From nobody Tue Dec 7 04:25:20 2021 Return-Path: X-Original-To: syslog@ietfa.amsl.com Delivered-To: syslog@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17293A15A6 for ; Tue, 7 Dec 2021 04:25:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OyMwiL-kHGpR for ; Tue, 7 Dec 2021 04:25:14 -0800 (PST) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30120.outbound.protection.outlook.com [40.107.3.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B66373A15A2 for ; Tue, 7 Dec 2021 04:25:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M4lWiJSH4GJ4typQdi5ANItITHHVYYGNDaTuAV9kFew74G3dSXDwJ+7+S9lMb4yVbetikyrNUtQyg22JJtGtIz9sM3nN+Kcf/7jRgONBR9XEtvaubwEKFWA5yUXrCwKfgh15w15utDmwzFBlJzu1mc69wOM/pJrqpTBlJ6ZdJf2sqOEuSnllnentObCwbNeTHZy+GH/prbJN0M28f+BxIVSsH7O+zOiP7FH4VpcGv8cFxDJ9R3xBwwVh+15D361rL1ZWEolNJMGYyYtJSkZ/xp+LDBZwqwXGfirbF3ZJJ8zmHPm/XSSrl53tjx3WAQdlapVuCtuJ+37U9z67ZqJAzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+/GyFrXSDg/ThFUZzYN4qVHK03BzJfGo8MdupsBK5IU=; b=NegOB9cucHsk97CNlYtirqlfFJ3S7Tzn6rJP7GiT/+lrMxKFmo48n1G0eudTDZQkZkdkaoR+mlslWpzaeRaXCQggBKBnNI8vPbjF45Rx3TIjAznzx/6J9HX8dQna6iV2E0hKcakZgskiZMDXaOUflacz+MVuh3GLhpvO4JZ0nwjsk+cO+Or6E+jCn0Oi0jeUJix4qpbI0bCtPQq21TRyDJwUnNcimxug6rothRrVb1YEBP1VuxxmQJvfOESaFQrTK9akkctDYiDkmFvcJruwWgz4hzEtWCKNhKYqQdAQpHticttEp86YztORGu11TSm6Zsu0cnBbul8sB1j3nM0OGA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+/GyFrXSDg/ThFUZzYN4qVHK03BzJfGo8MdupsBK5IU=; b=OhjQaVGrAtJJJX53Sjr6UIdIlKIRrqp0tEwGo3egZsGFkykhkPvcn6fpGxO/03aSKkPguii3+E5uiwWvyLJD3QioObraoB/hWWXtIsxADFF9NQwhGwAGlABGyInZcAg9+qvTsbsjrz+LmtfMh14+IFqGw4dY5Gt1Zu6O906J2x4= Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by AM6PR07MB4614.eurprd07.prod.outlook.com (2603:10a6:20b:22::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.11; Tue, 7 Dec 2021 12:24:58 +0000 Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::89f3:ef4c:9336:3848]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::89f3:ef4c:9336:3848%3]) with mapi id 15.20.4778.011; Tue, 7 Dec 2021 12:24:58 +0000 From: tom petch To: Chris Lonvick , Arijit Bose , "sean+ietf@sn3rd.com" , "sean@sn3rd.com" , "syslog@ietf.org" , "joe@salowey.net" CC: "IEC 62351 WG15 (WG15@iectc57.org)" Thread-Topic: [Syslog] Use Of RFC 5425 In IEC 62351 Thread-Index: AQHX5J4KGJyFYH6ZUkGx1FDZykzGPKwlvxNogAFB2dM= Date: Tue, 7 Dec 2021 12:24:58 +0000 Message-ID: References: <64c34d64-5982-0df8-f057-1b3f53166e77@gmail.com> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: suggested_attachment_session_id: 02ab4aad-cdb6-540c-be46-05ae36676c54 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 301061e9-9750-4502-c8df-08d9b97c9566 x-ms-traffictypediagnostic: AM6PR07MB4614:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: