Re: [Syslog] stream transport was draft-ietf-syslog-transport-tls-01.txt
"Tom Petch" <nwnetworks@dial.pipex.com> Fri, 16 June 2006 09:25 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrAZk-0005Uq-AX; Fri, 16 Jun 2006 05:25:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrAZj-0005Ug-Fn for syslog@ietf.org; Fri, 16 Jun 2006 05:25:11 -0400
Received: from galaxy.systems.pipex.net ([62.241.162.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FrAZi-0006cu-1s for syslog@ietf.org; Fri, 16 Jun 2006 05:25:11 -0400
Received: from pc6 (1Cust160.tnt30.lnd3.gbr.da.uu.net [62.188.122.160]) by galaxy.systems.pipex.net (Postfix) with SMTP id CA339E0006B4; Fri, 16 Jun 2006 10:25:06 +0100 (BST)
Message-ID: <002d01c6911d$d8cc8900$0601a8c0@pc6>
From: Tom Petch <nwnetworks@dial.pipex.com>
To: syslog@ietf.org
References: <019001c67374$8d1a27e0$0400a8c0@china.huawei.com>
Subject: Re: [Syslog] stream transport was draft-ietf-syslog-transport-tls-01.txt
Date: Fri, 16 Jun 2006 10:12:35 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc:
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Tom Petch <nwnetworks@dial.pipex.com>
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org
I think that this document has some way to go. It has introduced, and woven together, both TLS and TCP transport, which I think wrong. Ideally, I think that we should have two separate documents, one dealing with TLS, the other with TCP issues; given that both would be short, it is probably sensible to have only the one, but I still see the need for separation within the document. After all, DTLS exists: an outsider could, should, think that syslog is UDP-based, DTLS provides UDP security so DTLS is the obvious choice, what on earth is this document talking about? We need a section on DTLS (if only justifying why it is not for further consideration). And, for me, that alone justifies teasing out the TLS issues from the TCP issues; is FRAME-LEN needed over DTLS?. That said, I do not think that this document adequately covers the TCP issues, ones that have surfaced on the list before. TLSoTCP can deliver one syslog message, many syslog messages, part of a syslog message or a combination thereof - it is in the nature of a stream protocol. This needs spelling out. A TCP connection takes time to set up, TLSoTCP longer. This needs spelling out; if timely delivery is a concern, then the connection should be established in advance. The section on TCP termination is too weak. If we are recommending a timeout, then we should recommend a value, even specifying that it should be configurable over a range. And if we cannot agree on such values, I do not think we should be specifying a timeout. TCP perforce introduces flow control. This will slow down and rate limit messages; what is the impact of this on the application? TCP failures can terminate the connection! Again, this has an impact on the application with the time taken to become aware that the connection has failed. Tom Petch ----- Original Message ----- From: "David B Harrington" <dbharrington@comcast.net> To: <syslog@ietf.org> Sent: Tuesday, May 09, 2006 4:26 PM Subject: [Syslog] draft-ietf-syslog-transport-tls-01.txt Hi, A new revision of the syslog/TLS draft is available. http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01 .txt We need reviewers. Can we get 1) a person to check the grammar? 2) a person to check the syslog technical parts? 3) a person to check compatibility with the other WG documents? 4) a person to check the TLS technical parts? We also need general reviews of the document by multiple people. Thanks, David Harrington co-chair, Syslog WG ietfdbh@comcast.net _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog __________________________________________a.uu.net [62.188.122.160]) by galaxy.systems.pipex.net (Postfix) with SMTP id CA339E0006B4; Fri, 16 Jun 2006 10:25:06 +0100 (BST) Message-ID: <002d01c6911d$d8cc8900$0601a8c0@pc6> From: "Tom Petch" <nwnetworks@dial.pipex.com> To: <syslog@ietf.org> References: <019001c67374$8d1a27e0$0400a8c0@china.huawei.com> Subject: Re: [Syslog] stream transport was draft-ietf-syslog-transport-tls-01.txt Date: Fri, 16 Jun 2006 10:12:35 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 0.0 (/) X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c Cc: X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Tom Petch <nwnetworks@dial.pipex.com> List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org> List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe> List-Archive: <http://www1.ietf.org/pipermail/syslog> List-Post: <mailto:syslog@lists.ietf.org> List-Help: <mailto:syslog-request@lists.ietf.org?subject=help> List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe> Errors-To: syslog-bounces@lists.ietf.org I think that this document has some way to go. It has introduced, and woven together, both TLS and TCP transport, which I think wrong. Ideally, I think that we should have two separate documents, one dealing with TLS, the other with TCP issues; given that both would be short, it is probably sensible to have only the one, but I still see the need for separation within the document. After all, DTLS exists: an outsider could, should, think that syslog is UDP-based, DTLS provides UDP security so DTLS is the obvious choice, what on earth is this document talking about? We need a section on DTLS (if only justifying why it is not for further consideration). And, for me, that alone justifies teasing out the TLS issues from the TCP issues; is FRAME-LEN needed over DTLS?. That said, I do not think that this document adequately covers the TCP issues, ones that have surfaced on the list before. TLSoTCP can deliver one syslog message, many syslog messages, part of a syslog message or a combination thereof - it is in the nature of a stream protocol. This needs spelling out. A TCP connection takes time to set up, TLSoTCP longer. This needs spelling out; if timely delivery is a concern, then the connection should be established in advance. The section on TCP termination is too weak. If we are recommending a timeout, then we should recommend a value, even specifying that it should be configurable over a range. And if we cannot agree on such values, I do not think we should be specifying a timeout. TCP perforce introduces flow control. This will slow down and rate limit messages; what is the impact of this on the application? TCP failures can terminate the connection! Again, this has an impact on the application with the time taken to become aware that the connection has failed. Tom Petch ----- Original Message ----- From: "David B Harrington" <dbharrington@comcast.net> To: <syslog@ietf.org> Sent: Tuesday, May 09, 2006 4:26 PM Subject: [Syslog] draft-ietf-syslog-transport-tls-01.txt Hi, A new revision of the syslog/TLS draft is available. http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01 .txt We need reviewers. Can we get 1) a person to check the grammar? 2) a person to check the syslog technical parts? 3) a person to check compatibility with the other WG documents? 4) a person to check the TLS technical parts? We also need general reviews of the document by multiple people. Thanks, David Harrington co-chair, Syslog WG ietfdbh@comcast.net _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog _____ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
- [Syslog] draft-ietf-syslog-transport-tls-01.txt David B Harrington
- RE: [Syslog] draft-ietf-syslog-transport-tls-01.t… Rainer Gerhards
- Re: [Syslog] stream transport was draft-ietf-sysl… Tom Petch
- Re: [Syslog] ciphersuites was draft-ietf-syslog-t… Tom Petch
- RE: [Syslog] ciphersuites was draft-ietf-syslog-t… Miao Fuyou
- RE: [Syslog] stream transport wasdraft-ietf-syslo… Miao Fuyou
- Re: [Syslog] stream transport wasdraft-ietf-syslo… Darren J Moffat
- RE: [Syslog] stream transportwasdraft-ietf-syslog… Rainer Gerhards
- Re: [Syslog] delineated datagrams was draft-ietf-… Tom Petch
- [Syslog] stream transport David Harrington
- RE: [Syslog] delineated datagrams wasdraft-ietf-s… Miao Fuyou
- RE: [Syslog] delineated datagramswasdraft-ietf-sy… Rainer Gerhards
- RE: [Syslog] delineated datagrams Miao Fuyou
- RE: [Syslog] delineated datagrams Chris Lonvick
- RE: [Syslog] delineated datagrams Rainer Gerhards
- RE: [Syslog] delineated datagrams David Harrington
- RE: [Syslog] delineated datagrams Balazs Scheidler
- RE: [Syslog] delineated datagrams John Calcote
- RE: [Syslog] delineated datagrams Balazs Scheidler
- RE: [Syslog] delineated datagrams John Calcote
- RE: [Syslog] delineated datagrams Rainer Gerhards
- RE: [Syslog] delineated datagrams Balazs Scheidler
- RE: [Syslog] delineated datagrams Rainer Gerhards
- Re: [Syslog] delineated datagrams Chris Lonvick
- RE: [Syslog] delineated datagrams Rainer Gerhards
- RE: [Syslog] delineated datagrams David Harrington