[Syslog] New syslog/tcp draft available

Chris Lonvick <clonvick@cisco.com> Sun, 30 January 2011 16:57 UTC

Return-Path: <clonvick@cisco.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D602C3A6834 for <syslog@core3.amsl.com>; Sun, 30 Jan 2011 08:57:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.224
X-Spam-Level:
X-Spam-Status: No, score=-110.224 tagged_above=-999 required=5 tests=[AWL=-0.225, BAYES_00=-2.599, J_CHICKENPOX_41=0.6, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yoIDYsSTuy0G for <syslog@core3.amsl.com>; Sun, 30 Jan 2011 08:57:55 -0800 (PST)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 997E03A6802 for <syslog@ietf.org>; Sun, 30 Jan 2011 08:57:55 -0800 (PST)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhIFAFcoRU2rR7Hu/2dsb2JhbACWUgEBjiFznnOaG4VOBIUT
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-6.cisco.com with ESMTP; 30 Jan 2011 17:01:07 +0000
Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id p0UH17wN027982 for <syslog@ietf.org>; Sun, 30 Jan 2011 17:01:07 GMT
Date: Sun, 30 Jan 2011 09:01:07 -0800 (PST)
From: Chris Lonvick <clonvick@cisco.com>
To: syslog@ietf.org
Message-ID: <Pine.GSO.4.63.1101300851310.23155@sjc-cde-011.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: [Syslog] New syslog/tcp draft available
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Jan 2011 16:57:57 -0000

Hi Folks,

We've finally gotten around to revising draft-gerhards-syslog-plain-tcp. 
:-)

This addresses the issues that Tom raised about
- the intro specifically stating what to expect in the body of the text
- a note on the transport security.

For the first, we just sort'a straightened things out with a few edits. 
For the latter, I looked in many places for a list of TCP vulnerabilities 
but couldn't find anything substantial.  The US-CERT had a few 
implementation things and there were a scattering of other things.  In the 
end, I just added a subsection to warn impelemters to look closely before 
writing code.  If anyone has any other suggestions, please let us know.

Thanks,
Chris