IETF Logo Mail Archive

Re: [Syslog] Fw: New Version Notification for draft-chen-syslog-syscinfo-credibility-00.txt

tom petch <ietfc@btconnect.com> Mon, 28 March 2022 11:24 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: syslog@ietfa.amsl.com
Delivered-To: syslog@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 686423A11CB for <syslog@ietfa.amsl.com>; Mon, 28 Mar 2022 04:24:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfz4V1puNYle for <syslog@ietfa.amsl.com>; Mon, 28 Mar 2022 04:24:48 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0716.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::716]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29F693A11EC for <syslog@ietf.org>; Mon, 28 Mar 2022 04:24:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I3XR0dl0NtllbbR3cYPZmXotMPcDu5XHsqq2r/pgfmYxJ6e1mTlk95fjzDDT0kMRu1mjEkmA9ZgQ/73bToNHvw7uReaK71ANBEnRa6cEEgoAWalaxswyb2quZT5f5A3Q5xnVkQlz61NOe660T5C+1gY1Ps9J59AYHtwYaLBUMNLCyzqVlAj41ayewM0SgjG3r0yyxvaOVQ+Frx8xYnBSUBo9d/nYF09pClAJqUeQTQuA3GMl3k0ImWVIfm3takrToMSgnOS2R8M12kBMms9xb/G2tqPMaYaMQU/dVo+kx3QBrT8sj5XP/8iJHGBEYtlDQlqwmqjqpa7RkOtPl522Ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eGFyo8vDF5lCHatJGeg+gXiWAwAR1N2e9Pg4ZG+G5TQ=; b=KdVQKst017Uaw9TC+RMkaQndTrm5KgUpqUo2bpoVJHNcensPlthnY6exmYBLEpSseyUzoeTq7XDSBldBWqRiVgbMEaTnplU0/3KUghd/czzFVt+O4dipHZUhi1AdilzH08l7PKtD/iG4o5SOkZBqAXOaw9xjut+bcQ/JKqSdoO00cRDXUVE70Zw4vYiIPGsBa7ojpXg8Hqrb+4ZHuKSVieUtJq8V6WeigFBDl/kzBbApk9LFfF35YNJnl62nppTf6YePERiodPxwB8vpD6ywIvXbjbIIsW5v9FLOlwwXItcFXJye10ItluPYNykoJKDFPpLA7lRN28XJq0kKRgw/7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eGFyo8vDF5lCHatJGeg+gXiWAwAR1N2e9Pg4ZG+G5TQ=; b=cPYTZswMQEWIfAqanYaVjyB+9hH5c9iulimOSYjFU+/ns0vibcMnq4Bo/InpBHTRvjh+gzv+4mRU7dmttJ6f/z9bk9mVRLdXuI1CXbH9J/slQcEuKbQsMciqcCxOi0EFp5zvqFwij52MYhOnBeCHaI/mV8DxSki+qC3So0WmiOw=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by AM6PR07MB4965.eurprd07.prod.outlook.com (2603:10a6:20b:3e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.15; Mon, 28 Mar 2022 11:24:43 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::b1c5:beb7:ddbf:b358]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::b1c5:beb7:ddbf:b358%9]) with mapi id 15.20.5123.015; Mon, 28 Mar 2022 11:24:43 +0000
From: tom petch <ietfc@btconnect.com>
To: Meiling Chen <chenmeiling@chinamobile.com>, syslog <syslog@ietf.org>
CC: suli <suli@chinamobile.com>
Thread-Topic: [Syslog] Fw: New Version Notification for draft-chen-syslog-syscinfo-credibility-00.txt
Thread-Index: AQHYOA+gUhgSSaJoVUGwCPpxRUFDPazUvDSq
Date: Mon, 28 Mar 2022 11:24:43 +0000
Message-ID: <AM7PR07MB6248D022F8ADE9F1652C7622A01D9@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <2022031509525088032316@chinamobile.com>
In-Reply-To: <2022031509525088032316@chinamobile.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 911eeba2-fa18-6d0b-8f46-19ac468044cd
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a0fb6f36-6017-4855-fdf9-08da10ad8e93
x-ms-traffictypediagnostic: AM6PR07MB4965:EE_
x-microsoft-antispam-prvs: <AM6PR07MB49652273055E826B016951AEA01D9@AM6PR07MB4965.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iJCCZKp+L3FtpKvQo90PiOBIA+5i1e5FGc5tMUv2/66bUH8dOeibOqv8goBUSL7dPyIqJrduNcb7s34mjc1nLxw6VzBYe/VGqbKmMLzrbJCQZVWvYnlPII/nyt61bzQOj8chZX2idoSsu3x8tg4JdUfvqOmCBFg2uHlQ5+acSUJW4+/UlzTSWvRxHPxIClYTyVotW2Em4LERzVddcegU/2dc75guBjlxHnu0zcAxFG7+3YMS/OZ6nXQXpWolqVivLEpp8HxVB/RoeIqjDU8TqLURsmOJg4srDMJUYkPzhawSrjybrGgvLI/Y3Y50B9gIIIoQrIqBkiPxnNfIwjlC/zBPTfKOj64S46Ph9eSm2aO/nU1zOr5oeL2ppv2hHChu6cO3bA9KkJ/UtbSEhbcVnSQYJMHdq+qDA8Jbeh0UpIih2SEW8NUEtO1Z6XZb75i5jbdSpi2/iKdbkjFvH3r7puvTx6xGzCdrTHF6rYYMlRwwbongjCwAQikZ61atlv5eW5ZARpnd0NN1MxUKR9BpeR74ykhx03FhKSTtp2GQ9Okw3M85CYBVkooFguQ3Gw4h7a3gHoFQxQF0Bfhqonjw7bFvig7RTBUo9jaQtnTY42Zz+8NGmIsvyeJ9mWyfOfvYjdUpkKwPm6vt7xEYJec//EvVS9wes2qIyOg2fFB090TxrN0adRmTgOMynta8teaU+BhHCbCAmr73w3RKzrLghfF5hKLQnbIVdCrTjnf2XRycGZHMHAT0qLLpQiWsCMCHAcTwyMo4GdV91A50FcCpEOladOJTF7vQm+O5/kOLVk+JpKUdw3qIBCMGwx+XFyRnRI6aDJzqv0YlnsqshtH4FA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(53546011)(7696005)(6506007)(2906002)(38070700005)(83380400001)(9686003)(8676002)(91956017)(66476007)(64756008)(316002)(66556008)(15650500001)(110136005)(122000001)(71200400001)(4326008)(52536014)(508600001)(66946007)(66446008)(82960400001)(8936002)(76116006)(33656002)(5660300002)(186003)(26005)(38100700002)(66574015)(86362001)(55016003)(966005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: V6UjAqmWUuJsnrh2BMzpX/06HNU79a7JvbGe9JrJV/7tK58rkkrO6fMLLTFD090e01l8NE1gm3PNJRUe9BEC2I7X9hvVKQ7U8CUof1xSA5rYocireTb9BoPWP/7lwEHynvm6wvbDJllWDAqlRuF/fZDLPPGd0+r1z4hZ9qP7h6KiT0Uez5IA3FlabXja5cIS712r/82hSGSpn3487406vvX5ZJYCMbNSShMyI3k6tlyUv3Zfeh3pRZpoO6d9j4l1Hkk2A38sJCOQYtgKAsKyY5p/vA0iRIs6uRaWYX9y4+ttg1xl0ZHv8lbZaHrpncX69tkEpsKIB1mjjTQGylpry9ibohKct7KJYhtie7q8hvDqKKIRkKDRpWv44wQQaQL88ofiofJTvVlLZskr/bPbU9DeZJrq55AueTJxM7ytIgCd5joj1nXCGkFf55582op2qBk7fz7oAPtgZTYPT6+PgvcR/W2Imjy8lFtx8mMMOdJZ9fR5EBB4icLX/AWihveabYOhYOA8Pc3CagrP7Lyheg3CPCCPIIv5SXVL2SeKSzCBrPpQQkTZepdsFZ9/K0wFBDa54iv9Js8ZWrWGthr5YkGNHe+VuakjdbJxBlMe4ZPjumXfotHxsqKJAc14U6g1/F4uIhMgm3gPvoMmPk6ZvsM3BLuvZ37IuNZ/FxzRU1X3CaPZAcnJeC+av+a8/MmiK5os195cnEkWax0ecMXat50H3EThyhH34uUwmTXJrOYcyn+sJFPeJhoJbC7Y6pXdUFn46kOSuvWkm5JqQ/L0l4AAfgYpycC5dY94CRn+WmMhwYZiWRDd9HTz2YO3KZSJ3x7An/AL0kuqpC3jg+KTwpAr6ATAiKai2IwKq6AuCR19W/0/iGqmC3OyWnGngupd/CZfcg5dDVhxzdW47jgMvEYhhPAMfsERkEYAtD5AiNpv57BEgRevAHf9GbvXfqN5gEULoEUM6KF664kvRBFgYshNI1gMghLlf4zWwpksJeLHJjTz3XvN58KsEH3PE3dUhLSDWHXqkgyankr2C8Bo1jytOv6muOuRgkUr4dxiYuRqlLQPN7mRBIBgMkI+PGbwUZbN64dc9m8qN60DhCGc/6KIcuIeuRXxWLagZQ6zIJsFA6Q1+iQFQjTs35bGsyvMaTsFW9NYtModDoSrJGGyOTG7Bzar5xHJCmBXtJ7PH5t0o/PoZMXNhafpNaUtJ6yupXzCiOR76x6lqSuUFTBfGpxC2ukp1ZAyao/bqPBAwIoDH9UAmju2pq9T6k3HXDn3a6H7+ayJ2DWA8JSy35JWzmtWTEHUrwzqCVKRPA3FsFHBSYqRxe+0IQftBFAgk+JvkiePcxRr+A/lE4zv44H0kBTWaPRxAMJhCiKKz2/WLqumMgYIFbuC+l4qs7idxwtedUC3H2OArFO9x6vtiMPrlTqOfEn9mvQz8GxdXRaVhFZj/CuQWQhvNXCuUvIiyhf6HIT3Mz4JnVimvyi+lB5dkObq2sBTjltbNPorUtzL94wkrGcQToI0ExYoTEYBk0mZjl5Fvma57cWDyMXD2AhVcJUa/6Uk2wDUl6cF6+Ty2DDWmixxZU/hV2fYC1IgA4AAxUuH2bADXQockLAm20zzW4pnFQ3WrZbOhQ/k39gZtP4v0A1zGc25yMjwzNfKg7N1Hl0AjcrC6PP768wi333UOkufBhl3QLCevkhcPanCNDbXA74IB8ptDdjw8juRKyqGaU/jN7GmUkrxnxJ1WQC3LQ==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a0fb6f36-6017-4855-fdf9-08da10ad8e93
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2022 11:24:43.3484 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dmFqi1Jh/fCHvI1PmmzdCCTpmZKOuoYl9pY9sz19v2Qv5cG8qJudmsvu1PywTmej4DczhkCbJIzK7OLNOb40lQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4965
Archived-At: <https://mailarchive.ietf.org/arch/msg/syslog/YjeYCzxl125Ob382mHoe3BY_wcI>
Subject: Re: [Syslog] Fw: New Version Notification for draft-chen-syslog-syscinfo-credibility-00.txt
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/syslog/>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2022 11:24:53 -0000

From: Syslog <syslog-bounces@ietf.org> on behalf of Meiling Chen <chenmeiling@chinamobile.com>
Sent: 15 March 2022 01:52

Hi folks,
This draft is about syslog which used to improve logging credibility by adding synchronization time information.
The trigger of this draft is that we found the attack vulnerability of syslog time synchronization during the experiment, the purpose is to improve rfc5424 with a slight modification.
And the draft aimed at the discussion of credibility when the value "1" is used for "isSynced".
We have received some suggestions from Sean and lonvick, will also update the version after open submission.
If anyone is interested in this topic, please feel free to comment.

<tp>
There is no syslog WG in the IETF so if the work is to progress, it likely needs to find a home in a a WG that is.

Tom Petch

Best,
Meiling

From: internet-drafts<mailto:internet-drafts@ietf.org>
Date: 2022-03-07 10:18
To: Fengsheng Wang<mailto:wangfengsheng@chinamobile.com>; Li Su<mailto:suli@chinamobile.com>; Meiling Chen<mailto:chenmeiling@chinamobile.com>; chenmeiling<mailto:chenmeiling@chinamobile.com>
Subject: New Version Notification for draft-chen-syslog-syscinfo-credibility-00.txt

A new version of I-D, draft-chen-syslog-syscinfo-credibility-00.txt
has been successfully submitted by Meiling Chen and posted to the
IETF repository.

Name: draft-chen-syslog-syscinfo-credibility
Revision: 00
Title: Improve logging credibility by adding synchronization time information
Document date: 2022-03-06
Group: Individual Submission
Pages: 6
URL:            https://www.ietf.org/archive/id/draft-chen-syslog-syscinfo-credibility-00.txt
Status:         https://datatracker.ietf.org/doc/draft-chen-syslog-syscinfo-credibility/
Html:           https://www.ietf.org/archive/id/draft-chen-syslog-syscinfo-credibility-00.html
Htmlized:       https://datatracker.ietf.org/doc/html/draft-chen-syslog-syscinfo-credibility


Abstract:
   This document proposes a scheme to improve the credibility of log
   reporting time by adding time synchronization information.

   This document updates the "timeQuality" structured Data in RFC 5424
   [RFC5424], The Syslog Protocol.  By appending "SYNCINFO" information
   after the "isSynced" parameter, the log collector can judge the
   credibility of logs when correlating logs of different devices.




The IETF Secretariat

v2.23.0 | Report a Bug | By Email