xVCsXPFG2FUdcdErjVhtD/BpulDa7GVh81qhZ7LXgqea/9sVS+u1aCV45kkjUjIwZzA3sM3B0Y/kDjcbUzUUyFCeMbzLCRw6ooFWVvjx4+43y0yimdp50qexqlS5d4EQaOn+XTj301tni8oliRJfTZpFguFh8C5URcVk57swRhhkfq1zYusLqAbXLIUwnI8d3eMAwEetJ8cixxkbnaibOkSdcnIbbD/zVL/JQEjDju8vyyBywh/w02q7ppOjcRHZEsnGCZUoDlKgvC8PpQm7avB0Envv0v8itpBFbfEw8hQSf58M8kNNNptHoDFx8KKZR1znFJdUimbYoQ8LuQ88lNwFoy1TfIypWFynC8c9FDZvh3S01IkDRkc3LGmT9N48j0V698FZ07xAR4mzmXT6zce+llHkQfcTvUt85oRt2hp2D4S5A4z/uTcLC+vfGWMUhq/njXMuyububUFEGZvmoeoc2Njsx8D/DiGHoaD0+oJALsC2dWXy1j46k/DSn8bh+C73HhsjKjC4pL0Df0omBxcwsqIILl90ba1RCy86V6hPcW/mo24fsQEIwNgTkVxr6sa2pXQy8rAwY8ubz3A1bRCRcnVyBzgC2gVaxxT8AsnbbOmeop0VRgU0fW7xsESPCC+r6ZD9tUeF5mf0TG/Rg7EXlOinW9yEVYxsGYm95JDN9EknKjOiOI6N1H2GLr5+VLkrMoedcVtODHDBgNZiuFvaN9GQL0WN4rhi/wNnl8K2VcoCpuWdbjBO6ICkkfM0+ziOMoy+iO8sSUWabrt1Ct0zYyPLLTuwlkwrm0bwlkieO+DONPegqd6d6Sun5VLq x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(71200400001)(52536014)(8936002)(38100700002)(5660300002)(110136005)(316002)(122000001)(2906002)(508600001)(82960400001)(53546011)(6506007)(26005)(7696005)(66446008)(186003)(9686003)(4326008)(83380400001)(8676002)(15974865002)(66574015)(33656002)(38070700005)(64756008)(76116006)(55016003)(86362001)(66556008)(91956017)(66476007)(66946007); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?2bLyEhOyyj+smDnos2MyEikRc/UoLCRgGqNU+XKuo8ctR0LXkNOBJPlJZ2?= =?iso-8859-1?Q?qwVZezO+LDUTiWNfQ1On7I6JYbTIJt1h4S943Ajpp512MkdhLfkJCGT1ys?= =?iso-8859-1?Q?D5DfdTLXr/iARfHYI3ee0os8+r+tXb8S6jfs7pnKjdOQ9+cht1968JUlSY?= =?iso-8859-1?Q?uTqawoxP4tQ0kF659TPjjipuvkz/I/8847+IVg3qLfDurAWWfn3qcWBn4R?= =?iso-8859-1?Q?3m6qrS6PJ0Z+fU+G1jjyntI+hKDl6FrhueSWbjWqxY9PKAX3ll++00jo0H?= =?iso-8859-1?Q?+Ynm63y2YWCIAqWC9iu2hO1TxheiHtGTwffgGQjNWk8kIqHF6Hep+wl8jl?= =?iso-8859-1?Q?Msjt8WaywZwmj4agYvJ7fIQI4fEAH7YXTdBgic9J1/Bv12yPeuPztJ0Xv5?= =?iso-8859-1?Q?CvHtN/us4pFnP8xwRsRP0pw9GNz2v8ow2U82oABAUjuKfW+Zv6Ef6Khri/?= =?iso-8859-1?Q?tH+iMCFjr872ej2GiyzDkWfcJgHX0c09LQNUAYMtD+TT6n/bca7MY19lYC?= =?iso-8859-1?Q?QzJXn+WXdNhREFryM9EHwV8C3B1BGcNMbmkIiBz60iLlLsrHs2U42xuTjX?= =?iso-8859-1?Q?gWQHo0vJprub4+fezdz/h+9S3mFR99jyYEjayEQSa5qwvbq+w0mDPBnKmJ?= =?iso-8859-1?Q?KMpo+fEVIgvvIVPYk3yO4SxUDMfLCQ7a1fSj2HGeytekeqRfANfhuDsqXT?= =?iso-8859-1?Q?0OZQ4X2JGKZyCZlBRCYSpQuYQLWCYNxCod888CG42+G0fQuK8hL454MWFM?= =?iso-8859-1?Q?qZghH0fUUpIBkw/R6qMRauSATNiSjwlFIzWQYYfDV9YSlrhrRsJ3SnABab?= =?iso-8859-1?Q?xZnGbkM0yX3/m4M0llqFBQe6ag8qlY+pp+oEaD8hxyLVo14G5aJk7WuOxS?= =?iso-8859-1?Q?c8CUcd3RyUqpzcarjZn5OcjvKMA/By73nYkMPUr0wGNtNGpEPbxelL/9sT?= =?iso-8859-1?Q?LePm6lUGAjVI1r0xMl2fhc3CHiP9TO9fMYNpO6/QSDw2HAlQKwnsS6JreZ?= =?iso-8859-1?Q?kGsBCxOCjzZX1C0r+dZgTH5HnTjybvHv0gwDlaDJUirmawqMRancZ02Emz?= =?iso-8859-1?Q?glw+iPoYyhaXQIaTjS+JYoovs9P25A1gFeaZKVnrW3PuxGKsls9RahWTfT?= =?iso-8859-1?Q?xzR6WN+vZ84Lp17YVzUWru8B1ZyGo/PvsSC43Epcbm4kKUqB0t6MyAu/aE?= =?iso-8859-1?Q?btwW0Q9qzs7hGjDTz6I7A8yFLldyQZFY3Ye+k1oXIwhqojTfLY2OG5GLLz?= =?iso-8859-1?Q?yENKaUm/4uRdzF45AVjCFB2BKfezPwVUvGbRr42hgiLMX6FAUlKT4B95ZJ?= =?iso-8859-1?Q?bTKuv85AjATiligxgbaSdOLTDyd5LRfRLjMrHFQXiJZrf+6ZIwjOjJ51WI?= =?iso-8859-1?Q?5j81sEx/3kJD6oJXepeFnd/7sPCv4n69s0T0yygJdZalb22dnq9yd6w6Jn?= =?iso-8859-1?Q?fK1OL8cT9fvQB0VA0Aq7LAOP35sfj5odJ1/IIrz2p2Oh84N0BHCL8IEvM6?= =?iso-8859-1?Q?do++J7BgfsuTKd25sOsw/Nel60ONoAJsHQPH3OhhysB79X8/wRady8OnDE?= =?iso-8859-1?Q?vAkF9t2/HNBJvalmINW9OlHs/oEMVkKLZ8fS/dumjMCbq2Dyd2qB3hM8zY?= =?iso-8859-1?Q?6lPgz70QchDCVV02zmELZH7LhWuZJSJ3JVDIN+eJGHYdH/mGoaqxJTZw?= =?iso-8859-1?Q?=3D=3D?= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: btconnect.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 301061e9-9750-4502-c8df-08d9b97c9566 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Dec 2021 12:24:58.2010 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: tfiXC5BKweNt5oSv03sEs+3X8d1hTgHQ3kurcfZmlt/jXAUse2WE43H/yrnTtMja0mtLWA3sj739B7ICuPDh6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4614 Archived-At: Subject: Re: [Syslog] Use Of RFC 5425 In IEC 62351 X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Dec 2021 12:25:19 -0000 Arijit=0A= =0A= My message got a bounce from WG15 which is not unexpected.=0A= =0A= =0A= Tom Petch=0A= =0A= ________________________________________=0A= From: Syslog on behalf of tom petch =0A= Sent: 06 December 2021 17:31=0A= =0A= From: Syslog on behalf of Chris Lonvick =0A= Sent: 28 November 2021 21:22=0A= =0A= Hello Arijit and All,=0A= =0A= Speaking as an individual (not representing the IETF or any Working Group),= the work we did for the syslog protocol was never intended to be insecure.= I would make two suggestions:=0A= =0A= - create a new Internet Draft that will deprecate the insecure cypher suite= from the RFC; and=0A= =0A= - specify the implementation and deployment of the cypher suites in your IE= C documents as you suggest below and cite the Internet Draft as updating th= e RFC.=0A= =0A= I'm cc'ing the current IETF Security ADs and adding Joe's contact email.=0A= =0A= =0A= =0A= Also as an individual active in the IETF.=0A= Trimming the cc: since the mailer has limits and especially ietf-action whi= ch is for admin problems with the website.=0A= =0A= I think that there are many more problems. The current security protocol i= s TLS1.3 which is very different to TLS1.2 in how the security options are = structured. I have seen some WG seeking to update their RFC for how to mak= e protocol XXXX secure; AFAIK none have succeeded in producing an RFC yet (= excepting, perhaps, the TLS WG).=0A= =0A= RFC5425 assumes that life will go on as before with new ciphersuites but IM= HO TLS1.3 tore up the rule book and rendered that approach impossible requi= ring a much greater consideration of the options (e.g. PSK). (Indeed I see= some sectors saying that TLS1.3 cannot me made suitable).=0A= =0A= There is also the question of what is a match for a certificate. At the ti= me of this RFC, every WG was RYO. Later an IETF-wide RFC6125 was produced = but this is now regarded as inadequate and there is a draft 6125bis which = would need to be considered.=0A= =0A= And then the IETF in general might regard NETCONF/YANG was where it wants t= o put its efforts rather than such as Syslog (or SMI).=0A= =0A= You mention getting no reply from the first two authors of the RFC; I canno= t recall seeing anything of them in the past decade or so.=0A= =0A= Tom Petch=0A= =0A= Best regards,=0A= =0A= Chris=0A= =0A= On 11/22/21 10:30 AM, Arijit Bose wrote:=0A= Dear all,=0A= =0A= =0A= I am also looping the email address ietf-action@ietf.org for this same query.=0A= =0A= =0A= With best regards=0A= Arijit=0A= =0A= =0A= =0A= From: Arijit Bose=0A= Sent: Monday, November 22, 2021 2:40 PM=0A= To: jsalowey@cisco.com; clonvick@cisco.com; lonvick.ietf@gmail.com; ietfdbh@comcast.net; turners@ieca.com; sean+ietf@sn3rd.com; sean@s= n3rd.com; syslog@ietf.org=0A= Cc: IEC 62351 WG15 (WG15@iectc57.org) =0A= Subject: RE: Use Of RFC 5425 In IEC 62351=0A= Importance: High=0A= =0A= Dear all,=0A= =0A= My name is Arijit Kumar Bose and I am a member of IEC 62351 TC 57 WG15 : IE= C 62351 - Wikipedia.=0A= =0A= For the development of an IEC cybersecurity standard for electrical power s= ystem, we (WG15) are trying to reference RFC 5425 and adopt its specificati= ons. However, since RFC 5425 specifies TLS_RSA_WITH_AES_128_CBC_SHA, which = is currently insecure and depreciated cipher suite Ciphersuite Info. Therefore, we are= trying to adopt stronger cipher suites in accordance with IEC 62351-3 : IE= C 62351-3:2014+AMD1:2018+AMD2:2020 CSV | IEC Webstore. IEC 62351-3 specifies a set of stronger state of the = art cipher suites and thus defines a profile on how to apply TLS, addressin= g authentication, cipher suite requirements, renegotiation, etc. Therefore,= we would like to use the state of the art cipher suites as specified in IE= C 62351-3 and also mandatorily refer RFC 5425 including the usage of its po= rt number 6514 for transporting secure syslog traffic. Our understanding wo= uld be that it does not violate RFC 5425, as it allows in section 4.2 of RF= C 5425 that also stronger cipher suites may be used.=0A= Would these be allowed that if we normatively (mandatorily) refer RFC 5425 = to secure SYSLOG traffic including the use of the TCP port number 6514 but = adopt the stronger cipher suites that are specified in IEC 62351-3 instead = of the weak cipher suite as indicated above ? By adopting this, will it ma= ke our IEC standard incompliant with RFC 5425 ?=0A= I and WG15 are looking forward to your answer on this topic. Appreciate you= r any input on the same.=0A= Thanks in advance!=0A= With best regards=0A= Arijit=0A= =0A= =0A= [cid:part1.FjC0hlKG.WtFXJu1n@gmail.com]=0A= Arijit Kumar Bose=0A= Global Cyber Security Architect - Power Grids High Voltage | Software Devel= opment Independent Expert=0A= =0A= ul. Pawia 7=0A= malopolskie=0A= 31-154 Krakow, Poland=0A= Mobile: +48 666 881 680=0A= E-mail: arijit.bose@hitachienergy.com= =0A= www.hitachienergy.com=0A= [cid:part2.7v2IZnyi.aiFXTrga@gmail.com] [cid:part3.V43P5neR.mIFmn3My@gmail.com] [cid:part4.p6X9CymJ.Y0kVmz3J@gmail.com] [cid:part5.gIa8m7V9.0otv4DbL@gmail.com] [cid:part6.1aGgXLAx.Sc3zNSLu@gmail.com] = =0A= =0A= [cid:part7.MA9YcUcm.2JWpmGWi@gmail.com]=0A= =0A= From: Arijit Bose=0A= Sent: Monday, November 22, 2021 11:49 AM=0A= To: jsalowey@cisco.com=0A= Cc: IEC 62351 WG15 (WG15@iectc57.org) >=0A= Subject: RE: Use Of RFC 5425 In IEC 62351=0A= =0A= Dear Joseph,=0A= =0A= A second friendly reminder for this below aspect. We(WG15) are looking forw= ard to your reply on this.=0A= =0A= With best regards=0A= Arijit=0A= =0A= =0A= =0A= From: Arijit Bose=0A= Sent: Wednesday, November 17, 2021 12:49 PM=0A= To: 'jsalowey@cisco.com' >=0A= Cc: IEC 62351 WG15 (WG15@iectc57.org) >=0A= Subject: RE: Use Of RFC 5425 In IEC 62351=0A= =0A= Dear Joseph,=0A= =0A= A friendly reminder for your input/suggestion on this topic as expressed be= low.=0A= =0A= With best regards=0A= Arijit=0A= =0A= =0A= =0A= From: Arijit Bose=0A= Sent: Friday, November 12, 2021 11:17 AM=0A= To: jsalowey@cisco.com=0A= Cc: IEC 62351 WG15 (WG15@iectc57.org) >=0A= Subject: RE: Use Of RFC 5425 In IEC 62351=0A= =0A= Dear Joseph,=0A= =0A= Since I got a computerized automatic generated reply stating an undelivered= message to miaofy@huawei.com and myz@huawei.com<= mailto:myz@huawei.com> indicating that most probably their email address is= no longer valid and thus could not be found, it would be very helpful, if = you can please help us (WG15) with your valuable input / suggestion on this= below topic.=0A= =0A= We are looking forward to your reply on this!=0A= =0A= With best regards=0A= Arijit=0A= =0A= =0A= =0A= From: Arijit Bose=0A= Sent: Wednesday, November 10, 2021 10:48 AM=0A= To: miaofy@huawei.com; myz@huawei.com; jsalowey@cisco.com=0A= Subject: Use Of RFC 5425 In IEC 62351=0A= =0A= Dear all,=0A= =0A= My name is Arijit Kumar Bose and I am a member of IEC 62351 TC 57 WG15 : IE= C 62351 - Wikipedia.=0A= =0A= For the development of an IEC cybersecurity standard for electrical power s= ystem, we (WG15) are trying to reference RFC 5425 and adopt its specificati= ons. However, since RFC 5425 specifies TLS_RSA_WITH_AES_128_CBC_SHA, which = is currently insecure and depreciated cipher suite Ciphersuite Info. Therefore, we are= trying to adopt stronger cipher suites in accordance with IEC 62351-3 : IE= C 62351-3:2014+AMD1:2018+AMD2:2020 CSV | IEC Webstore. IEC 62351-3 specifies a set of stronger state of the = art cipher suites and thus defines a profile on how to apply TLS, addressin= g authentication, cipher suite requirements, renegotiation, etc. Therefore,= we would like to use the state of the art cipher suites as specified in IE= C 62351-3 and also mandatorily refer RFC 5425 including the usage of its po= rt number 6514 for transporting secure syslog traffic. Our understanding wo= uld be that it does not violate RFC 5425, as it allows in section 4.2 of RF= C 5425 that also stronger cipher suites may be used.=0A= Would these be allowed that if we normatively (mandatorily) refer RFC 5425 = to secure SYSLOG traffic including the use of the TCP port number 6514 but = adopt the stronger cipher suites that are specified in IEC 62351-3 instead = of the weak cipher suite as indicated above ? By adopting this, will it ma= ke our IEC standard incompliant with RFC 5425 ?=0A= I and WG15 are looking forward to your answer on this topic. Appreciate you= r any input on the same.=0A= Thanks in advance!=0A= With best regards=0A= Arijit=0A= [cid:part8.ksIxmLY8.r6hMyuvg@gmail.com]=0A= Arijit Kumar Bose=0A= Global Cyber Security Architect - Power Grids High Voltage | Software Devel= opment Independent Expert=0A= =0A= ul. Pawia 7=0A= malopolskie=0A= 31-154 Krakow, Poland=0A= Mobile: +48 666 881 680=0A=