Re: [Syslog] New syslog/tcp draft available
Sean Turner <turners@ieca.com> Tue, 01 February 2011 13:43 UTC
Return-Path: <turners@ieca.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 94DA53A6CF4 for <syslog@core3.amsl.com>; Tue, 1 Feb 2011 05:43:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.243
X-Spam-Level:
X-Spam-Status: No, score=-102.243 tagged_above=-999 required=5 tests=[AWL=-0.245, BAYES_00=-2.599, J_CHICKENPOX_41=0.6, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id skcE4JgR6QTb for <syslog@core3.amsl.com>; Tue, 1 Feb 2011 05:43:57 -0800 (PST)
Received: from nm9.bullet.mail.ac4.yahoo.com (nm9.bullet.mail.ac4.yahoo.com [98.139.52.206]) by core3.amsl.com (Postfix) with SMTP id E00513A6CE3 for <syslog@ietf.org>; Tue, 1 Feb 2011 05:43:56 -0800 (PST)
Received: from [98.139.52.190] by nm9.bullet.mail.ac4.yahoo.com with NNFMP; 01 Feb 2011 13:47:11 -0000
Received: from [98.139.52.130] by tm3.bullet.mail.ac4.yahoo.com with NNFMP; 01 Feb 2011 13:47:11 -0000
Received: from [127.0.0.1] by omp1013.mail.ac4.yahoo.com with NNFMP; 01 Feb 2011 13:47:11 -0000
X-Yahoo-Newman-Id: 92017.6076.bm@omp1013.mail.ac4.yahoo.com
Received: (qmail 1918 invoked from network); 1 Feb 2011 13:47:11 -0000
Received: from thunderfish.local (turners@96.241.4.28 with plain) by smtp112.biz.mail.re2.yahoo.com with SMTP; 01 Feb 2011 05:47:10 -0800 PST
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: 6RTOAuEVM1nu_5G3.rzTQrmHxUjE_CyL2XXcIgz9W04NYym 0PhY53F0IlUl.d3WcFMRdLc2pEz9uQbYnuCTa7actJDujoYsaGPRZC4RLHn. AuUFc6l1pPKESAcQes7Lc2BqfExg_Rj24uA_dzEYB4yxSytKIvkr1vL5POjk qP20VmgUxcAOjYjUBYz3nICzx23X6q53wYLUd4snGMU_q1WbwgFeVbaJH.LF JKj..UrP0qXY6zVWWNe1XbtGU5nj0PvD8DwyRHM2xEtyGyXWwDoqy9193Xm0 rEEOogQ--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4D480EDE.7030004@ieca.com>
Date: Tue, 01 Feb 2011 08:47:10 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: Chris Lonvick <clonvick@cisco.com>
References: <Pine.GSO.4.63.1101300851310.23155@sjc-cde-011.cisco.com> <4D459BF9.9050407@ieca.com> <Pine.GSO.4.63.1101311831130.12626@sjc-cde-011.cisco.com>
In-Reply-To: <Pine.GSO.4.63.1101311831130.12626@sjc-cde-011.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: syslog@ietf.org
Subject: Re: [Syslog] New syslog/tcp draft available
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2011 13:43:58 -0000
Chris, I am sympathetic to not wanting to get stuck waiting for a reference. I think the informative reference you cite would past muster. spt On 1/31/11 9:48 PM, Chris Lonvick wrote: > Hi Sean, > > I've seen that but I don't want this document to sit idle for the next > couple of years while that matures and becomes a normative and stable > reference via becoming an RFC. > > I'm really thinking that putting in definitive references for transport > layer vulnerabilities is going a bit beyond what is expected of an > INFORMATIONAL document. That being said, I think it's a good idea and am > willing to pursue it within reason. > > Gont's document does reference a paper by Steve Bellovin: > Bellovin, S. M. 1989. Security Problems in the TCP/IP Protocol > Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48. > That may be found here: > http://portal.acm.org/citation.cfm?id=378449 > > What would you think about referencing that document as an INFORMATIVE > reference in the third subsection of the Security Considerations section? > > Thanks, > Chris > > On Sun, 30 Jan 2011, Sean Turner wrote: > >> Chris, >> >> Not sure if this is what you're looking for, but have you checked out: >> http://datatracker.ietf.org/doc/draft-ietf-tcpm-tcp-security/ >> >> spt >> >> >> On 1/30/11 12:01 PM, Chris Lonvick wrote: >>> Hi Folks, >>> >>> We've finally gotten around to revising draft-gerhards-syslog-plain-tcp. >>> : -) >>> >>> This addresses the issues that Tom raised about >>> - the intro specifically stating what to expect in the body of the text >>> - a note on the transport security. >>> >>> For the first, we just sort'a straightened things out with a few edits. >>> For the latter, I looked in many places for a list of TCP >>> vulnerabilities but couldn't find anything substantial. The US-CERT had >>> a few implementation things and there were a scattering of other things. >>> In the end, I just added a subsection to warn impelemters to look >>> closely before writing code. If anyone has any other suggestions, please >>> let us know. >>> >>> Thanks, >>> Chris >>> _______________________________________________ >>> Syslog mailing list >>> Syslog@ietf.org >>> https://www.ietf.org/mailman/listinfo/syslog >>> >> >
- [Syslog] New syslog/tcp draft available Chris Lonvick
- Re: [Syslog] New syslog/tcp draft available Sean Turner
- Re: [Syslog] New syslog/tcp draft available Chris Lonvick
- Re: [Syslog] New syslog/tcp draft available Sean Turner