Re: [Syslog] New syslog/tcp draft available

Sean Turner <turners@ieca.com> Tue, 01 February 2011 13:43 UTC

Return-Path: <turners@ieca.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 94DA53A6CF4 for <syslog@core3.amsl.com>; Tue, 1 Feb 2011 05:43:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.243
X-Spam-Level:
X-Spam-Status: No, score=-102.243 tagged_above=-999 required=5 tests=[AWL=-0.245, BAYES_00=-2.599, J_CHICKENPOX_41=0.6, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id skcE4JgR6QTb for <syslog@core3.amsl.com>; Tue, 1 Feb 2011 05:43:57 -0800 (PST)
Received: from nm9.bullet.mail.ac4.yahoo.com (nm9.bullet.mail.ac4.yahoo.com [98.139.52.206]) by core3.amsl.com (Postfix) with SMTP id E00513A6CE3 for <syslog@ietf.org>; Tue, 1 Feb 2011 05:43:56 -0800 (PST)
Received: from [98.139.52.190] by nm9.bullet.mail.ac4.yahoo.com with NNFMP; 01 Feb 2011 13:47:11 -0000
Received: from [98.139.52.130] by tm3.bullet.mail.ac4.yahoo.com with NNFMP; 01 Feb 2011 13:47:11 -0000
Received: from [127.0.0.1] by omp1013.mail.ac4.yahoo.com with NNFMP; 01 Feb 2011 13:47:11 -0000
X-Yahoo-Newman-Id: 92017.6076.bm@omp1013.mail.ac4.yahoo.com
Received: (qmail 1918 invoked from network); 1 Feb 2011 13:47:11 -0000
Received: from thunderfish.local (turners@96.241.4.28 with plain) by smtp112.biz.mail.re2.yahoo.com with SMTP; 01 Feb 2011 05:47:10 -0800 PST
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: 6RTOAuEVM1nu_5G3.rzTQrmHxUjE_CyL2XXcIgz9W04NYym 0PhY53F0IlUl.d3WcFMRdLc2pEz9uQbYnuCTa7actJDujoYsaGPRZC4RLHn. AuUFc6l1pPKESAcQes7Lc2BqfExg_Rj24uA_dzEYB4yxSytKIvkr1vL5POjk qP20VmgUxcAOjYjUBYz3nICzx23X6q53wYLUd4snGMU_q1WbwgFeVbaJH.LF JKj..UrP0qXY6zVWWNe1XbtGU5nj0PvD8DwyRHM2xEtyGyXWwDoqy9193Xm0 rEEOogQ--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4D480EDE.7030004@ieca.com>
Date: Tue, 01 Feb 2011 08:47:10 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: Chris Lonvick <clonvick@cisco.com>
References: <Pine.GSO.4.63.1101300851310.23155@sjc-cde-011.cisco.com> <4D459BF9.9050407@ieca.com> <Pine.GSO.4.63.1101311831130.12626@sjc-cde-011.cisco.com>
In-Reply-To: <Pine.GSO.4.63.1101311831130.12626@sjc-cde-011.cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: syslog@ietf.org
Subject: Re: [Syslog] New syslog/tcp draft available
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2011 13:43:58 -0000

Chris,

I am sympathetic to not wanting to get stuck waiting for a reference.  I 
think the informative reference you cite would past muster.

spt

On 1/31/11 9:48 PM, Chris Lonvick wrote:
> Hi Sean,
>
> I've seen that but I don't want this document to sit idle for the next
> couple of years while that matures and becomes a normative and stable
> reference via becoming an RFC.
>
> I'm really thinking that putting in definitive references for transport
> layer vulnerabilities is going a bit beyond what is expected of an
> INFORMATIONAL document. That being said, I think it's a good idea and am
> willing to pursue it within reason.
>
> Gont's document does reference a paper by Steve Bellovin:
> Bellovin, S. M. 1989. Security Problems in the TCP/IP Protocol
> Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48.
> That may be found here:
> http://portal.acm.org/citation.cfm?id=378449
>
> What would you think about referencing that document as an INFORMATIVE
> reference in the third subsection of the Security Considerations section?
>
> Thanks,
> Chris
>
> On Sun, 30 Jan 2011, Sean Turner wrote:
>
>> Chris,
>>
>> Not sure if this is what you're looking for, but have you checked out:
>> http://datatracker.ietf.org/doc/draft-ietf-tcpm-tcp-security/
>>
>> spt
>>
>>
>> On 1/30/11 12:01 PM, Chris Lonvick wrote:
>>> Hi Folks,
>>>
>>> We've finally gotten around to revising draft-gerhards-syslog-plain-tcp.
>>> : -)
>>>
>>> This addresses the issues that Tom raised about
>>> - the intro specifically stating what to expect in the body of the text
>>> - a note on the transport security.
>>>
>>> For the first, we just sort'a straightened things out with a few edits.
>>> For the latter, I looked in many places for a list of TCP
>>> vulnerabilities but couldn't find anything substantial. The US-CERT had
>>> a few implementation things and there were a scattering of other things.
>>> In the end, I just added a subsection to warn impelemters to look
>>> closely before writing code. If anyone has any other suggestions, please
>>> let us know.
>>>
>>> Thanks,
>>> Chris
>>> _______________________________________________
>>> Syslog mailing list
>>> Syslog@ietf.org
>>> https://www.ietf.org/mailman/listinfo/syslog
>>>
>>
>