[Syslog] Fw: New Version Notification for draft-chen-syslog-syscinfo-credibility-00.txt

Meiling Chen <chenmeiling@chinamobile.com> Tue, 15 March 2022 01:54 UTC

Return-Path: <chenmeiling@chinamobile.com>
X-Original-To: syslog@ietfa.amsl.com
Delivered-To: syslog@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 555313A16ED for <syslog@ietfa.amsl.com>; Mon, 14 Mar 2022 18:54:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iY_2xe75WNg4 for <syslog@ietfa.amsl.com>; Mon, 14 Mar 2022 18:54:25 -0700 (PDT)
Received: from cmccmta2.chinamobile.com (cmccmta2.chinamobile.com [221.176.66.80]) by ietfa.amsl.com (Postfix) with ESMTP id 351F23A16C9 for <syslog@ietf.org>; Mon, 14 Mar 2022 18:52:53 -0700 (PDT)
Received: from spf.mail.chinamobile.com (unknown[172.16.121.17]) by rmmx-syy-dmz-app07-12007 (RichMail) with SMTP id 2ee7622ff1742f9-f9c85; Tue, 15 Mar 2022 09:52:52 +0800 (CST)
X-RM-TRANSID: 2ee7622ff1742f9-f9c85
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from cmcc-PC (unknown[10.2.51.26]) by rmsmtp-syy-appsvr09-12009 (RichMail) with SMTP id 2ee9622ff172a1a-38eb9; Tue, 15 Mar 2022 09:52:51 +0800 (CST)
X-RM-TRANSID: 2ee9622ff172a1a-38eb9
Date: Tue, 15 Mar 2022 09:52:51 +0800
From: Meiling Chen <chenmeiling@chinamobile.com>
To: syslog <syslog@ietf.org>
Cc: suli <suli@chinamobile.com>, wangfengsheng <wangfengsheng@chinamobile.com>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.9.115[cn]
Mime-Version: 1.0
Message-ID: <2022031509525088032316@chinamobile.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart833210625045_=----"
Archived-At: <https://mailarchive.ietf.org/arch/msg/syslog/c2Da6BIctGMVRMdfeY5a8IbubUY>
Subject: [Syslog] Fw: New Version Notification for draft-chen-syslog-syscinfo-credibility-00.txt
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/syslog/>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2022 01:54:29 -0000

Hi folks,
This draft is about syslog which used to improve logging credibility by adding synchronization time information.
The trigger of this draft is that we found the attack vulnerability of syslog time synchronization during the experiment, the purpose is to improve rfc5424 with a slight modification.
And the draft aimed at the discussion of credibility when the value "1" is used for "isSynced".
We have received some suggestions from Sean and lonvick, will also update the version after open submission.
If anyone is interested in this topic, please feel free to comment.

Best,
Meiling

From: internet-drafts
Date: 2022-03-07 10:18
To: Fengsheng Wang; Li Su; Meiling Chen; chenmeiling
Subject: New Version Notification for draft-chen-syslog-syscinfo-credibility-00.txt
 
A new version of I-D, draft-chen-syslog-syscinfo-credibility-00.txt
has been successfully submitted by Meiling Chen and posted to the
IETF repository.
 
Name: draft-chen-syslog-syscinfo-credibility
Revision: 00
Title: Improve logging credibility by adding synchronization time information
Document date: 2022-03-06
Group: Individual Submission
Pages: 6
URL:            https://www.ietf.org/archive/id/draft-chen-syslog-syscinfo-credibility-00.txt
Status:         https://datatracker.ietf.org/doc/draft-chen-syslog-syscinfo-credibility/
Html:           https://www.ietf.org/archive/id/draft-chen-syslog-syscinfo-credibility-00.html
Htmlized:       https://datatracker.ietf.org/doc/html/draft-chen-syslog-syscinfo-credibility
 
 
Abstract:
   This document proposes a scheme to improve the credibility of log
   reporting time by adding time synchronization information.
 
   This document updates the "timeQuality" structured Data in RFC 5424
   [RFC5424], The Syslog Protocol.  By appending "SYNCINFO" information
   after the "isSynced" parameter, the log collector can judge the
   credibility of logs when correlating logs of different devices.
 
                                                                                  
 
 
The IETF Secretariat