RE: [Syslog] Legitimate \n or byte-counting

"David Harrington" <ietfdbh@comcast.net> Fri, 18 August 2006 22:22 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GECjM-0005OD-6V; Fri, 18 Aug 2006 18:22:20 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GECjK-0005O6-QS for syslog@ietf.org; Fri, 18 Aug 2006 18:22:18 -0400
Received: from alnrmhc13.comcast.net ([206.18.177.53] helo=alnrmhc11.comcast.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GECjI-0001V2-HI for syslog@ietf.org; Fri, 18 Aug 2006 18:22:18 -0400
Received: from harrington73653 (c-24-61-222-235.hsd1.nh.comcast.net[24.61.222.235]) by comcast.net (alnrmhc13) with SMTP id <20060818222205b13002iemve>; Fri, 18 Aug 2006 22:22:15 +0000
From: David Harrington <ietfdbh@comcast.net>
To: 'Carson Gaspar' <carson@taltos.org>, syslog@ietf.org
Subject: RE: [Syslog] Legitimate \n or byte-counting
Date: Fri, 18 Aug 2006 18:20:26 -0400
Message-ID: <0d6801c6c314$87fe73c0$0400a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-Reply-To: <18208CB19EAB34CE8960181B@[192.168.1.2]>
Thread-Index: AcbDA3Ho3Rz5w1zURQSVnlxYZzITPwAA2AKg
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
Cc:
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

Hi,

[speaking as co-chair]

I believe it is inaccurate to say there has been a WG decision to
maximize backwards compatibility.

The charter says
"The goal of this working group is to address the security and
integrity
problems, and to standardize the syslog protocol, transport, and a 
select set of mechanisms in a manner that considers the ease of 
migration between and the co-existence of existing versions and the 
standard."

There is a big difference between "maximizing for backwards
compatibility" and "considering the ease of migration between and the
co-existence of existing versions and the standard." 

This difference was discussed during the charter discussions. We need
to balance backwards compatibility with improved interoperability and
good technical design.

We need to focus on **forward** compatibility - defining a standard
that implementors can move forward toward so there is increased
commonality, vendor neutrality, and interoperability.
 
If we keep trying for backwards compatibility to a wide range of
incompatible implementations, then we might as well go home now.

David Harrington
dharrington@huawei.com 
dbharrington@comcast.net
ietfdbh@comcast.net
co-chair, Syslog WG 

 

> -----Original Message-----
> From: Carson Gaspar [mailto:carson@taltos.org] 
> Sent: Friday, August 18, 2006 4:19 PM
> To: syslog@ietf.org
> Subject: Re: [Syslog] Legitimate \n or byte-counting
> 
> --On Friday, August 18, 2006 7:35 AM -0700 Chris Lonvick 
> <clonvick@cisco.com> wrote:
> 
> > If we use LF-escaping in syslog messages, what's going to 
> happen if a
> > legitimate "\n" is sent by a sender?  An example would be:
> >
> >     <PRI>... BOM The offending characters are \n
> >
> > Will a receiver convert that into LF?  If that's the case 
> then we should
> > not be using LF-escaping.
> 
> I raised the same issue. The answer is the receiver will examine the

> protocol version and will not un-escape unless the sender is 
> a new-style 
> sender. I'm still not convinced that the installed base of TCP
syslog 
> deployments is large enough to care about, but, given the decision
to 
> maximize backwards comparability, this is "good enough" to make 
> implementation possible.
> 
> -- 
> Carson
> 
> _______________________________________________
> Syslog mailing list
> Syslog@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/syslog
> 


_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog