IETF Logo Mail Archive

Re: [Syslog] Fwd: I-D Action: draft-ciphersuites-in-sec-syslog-00.txt

Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de> Sat, 11 December 2021 14:44 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: syslog@ietfa.amsl.com
Delivered-To: syslog@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27BED3A08AD for <syslog@ietfa.amsl.com>; Sat, 11 Dec 2021 06:44:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E5nC9da5E5Y2 for <syslog@ietfa.amsl.com>; Sat, 11 Dec 2021 06:44:36 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140040.outbound.protection.outlook.com [40.107.14.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE5803A08A5 for <syslog@ietf.org>; Sat, 11 Dec 2021 06:44:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oVVux5cbFKISNPzvowg9RjJihEGU56+vYu2A1kI6vfz9RyEx2eCPipSNO4YY+OPGIrgnN0utT8koAOQCzKoMXFg44RsTpJkLbHQOayIChx7UYr7c78O0M/3OwDB/pruSjDcLnzlr9YFLI620npTTV6FE1Wl+W0OwTyM5X8O3sYZpMJcANstdYU4Cb1XSddxERwK078bCKrun8udAwpI9Rv72/LY6bC5vKk+2zNPoeSR1M/EAykLr8/IBqlB+bFau6JUvDsJF23A+2248VX9rRe2zX/lruePWGNYaw7dkUal+EsuolsI4tGktNkoS4mD3nq7WbWy+RFrj87x1nkUt9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/nbyeu1HTk+g1mgcrKPiv+7GTPUSvY1Ww6ByfyETFe0=; b=XeVD8QvewZpqoNky7eSZ1NJpLCsB4zd3ir5cmUDJ0FO0pjH/HBpVUbu4YC5ykOzPkVww1FNjm11WUnHfsH8aPZPQKmPiVZW4/2h/pwu6UVnwsxXcgmH+iADMxo8aolLbo3HUPACPXAT9U/sgyiTcHj1wavXLByLNzdSKUmIENGveNf9IGqsOnUvo1D71CPReA2bhTFFxPE6TF8IqWotn5eEIkVgR85lon90YZDojShua4l93gDrAlu/TxWabSUIvZu8/PyMxpjirijVyMeLaza8G/XNCnPBgLD+G4mYMgUl+mqOvHPooQjDGv2eK/YbsZ/jh/K8yd1+ShhhR6l8NRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/nbyeu1HTk+g1mgcrKPiv+7GTPUSvY1Ww6ByfyETFe0=; b=RnOqXkOZy1GDCygZpuceU/yygI8pjgSpHAexAw2X+xoOfYvPYQmCU8iwF9XOjzjNrvgjur4sgWnuAFjY9ssJ8iRJduM68IB4hFG7SQYe/L+ihhBKXqt87NIVsVNCaE2G1snEqd13NnL10DVNDtKsz7Cg5jBT1fY51XCidlHRiJo=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=jacobs-university.de;
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23) by AM8P190MB0978.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:1d0::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.24; Sat, 11 Dec 2021 14:44:31 +0000
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::f12d:e975:556d:30f8]) by AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::f12d:e975:556d:30f8%3]) with mapi id 15.20.4778.017; Sat, 11 Dec 2021 14:44:31 +0000
Date: Sat, 11 Dec 2021 15:44:30 +0100
From: Jürgen Schönwälder <j.schoenwaelder@jacobs-university.de>
To: tom petch <ietfc@btconnect.com>
Cc: Chris Lonvick <lonvick.ietf@gmail.com>, "syslog@ietf.org" <syslog@ietf.org>, "sean@sn3rd.com" <sean@sn3rd.com>, Joe Salowey <joe@salowey.net>, Arijit Bose <arijit.bose@hitachienergy.com>
Message-ID: <20211211144430.4fbmcacflmscgok7@anna>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: tom petch <ietfc@btconnect.com>, Chris Lonvick <lonvick.ietf@gmail.com>, "syslog@ietf.org" <syslog@ietf.org>, "sean@sn3rd.com" <sean@sn3rd.com>, Joe Salowey <joe@salowey.net>, Arijit Bose <arijit.bose@hitachienergy.com>
References: <163917706473.14037.18043022518803073486@ietfa.amsl.com> <928a9aa6-7585-55ed-051b-ad68073a947a@gmail.com> <AM7PR07MB6248D3FC0415A872CD204DBCA0729@AM7PR07MB6248.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <AM7PR07MB6248D3FC0415A872CD204DBCA0729@AM7PR07MB6248.eurprd07.prod.outlook.com>
X-ClientProxiedBy: AM0PR02CA0194.eurprd02.prod.outlook.com (2603:10a6:20b:28e::31) To AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a4686fd1-faea-46ec-1802-08d9bcb4bdcf
X-MS-TrafficTypeDiagnostic: AM8P190MB0978:EE_
X-Microsoft-Antispam-PRVS: <AM8P190MB09789EFEAD66D4E29958510BDE729@AM8P190MB0978.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: yYpGlGL4tTKM8XQB1+QaB5e2I5p+gfmjylEJt33tIBLvjwurBUighTCU8CqjykJU9uOYxJ4QStcCNTjjb78smr53A/l2JZQcTSHCKbqUOGG96ydsqzhCrr8ESYlRITO89CUFYfsKyYzgVD9KCBDFAdPITvDUDHPicZrBIWMj7sGwwwqpebvL5rZOoiMlHeYM88VDduMaBE4Q1lhk/Fy/sVp+TSqbUVlzAltZBaO4hIGLPW09mzWXac1Z9cNR1fC3J26P71omoXGzaUXHkXwwtjepVGQMmbeR9iw9ebnUxdO7Z8Q2HIJntvhQzrTpK9+w38u1wozkUhRCEZ+y/vt8RJwgv6hlSJ7xqqkLcIoqEDpvy2LshSxylHlZ329mgRXQFwwIayzav7yWp3J9dwT2iiV+73Q2XmNOQOu8EleXpOnGecd0Z9eiizIXSGt6VWSQx6d2HMy8FnsYJz0rzI04LSuVYTvhQ1oFL5rfgjCQNi4XO+D3CmZfc/F1H2ZTnZZeWWUhQ5e2lZqQso3kediZszAMD9Rlm+RB7LGRXjrSoEJqzXQiWJdcFLD05jW3qulC+G2lkM1EKa8wWjB6cyqB8xBjaAaanmdO+FJkRkbYKNzWZVOKvcXvipczwoQQs79CgcbVFD7szOGh3oPjcM6O4hS0II3kbxdwXmK3oSQuYi7XVwN6vt2cU6ORsPGkgw42uhA/Dj/SyaUDrtJM/dg7M91JuQyHtFtmf+Xnu3XZH5h1Ig3+TLXvZ8hz3x5SC8MVx8nRjfIR52kGz9kqtvW1HrBhOGtH/PzAncMicOiR0oEg5Q6l5ENt9Om5dIIBQ18W
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0P190MB0641.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(7916004)(366004)(6486002)(85202003)(8936002)(26005)(66556008)(186003)(38100700002)(296002)(38350700002)(85182001)(4001150100001)(4326008)(83380400001)(3450700001)(33716001)(1076003)(66574015)(966005)(66946007)(5660300002)(66476007)(54906003)(498600001)(6916009)(8676002)(52116002)(86362001)(53546011)(6512007)(40140700001)(9686003)(6506007)(2906002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: lJtqcqSuqSrGCsKF7mG1QBALygSDA2/aXoYFAKSWjom43qq8MIvws3PdsFNA0deDyx3eVq+KpUWrBQHgOtQnkd+hDoZigbOOWyejcAPUd+PYc0/rbb1jkLmguuCFfOZfiNqWGmNo3ed2aY3kvTOPXaJS9ywzSVVEd6bttilNmjhspFR+ophyBsTz5hlppzyGybY439drslconw6eh9OYh+O/owqiyfX2VYQ9boaHDz1EcUC0Dhzg2pILoVjlHjUyhnOBxI9UMZPi8/8+0kCC78Ow+yMwVfLPPEwHwOsyJ0Kdfy2CJqUVXSqvGlx2AS2YlXnv6m8TR1NNgIHg5DU1VyFeVitFC5W/0JrQddhxwFHMnHQUay7ujMSExMEs/cblJVwaaie8FfeqjJXeAhK53YLqVzfSlKWV9ANB4qS9PYQ7ylGH88FfxYV7QdFGnNIBznSJOiTBZolTuOImNhfBvV//c8d+rjuDONZiaVhmFroVZBgBZrtBRurf4dIa0GNNfdOsSAyx3TpkDY8BirqYWrHP9nDTIzU7niHUE6liQ2MgAle9XQtvCR2oDN5rrpkxeweTgaNEruwpvoql0K76FRONWusYjH031Liw1cVGCRnjxjlqGBpHeD6B5sNZ6g9pqpYLJQHH/GpO4rfnSZ8fDIlr7QsPdn/B8+VgNYa2cdB85qbLsAxXSgLxFVZhpLP4MkSW4tf28PJ6wYSHoAX859WsipYOt0B7Mk3O1NpI7USEipNClk/njyccng9MFKdGiL4jMNXCtHLoOR9Zq+IHmOaafefrCzhdD3pcaB7JCE/IWgCfGeQQBxsqKB1255KAkighWXFX5YdpMOoLYAnl/uY/WyVOz6jnd/tZVjfyFcXcOwv41WAoWrPODz/FzKOzjCpFI5wZIwtE4trf7CLTcu1qjA22J3W+I6UzDJqEnpiawJXmjGamf5GlWQz0bNGrt051NzRpK3yObbpfEr2yPKUBLJZfYo1s+0Mv7Ceho/YFvQDXC/4ezbYsSBPs+65Mv1CODUXoOGQZ3qMb6FzGgDqMoz8LkcgKA7tkfCvpgfi6LNsW1ec0nAAdwxjgdMTPflaSLBzDFDgd/swexwItKetuNiUiotWhoF3+uNFnzHQ3qrxI0zHVAZxeQDUk48AHzqtoeBckV3fVV3J90UnGNnk/Ez1UOOapBtJyawvzA41aHGRQHCDfLjXAZsic6gTK7WzOVRFdaYtD4SToDKAHkPR+fe5D3lJaWL5QijGHUHVaXSGiZnKyaoCv7IhePMZqKNMUtSJwdQOt1cEgupLh1FwEXyNRHK5pyxnAsVAebY80B6kj8SwsH4AIfvLl7tCJDC89/jl64+webmBDnlKWy5YQMTtU1dyJqjMoJry19SIcKMlLLBTGZKNAUBjQpIK56t3tBHGyymYPUVxZhl9M9SDGiclTA4W5lysw4zFTvBBv7fRVpsCM+pfXTuFTQs0ytc+UnNWlk/9iFX4w+fK6eE3HQ7GGvEKvqWlY1lulZxjlU0wB7+SZ2KcGwRwwQJH8c9xw2hGpDsxpVVQEkkkS4/My0R3qyxqQkIcZkYxRtC9/Wfokg5NR26lWQp8LVepklcDgrYOcMuLPzGUetDu8XJGly5E5OlSxVCpbTFFnMppz7Tj2fxtQ+a5ImLdSe/A9PL1OfjWoM4AfQB1QG5DOgA==
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: a4686fd1-faea-46ec-1802-08d9bcb4bdcf
X-MS-Exchange-CrossTenant-AuthSource: AM0P190MB0641.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Dec 2021 14:44:31.5955 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: zabFhELe7Rp8DhmzKfemZcGFJ0mXeaD3J1ZJY5USS0fMwkecPscovtqA75XsE2YTZ6Q23MuN+RuabmtuVRnyUnRyDP2BnvM2YrK7tgkVdKQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8P190MB0978
Archived-At: <https://mailarchive.ietf.org/arch/msg/syslog/hjP6y1wF1-HMFXDG9P77OrLYHSc>
Subject: Re: [Syslog] Fwd: I-D Action: draft-ciphersuites-in-sec-syslog-00.txt
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/syslog/>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Dec 2021 14:44:41 -0000

And Tom, the reference is? It helps a lot to be concrete.

