wondering whether we
should
> define procedures for frame delineating processing in syslog-tls
draft
> because we have both octect-counter and LF in a record.
>
> Miao
>
>> -----Original Message-----
>> From: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com] 
>> Sent: Friday, July 21, 2006 6:16 PM
>> To: Miao Fuyou; Tom Petch; syslog@ietf.org 
>> Subject: RE: [Syslog] delineated
>> datagramswasdraft-ietf-syslog-transport-tls-01.txt
>>
>> Miao,
>>
>> I agree with your comments. However, using the LF as a record
>> delimited would still allow us to interop with existing
>> syslog/tls implementations. This is my major point. I think
>> it is worth it.
>>
>> Rainer
>>
>>> -----Original Message-----
>>> From: Miao Fuyou [mailto:miaofy@huawei.com] 
>>> Sent: Friday, July 21, 2006 12:00 PM
>>> To: 'Tom Petch'; syslog@ietf.org 
>>> Subject: RE: [Syslog] delineated
>>> datagramswasdraft-ietf-syslog-transport-tls-01.txt
>>>
>>>
>>> TLS uses SHA-1 or MD5 in ciphersuite for message integrity
>>> verification. If bytes lost happens during transferring,
>> the message
>>> will be dropped by TLS.
>>> That is also the cause that we need a security mechanism
>> for Syslog.
>>>
>>> As for error of encoding/decoding, I believe if an application
does
>>> encoding/decoding in a wrong way, you must not expect it do
>> it right
>>> with other mechanism, such as LF.
>>>
>>> Redundancy to improve robustness is  good idea, but I don't
>> think it
>>> applies to this case.
>>>
>>>> -----Original Message-----
>>>> From: Tom Petch [mailto:nwnetworks@dial.pipex.com] 
>>>> Sent: Tuesday, June 20, 2006 8:43 PM
>>>> To: syslog@ietf.org 
>>>> Subject: Re: [Syslog] delineated datagrams
>>>> wasdraft-ietf-syslog-transport-tls-01.txt
>>>>
>>>> I wonder if others share my concern about the lack of
>> robustness in
>>>> the way in which datagrams are delineated in the stream
>> protocol (a
>>>> TCP rather than a TLS issue).
>>>>
>>>> The system works as long as
>>>>  - the frame length is encoded perfectly
>>>>  - the frame length is decoded perfectly
>>>>  - no bytes are inserted or removed in error which is
>> doubtless true
>>>> in some networks, but I would prefer not to
>>> rely on it.
>>>>
>>>> So, when an error occurs, can the Collector/Relay detect it?
>>>> Can the Collector/Relay recover synch?  If not, what does the
>>>> Collector/Relay do?
>>>>
>>>> There is very little redundancy in the definition of
>> frame length,
>>>> and syslog messages have very little structure to help the
>>>> application, so I think that this is an issue we should address.
>>>>
>>>> Tom Petch
>>>>
>>>> ----- Original Message -----
>>>> From: "David B Harrington" <dbharrington@comcast.net>
>>>> To: <syslog@ietf.org>
>>>> Sent: Tuesday, May 09, 2006 4:26 PM
>>>> Subject: [Syslog] draft-ietf-syslog-transport-tls-01.txt
>>>>
>>>>
>>>> Hi,
>>>>
>>>> A new revision of the syslog/TLS draft is available.
>>>>
>>>
>>
http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01

>>>> .txt
>>>>
>>>> We need reviewers.
>>>> Can we get
>>>> 1) a person to check the grammar?
>>>> 2) a person to check the syslog technical parts?
>>>> 3) a person to check compatibility with the other WG documents?
>>>> 4) a person to check the TLS technical parts?
>>>>
>>>> We also need general reviews of the document by multiple people.
>>>>
>>>> Thanks,
>>>> David Harrington
>>>> co-chair, Syslog WG
>>>> ietfdbh@comcast.net 
>>>>
>>>>
>>>> _______________________________________________
>>>> Syslog mailing list
>>>> Syslog@lists.ietf.org 
>>>> https://www1.ietf.org/mailman/listinfo/syslog 
>>>>
>>>>
>>>> _______________________________________________
>>>> Syslog mailing list
>>>> Syslog@lists.ietf.org 
>>>> https://www1.ietf.org/mailman/listinfo/syslog 
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Syslog mailing list
>>> Syslog@lists.ietf.org 
>>> https://www1.ietf.org/mailman/listinfo/syslog 
>>>
>>
>
>
>
> _______________________________________________
> Syslog mailing list
> Syslog@lists.ietf.org 
> https://www1.ietf.org/mailman/listinfo/syslog 
>

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org 
https://www1.ietf.org/mailman/listinfo/syslog

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog

v2.23.0 | Report a Bug | By Email