Re: [Syslog] stream transport was draft-ietf-syslog-transport-tls-01.txt

"Tom Petch" <nwnetworks@dial.pipex.com> Fri, 16 June 2006 09:25 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrAZk-0005Uq-AX; Fri, 16 Jun 2006 05:25:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrAZj-0005Ug-Fn for syslog@ietf.org; Fri, 16 Jun 2006 05:25:11 -0400
Received: from galaxy.systems.pipex.net ([62.241.162.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FrAZi-0006cu-1s for syslog@ietf.org; Fri, 16 Jun 2006 05:25:11 -0400
Received: from pc6 (1Cust160.tnt30.lnd3.gbr.da.uu.net [62.188.122.160]) by galaxy.systems.pipex.net (Postfix) with SMTP id CA339E0006B4; Fri, 16 Jun 2006 10:25:06 +0100 (BST)
Message-ID: <002d01c6911d$d8cc8900$0601a8c0@pc6>
From: "Tom Petch" <nwnetworks@dial.pipex.com>
To: <syslog@ietf.org>
References: <019001c67374$8d1a27e0$0400a8c0@china.huawei.com>
Subject: Re: [Syslog] stream transport was draft-ietf-syslog-transport-tls-01.txt
Date: Fri, 16 Jun 2006 10:12:35 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc:
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Tom Petch <nwnetworks@dial.pipex.com>
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

I think that this document has some way to go.  It has introduced, and woven
together, both TLS and TCP transport, which I think wrong.  Ideally, I think
that we should have two separate documents, one dealing with TLS, the other with
TCP issues; given that both would be short, it is probably sensible to have only
the one, but I still see the need for separation within the document.  After
all, DTLS exists: an outsider could, should, think that syslog is UDP-based,
DTLS provides UDP security so DTLS is the obvious choice, what on earth is this
document talking about?  We need a section on DTLS (if only justifying why it is
not for further consideration).  And, for me, that alone justifies teasing out
the TLS issues from the TCP issues; is FRAME-LEN needed over DTLS?.

That said, I do not think that this document adequately covers the TCP issues,
ones that have surfaced on the list before.

TLSoTCP can deliver one syslog message, many syslog messages, part of a syslog
message or a combination thereof - it is in the nature of a stream protocol.
This needs spelling out.

A TCP connection takes time to set up, TLSoTCP longer.  This needs spelling out;
if timely delivery is a concern, then the connection should be established in
advance.

The section on TCP termination is too weak.  If we are recommending a timeout,
then we should recommend a value, even specifying that it should be configurable
over a range.  And if we cannot agree on such values, I do not think we should
be specifying a timeout.

TCP perforce introduces flow control.  This will slow down and rate limit
messages; what is the impact of this on the application?

TCP failures can terminate the connection!  Again, this has an impact on the
application with the time taken to become aware that the connection has failed.

Tom Petch

----- Original Message -----
From: "David B Harrington" <dbharrington@comcast.net>
To: <syslog@ietf.org>
Sent: Tuesday, May 09, 2006 4:26 PM
Subject: [Syslog] draft-ietf-syslog-transport-tls-01.txt


Hi,

A new revision of the syslog/TLS draft is available.
http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01
.txt

We need reviewers.
Can we get
1) a person to check the grammar?
2) a person to check the syslog technical parts?
3) a person to check compatibility with the other WG documents?
4) a person to check the TLS technical parts?

We also need general reviews of the document by multiple people.

Thanks,
David Harrington
co-chair, Syslog WG
ietfdbh@comcast.net
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog


__________________________________________a.uu.net [62.188.122.160])
	by galaxy.systems.pipex.net (Postfix) with SMTP id CA339E0006B4;
	Fri, 16 Jun 2006 10:25:06 +0100 (BST)
Message-ID: <002d01c6911d$d8cc8900$0601a8c0@pc6>
From: "Tom Petch" <nwnetworks@dial.pipex.com>
To: <syslog@ietf.org>
References: <019001c67374$8d1a27e0$0400a8c0@china.huawei.com>
Subject: Re: [Syslog] stream transport was
	draft-ietf-syslog-transport-tls-01.txt
Date: Fri, 16 Jun 2006 10:12:35 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: 
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Tom Petch <nwnetworks@dial.pipex.com>
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>,
	<mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>,
	<mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

I think that this document has some way to go.  It has introduced, and woven
together, both TLS and TCP transport, which I think wrong.  Ideally, I think
that we should have two separate documents, one dealing with TLS, the other with
TCP issues; given that both would be short, it is probably sensible to have only
the one, but I still see the need for separation within the document.  After
all, DTLS exists: an outsider could, should, think that syslog is UDP-based,
DTLS provides UDP security so DTLS is the obvious choice, what on earth is this
document talking about?  We need a section on DTLS (if only justifying why it is
not for further consideration).  And, for me, that alone justifies teasing out
the TLS issues from the TCP issues; is FRAME-LEN needed over DTLS?.

That said, I do not think that this document adequately covers the TCP issues,
ones that have surfaced on the list before.

TLSoTCP can deliver one syslog message, many syslog messages, part of a syslog
message or a combination thereof - it is in the nature of a stream protocol.
This needs spelling out.

A TCP connection takes time to set up, TLSoTCP longer.  This needs spelling out;
if timely delivery is a concern, then the connection should be established in
advance.

The section on TCP termination is too weak.  If we are recommending a timeout,
then we should recommend a value, even specifying that it should be configurable
over a range.  And if we cannot agree on such values, I do not think we should
be specifying a timeout.

TCP perforce introduces flow control.  This will slow down and rate limit
messages; what is the impact of this on the application?

TCP failures can terminate the connection!  Again, this has an impact on the
application with the time taken to become aware that the connection has failed.

Tom Petch

----- Original Message -----
From: "David B Harrington" <dbharrington@comcast.net>
To: <syslog@ietf.org>
Sent: Tuesday, May 09, 2006 4:26 PM
Subject: [Syslog] draft-ietf-syslog-transport-tls-01.txt


Hi,

A new revision of the syslog/TLS draft is available.
http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01
.txt

We need reviewers.
Can we get
1) a person to check the grammar?
2) a person to check the syslog technical parts?
3) a person to check compatibility with the other WG documents?
4) a person to check the TLS technical parts?

We also need general reviews of the document by multiple people.

Thanks,
David Harrington
co-chair, Syslog WG
ietfdbh@comcast.net
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog


_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog



_____
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog