Re: [Syslog] [Technical Errata Reported] RFC5424 (6927)

Chris Lonvick <lonvick.ietf@gmail.com> Sun, 10 April 2022 19:10 UTC

Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: syslog@ietfa.amsl.com
Delivered-To: syslog@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C85CD3A0EE9 for <syslog@ietfa.amsl.com>; Sun, 10 Apr 2022 12:10:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmIlJ5RVb68v for <syslog@ietfa.amsl.com>; Sun, 10 Apr 2022 12:10:40 -0700 (PDT)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E98BC3A0ED6 for <syslog@ietf.org>; Sun, 10 Apr 2022 12:10:39 -0700 (PDT)
Received: by mail-ot1-x32a.google.com with SMTP id 88-20020a9d0ee1000000b005d0ae4e126fso9919386otj.5 for <syslog@ietf.org>; Sun, 10 Apr 2022 12:10:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=klgzizMS8RK0q3YcxSnNqnrPiHP4/8ulTqQR7jcZtu8=; b=NvHuxuEakfJx4nFoTDHNkTJb5myvCa1MzmMlQa9H9zrdVeHbAXQR1a/jSgAhWCduSq IpXL6J3XyLOWpMfgFFFliL/4IcT8+l+NWvJJ7pfmln/La5Cj/7QQAoKFi7mCsEjV+0LF wQu+6fv3Ft+btECFJhGCSHGqectuhF1pKhRAm26qOYg3r8xSZFpwbPys9zq3mky2KWXG caTaNacvex3N+HncR1UBaByfESdqL9u8mY9SUJfZi06AUOvcLQroZWzfljtzL/H0nM94 wvbO9EUv4Dl36R1JeyQinLKMs2rv32/NlldAunFynpiSdbYa7pqRjtV8vZiA8hwNsAN+ WbbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=klgzizMS8RK0q3YcxSnNqnrPiHP4/8ulTqQR7jcZtu8=; b=JR2LYRLIA5Nk5SQ9XlcZljqY5TyDeOOujVaqp95H+Wqn/jSekftzCAXId59JtfIuNM VA5/GhaurImSBL3R6lcNKuXGkynxZ+a/0bnHHqyUAv3U9F1cSl43kxBP/i3TcI5khPPb M2IwO+dKIMTJJ86dDtq0UrUoIui+IeOMukO2hIvAWo6OmtIvqj6jrlBpDJcBmtNfQdUp wY3PqKlpsUT/A8d/YjEaKMYQdKKx3W0y6DgB9VVyKp3BhfYxgFeaCMD2Tw5XbaVa8vv6 2PDey+d9upFGTyZcuDhi4wIKhJXUytAMrPJCJffIADNqWZclykj6SMOOZXKrCUUIbznI nfKA==
X-Gm-Message-State: AOAM530hrzHR+25oL5n9MyMU+6KE61eTjmNRPXTrqs2xiz6scc5YRNFk xBcr35hnzyDoaQzyKDOy3kk=
X-Google-Smtp-Source: ABdhPJwfKt6RZrZGn+bGIYFCJzFk+Aw6t+YatAP5pydDHyTZa2HH5FgXYYqz/x3w6TtnUWpvlnmfbw==
X-Received: by 2002:a05:6830:33d0:b0:5cf:bb0a:6d4a with SMTP id q16-20020a05683033d000b005cfbb0a6d4amr9902279ott.28.1649617838710; Sun, 10 Apr 2022 12:10:38 -0700 (PDT)
Received: from ?IPV6:2600:1700:12b0:adf0:18e5:7f29:1bbd:2aa9? ([2600:1700:12b0:adf0:18e5:7f29:1bbd:2aa9]) by smtp.googlemail.com with ESMTPSA id v15-20020a0568301bcf00b005cb214bef81sm9300716ota.43.2022.04.10.12.10.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 10 Apr 2022 12:10:38 -0700 (PDT)
Message-ID: <610cdd1b-92e6-e8c4-5e3b-448adc78a660@gmail.com>
Date: Sun, 10 Apr 2022 14:10:37 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: RFC Errata System <rfc-editor@rfc-editor.org>, rgerhards@adiscon.com, rdd@cert.org, kaduk@mit.edu, ietfdbh@comcast.net, clonvick@cisco.com
Cc: Ulrich.Windl@rz.uni-regensburg.de, syslog@ietf.org
References: <20220407101253.6A43E6AAD0@rfcpa.amsl.com>
From: Chris Lonvick <lonvick.ietf@gmail.com>
In-Reply-To: <20220407101253.6A43E6AAD0@rfcpa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/syslog/jFC1nGiVF3TqV_ETuff2UY9P9rQ>
Subject: Re: [Syslog] [Technical Errata Reported] RFC5424 (6927)
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/syslog/>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Apr 2022 19:10:45 -0000

Hi Ulrich,

I suggest rejecting this errata.

First, changing PRINTASCII to %d32-126 would allow SP characters in 
HOSTNAME, APP-NAME, PROCID, and MSGID, which goes against conventions. 
That can be corrected in the aBNF, but it would then get messy to 
"except SP" from each of those.

Second, iirc it was discussed in the WG and we wanted to keep it there 
for emphasis. This is depicted several times in the examples. While this 
discussion occurred after the RFC was published, I believe it reflects 
the consensus of the WG while the document was an ID under discussion:

https://mailarchive.ietf.org/arch/msg/syslog/_CeLGoDEivIPfsH5on9SbUioU3Y/

Regards,

Chris

On 4/7/22 5:12 AM, RFC Errata System wrote:
> The following errata report has been submitted for RFC5424,
> "The Syslog Protocol".
>
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid6927
>
> --------------------------------------
> Type: Technical
> Reported by: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
>
> Section: 6
>
> Original Text
> -------------
> SD-NAME         = 1*32PRINTUSASCII
>                    ; except '=', SP, ']', %d34 (")
> ...
>
> PRINTUSASCII    = %d33-126
>
> Corrected Text
> --------------
> SD-NAME         = 1*32PRINTUSASCII
>                    ; except '=', SP, ']', %d34 (")
> ...
> PRINTUSASCII    = %d32-126
>
> Notes
> -----
> When excluding SP %d32 from PRINTUSASCII, then it does not make sense to state "except ..SP .."
> There are more issues with the grammar:
> SD_NAME forbids ']', but it should also forbid '['
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC5424 (draft-ietf-syslog-protocol-23)
> --------------------------------------
> Title               : The Syslog Protocol
> Publication Date    : March 2009
> Author(s)           : R. Gerhards
> Category            : PROPOSED STANDARD
> Source              : Security Issues in Network Event Logging
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG
>
> _______________________________________________
> Syslog mailing list
> Syslog@ietf.org
> https://www.ietf.org/mailman/listinfo/syslog