Re: [Syslog] Notes on TLS transport

Eric Rescorla <ekr@networkresonance.com> Tue, 08 August 2006 01:39 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAGYx-0005Ao-NI; Mon, 07 Aug 2006 21:39:19 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAGYw-00057L-Ha for syslog@ietf.org; Mon, 07 Aug 2006 21:39:18 -0400
Received: from laser.networkresonance.com ([198.144.196.2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GAGYv-0006IM-88 for syslog@ietf.org; Mon, 07 Aug 2006 21:39:18 -0400
Received: from networkresonance.com (raman.networkresonance.com [198.144.196.3]) by laser.networkresonance.com (Postfix) with ESMTP id ED06D222425; Mon, 7 Aug 2006 18:47:16 -0700 (PDT)
To: Miao Fuyou <miaofy@huawei.com>
Subject: Re: [Syslog] Notes on TLS transport
In-reply-to: Your message of "Tue, 08 Aug 2006 09:18:32 +0800." <00f901c6ba88$911440a0$8c0c6f0a@china.huawei.com>
X-Mailer: MH-E 7.4.3; nmh 1.0.4; XEmacs 21.4 (patch 19)
Date: Mon, 07 Aug 2006 18:39:15 -0700
From: Eric Rescorla <ekr@networkresonance.com>
Message-Id: <20060808014716.ED06D222425@laser.networkresonance.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
Cc: syslog@ietf.org
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

Miao Fuyou <miaofy@huawei.com> wrote:

>  
> > 
> > S 5.3:
> >    All Syslog messages MUST be sent as TLS "application data".  There
> >    MAY be multiple Syslog message in the same TLS record.  The
> >    application data is defined with the following ABNF [3] expression:
> > 
> > TLS's abstraction is as a stream, so this isn't really the business
> > of htis spec.
> > 
> 
> I agree to Eric's opinion. If syslog procotol has a mechanism to delimit
> message, we will never need to address same issue across different
> documents: syslog-tls, syslog-ssh, or syslog-tcp etc (perhaps with different
> mechanisms). 

Note, though, that you do need a mapping from syslog to DTLS
because it's packetized. Same as you need a mapping from syslog
to UDP.

-Ekr

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog