[Syslog] Review of draft-petch-gerhards-syslog-transport-dtls-01.txt"
fenghongyan <hongyanfeng@huaweisymantec.com> Sat, 11 April 2009 16:19 UTC
Return-Path: <hongyanfeng@huaweisymantec.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A50493A6872 for <syslog@core3.amsl.com>; Sat, 11 Apr 2009 09:19:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.364
X-Spam-Level: *
X-Spam-Status: No, score=1.364 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tb3O1J5b4Y2d for <syslog@core3.amsl.com>; Sat, 11 Apr 2009 09:19:35 -0700 (PDT)
Received: from mta1.huaweisymantec.com (unknown [218.17.155.14]) by core3.amsl.com (Postfix) with ESMTP id B829F3A685F for <syslog@ietf.org>; Sat, 11 Apr 2009 09:19:34 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-disposition: inline
Content-type: text/plain; charset="us-ascii"
Received: from hstml02-in.huaweisymantec.com ([172.26.3.41]) by hstga01-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHY00D6G2Q6VZ60@hstga01-in.huaweisymantec.com> for syslog@ietf.org; Sun, 12 Apr 2009 00:20:32 +0800 (CST)
Received: from huaweisymantec.com ([127.0.0.1]) by hstml02-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHY0002Z2Q4GZ10@hstml02-in.huaweisymantec.com> for syslog@ietf.org; Sun, 12 Apr 2009 00:20:30 +0800 (CST)
Received: from [123.112.60.144] by hstml02-in.huaweisymantec.com (mshttpd) ; Sun, 12 Apr 2009 00:20:28 +0800
From: fenghongyan <hongyanfeng@huaweisymantec.com>
To: syslog@ietf.org
Message-id: <fc1e8c655909.49e133cc@huaweisymantec.com>
Date: Sun, 12 Apr 2009 00:20:28 +0800
X-Mailer: Sun Java(tm) System Messenger Express 6.3-5.02 (built Oct 12 2007; 32bit)
Content-language: zh-CN
X-Accept-Language: zh-CN
Priority: normal
Subject: [Syslog] Review of draft-petch-gerhards-syslog-transport-dtls-01.txt"
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2009 16:19:35 -0000
Hi, I read this proposal "draft-petch-gerhards-syslog-transport-dtls-01", I have some comments on it: Those changes I made in my new version this draft is also need to make, I think. section 1.3 The security discussion is similar as stated in syslog/tls, Pasi recommended simply pointer to syslog/tls would be better. section 1.4 This is covered in syslog/tls; a pointer to that document would work. section 2.1 I don't see if there's a necessary for a syslog server should be a DTLS client. In my understanding, a dtls request is alway initiate by a dtls client, if syslog server being dtls client, how does a server know which client want to connect to it? I think RFC5425 has state authentication in very detail and come up the corresponding security policy. Also, fingerprint is aim to cover the case you discussed in your draft having a certificate url authentication. A pointer to that document would work. section 2.2 I think a udp "registered port number" is required to assign for udp mapping and a sctp "registered port number" is required to assign for sctp mapping respectively. section 2.3 I claimed in my proposal to minimize the operation and security where both syslog/tls and syslog/dtls are supported, why do you need write the commands in your proposal? section 2.6, section 2.8 It is covered in syslog/tls security policy; a pointer to that document would work. Thanks Linda