[Syslog] Issue 8 - Tim Polk DISCUSS
Chris Lonvick <clonvick@cisco.com> Mon, 07 June 2010 17:23 UTC
Return-Path: <clonvick@cisco.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E2EF328C103 for <syslog@core3.amsl.com>; Mon, 7 Jun 2010 10:23:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.937
X-Spam-Level:
X-Spam-Status: No, score=-9.937 tagged_above=-999 required=5 tests=[AWL=0.662, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fl0Iy+Gl-YhA for <syslog@core3.amsl.com>; Mon, 7 Jun 2010 10:23:25 -0700 (PDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id 8196628C74F for <syslog@ietf.org>; Mon, 7 Jun 2010 09:02:20 -0700 (PDT)
Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsoGAP6qDEyrRN+K/2dsb2JhbACSLQEBjBhxpGGaAoUXBINK
X-IronPort-AV: E=Sophos;i="4.53,378,1272844800"; d="scan'208";a="140533019"
Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-4.cisco.com with ESMTP; 07 Jun 2010 15:19:44 +0000
Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-4.cisco.com (8.13.8/8.14.3) with ESMTP id o57FJi5Q016213 for <syslog@ietf.org>; Mon, 7 Jun 2010 15:19:44 GMT
Date: Mon, 07 Jun 2010 08:19:43 -0700
From: Chris Lonvick <clonvick@cisco.com>
To: syslog@ietf.org
Message-ID: <Pine.GSO.4.63.1006070758110.27400@sjc-cde-011.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Subject: [Syslog] Issue 8 - Tim Polk DISCUSS
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2010 17:23:27 -0000
Issue 8 - Tim Polk DISCUSS
Discuss:
There seems to be an essential disconnect between the conformance
rquirements and the deployment guidance in this specification
The second paragraph of Section 6 Congestion Control states:
DCCP has congestion control. For this reason the syslog over DTLS
over DCCP option is recommended in preference to the syslog over the
DTLS over UDP option.
However, in Section 5.1, Transport
DTLS can run over multiple transports. Implementations of this
specification MUST support DTLS over UDP and SHOULD support DTLS over
DCCP [RFC5238].
For alignment with Section 6, it would seem that "MUST support DTLS over
DCCP" would be more appropriate.
Proposed resolution by Sean:
vvv
As noted by Lars (before my time on either the IESG or syslog list):
If DCCP is available (not usually the case) running DTLS over it is
trivial, so you could also make this a MUST. DCCP support itself is
obviously not a MUST.
Maybe what we really ought to be saying is Section 6 (which is just
about congestion control):
DCCP has congestion control. For this reason when DCCP is available,
syslog over DTLS over DCCP is recommended in preference to the syslog
over the DTLS over UDP option.
and we leave Section 5 alone?
^^^
Tim Polk responded:
vvv
I will defer to Lars on this one. Since we can't make DCCP support a
MUST, your suggested text for Section 6 would resolve what remains of my
issue.
^^^
ACTION: Authors to review proposed resolution and discuss on list.
- [Syslog] Issue 8 - Tim Polk DISCUSS Chris Lonvick
- Re: [Syslog] Issue 8 - Tim Polk DISCUSS t.petch
- Re: [Syslog] Issue 8 - Tim Polk DISCUSS David Harrington