/js

On Sat, Dec 11, 2021 at 12:44:53PM +0000, tom petch wrote:
> 
> 
> ________________________________________
> From: Syslog <syslog-bounces@ietf.org> on behalf of Chris Lonvick <lonvick.ietf@gmail.com>
> Sent: 10 December 2021 23:27
> To: syslog@ietf.org; sean@sn3rd.com; Joe Salowey; Arijit Bose
> Subject: [Syslog] Fwd: I-D Action: draft-ciphersuites-in-sec-syslog-00.txt
> 
> Hi Folks,
> 
> As Tom and Jurgen noted, Arijit Kumar Bose did send some notes to the Syslog mailing list. By the time I had snapped to, the system had timed most of them out. I finally got that last one approved and forwarded to the mailing list.
> 
> Arijit (and the IEC WG15) rightly notes that the RFCs are using deprecated cipher suits and the DTLS RFC is using a deprecated version.
> 
> 
> <tp>
> 
> Chris et al
> 
> This is flawed.  The use of DTLS1.0 was noted by a security AD a long time ago and is now deprecated  and the syslog RFC have been updated accordingly so anyone saying that syslog uses a deprecated version is wrong; they need to understand the IETF process.
> 
> I tracked the work on the TLS list and even posted to that list the fact that the syslog RFC were missing.  I was ignored so I tried again at IETF Last Call and this time got them included (Ignoring me does not make me give up:-)
> 
> So your I-D needs to reflect the existing update.  Reinventing the wheel will likely cause confusion amongst subsequent ADs.
> 
> Tom Petch
> 
> Sean, Joe, and I worked out a -00 draft to address these issues. Like all -00 IDs, it's open to comments. :-) We know that there are some larger efforts underway to address TLS, DTLS and cipher suites. We're not going to try to do that here. Rather, we'd like to update RFCs 5425 and 6012 to get them compliant with current standards with a minimal impact to current implementations.
> 
> Sean is going to run this by the secdispatch group to see if they can make a recommendation on where this may be best addressed and discussed. I'm sure that we'll get some good input from the group here on the Syslog mail list, so please send in your comments and let's get these two RFCs updated to using current best practices.
> 
> Best regards and have a great weekend,
> Chris
> 
> 
> -------- Forwarded Message --------
> Subject:        I-D Action: draft-ciphersuites-in-sec-syslog-00.txt
> Date:   Fri, 10 Dec 2021 14:57:44 -0800
> From:   internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
> Reply-To:       internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
> To:     i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
> 
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> 
> 
> Title : Updates to the Cipher Suites in Secure Syslog
> Authors : Chris Lonvick
> Sean Turner
> Joe Salowey
> Filename : draft-ciphersuites-in-sec-syslog-00.txt
> Pages : 8
> Date : 2021-12-10
> 
> Abstract:
> This document updates the cipher suites in RFC 5425, Transport Layer
> Security (TLS) Transport Mapping for Syslog, and RFC 6012, Datagram
> Transport Layer Security (DTLS) Transport Mapping for Syslog. It
> also updates the transport protocol in RFC 6012.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ciphersuites-in-sec-syslog/
> 
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ciphersuites-in-sec-syslog-00.html
> 
> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> _______________________________________________
> Syslog mailing list
> Syslog@ietf.org
> https://www.ietf.org/mailman/listinfo/syslog

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email