RE: [Syslog] Legitimate \n or byte-counting

"Rainer Gerhards" <rgerhards@hq.adiscon.com> Sat, 19 August 2006 03:20 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GEHNq-0000VZ-72; Fri, 18 Aug 2006 23:20:26 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GEHNo-0000VQ-E8 for syslog@ietf.org; Fri, 18 Aug 2006 23:20:24 -0400
Received: from mail.hq.adiscon.com ([84.245.151.34]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GEHNm-0004Wm-SP for syslog@ietf.org; Fri, 18 Aug 2006 23:20:24 -0400
Received: from localhost (localhost [127.0.0.1]) by mail.hq.adiscon.com (Postfix) with ESMTP id 8937F9C00C; Sat, 19 Aug 2006 05:21:57 +0200 (CEST)
Received: from mail.hq.adiscon.com ([127.0.0.1]) by localhost (mail.grf.adiscon.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20977-05; Sat, 19 Aug 2006 05:21:53 +0200 (CEST)
Received: from grfint2.intern.adiscon.com (grfint2 [172.19.0.6]) by mail.hq.adiscon.com (Postfix) with ESMTP id 022F79C00B; Sat, 19 Aug 2006 05:21:52 +0200 (CEST)
Subject: RE: [Syslog] Legitimate \n or byte-counting
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Sat, 19 Aug 2006 05:20:06 +0200
Content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <577465F99B41C842AAFBE9ED71E70ABA174E0B@grfint2.intern.adiscon.com>
In-Reply-To: <0d6801c6c314$87fe73c0$0400a8c0@china.huawei.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] Legitimate \n or byte-counting
Thread-Index: AcbDA3Ho3Rz5w1zURQSVnlxYZzITPwAA2AKgAA3PvuA=
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: David Harrington <ietfdbh@comcast.net>, Carson Gaspar <carson@taltos.org>, syslog@ietf.org
X-Virus-Scanned: by amavisd-new-2.3.3 (20050822) (Debian) at adiscon.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a87a9cdae4ac5d3fbeee75cd0026d632
Cc:
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

David,

I have just now be able to poll my mail. I trust you as a co-chair that
this time the documents will not be torn apart because of the missing
backwards compatibility. Thus, I agree we should move to octet-couting,
as there is more consensus to use that (and it is technically superior).

I would just deeply appreciate if you could try to make sure this will
not be the reason for violent objection of the document set as it was
last year.

Thanks for driving this discussion and getting us to consensus.

Rainer 

> -----Original Message-----
> From: David Harrington [mailto:ietfdbh@comcast.net] 
> Sent: Friday, August 18, 2006 4:20 PM
> To: 'Carson Gaspar'; syslog@ietf.org
> Subject: RE: [Syslog] Legitimate \n or byte-counting
> 
> Hi,
> 
> [speaking as co-chair]
> 
> I believe it is inaccurate to say there has been a WG decision to
> maximize backwards compatibility.
> 
> The charter says
> "The goal of this working group is to address the security and
> integrity
> problems, and to standardize the syslog protocol, transport, and a 
> select set of mechanisms in a manner that considers the ease of 
> migration between and the co-existence of existing versions and the 
> standard."
> 
> There is a big difference between "maximizing for backwards
> compatibility" and "considering the ease of migration between and the
> co-existence of existing versions and the standard." 
> 
> This difference was discussed during the charter discussions. We need
> to balance backwards compatibility with improved interoperability and
> good technical design.
> 
> We need to focus on **forward** compatibility - defining a standard
> that implementors can move forward toward so there is increased
> commonality, vendor neutrality, and interoperability.
>  
> If we keep trying for backwards compatibility to a wide range of
> incompatible implementations, then we might as well go home now.
> 
> David Harrington
> dharrington@huawei.com 
> dbharrington@comcast.net
> ietfdbh@comcast.net
> co-chair, Syslog WG 
> 
>  
> 
> > -----Original Message-----
> > From: Carson Gaspar [mailto:carson@taltos.org] 
> > Sent: Friday, August 18, 2006 4:19 PM
> > To: syslog@ietf.org
> > Subject: Re: [Syslog] Legitimate \n or byte-counting
> > 
> > --On Friday, August 18, 2006 7:35 AM -0700 Chris Lonvick 
> > <clonvick@cisco.com> wrote:
> > 
> > > If we use LF-escaping in syslog messages, what's going to 
> > happen if a
> > > legitimate "\n" is sent by a sender?  An example would be:
> > >
> > >     <PRI>... BOM The offending characters are \n
> > >
> > > Will a receiver convert that into LF?  If that's the case 
> > then we should
> > > not be using LF-escaping.
> > 
> > I raised the same issue. The answer is the receiver will examine the
> 
> > protocol version and will not un-escape unless the sender is 
> > a new-style 
> > sender. I'm still not convinced that the installed base of TCP
> syslog 
> > deployments is large enough to care about, but, given the decision
> to 
> > maximize backwards comparability, this is "good enough" to make 
> > implementation possible.
> > 
> > -- 
> > Carson
> > 
> > _______________________________________________
> > Syslog mailing list
> > Syslog@lists.ietf.org
> > https://www1.ietf.org/mailman/listinfo/syslog
> > 
> 
> 
> _______________________________________________
> Syslog mailing list
> Syslog@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/syslog
> 

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog