RE: [Syslog] stream transport wasdraft-ietf-syslog-transport-tls-01.txt

"Rainer Gerhards" <rgerhards@hq.adiscon.com> Fri, 16 June 2006 09:28 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrAci-0007Zh-Tx; Fri, 16 Jun 2006 05:28:16 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrAch-0007Zc-N9 for syslog@ietf.org; Fri, 16 Jun 2006 05:28:15 -0400
Received: from hetzner.adiscon.com ([85.10.201.79]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FrAcg-0006tw-87 for syslog@ietf.org; Fri, 16 Jun 2006 05:28:15 -0400
Received: from localhost (localhost [127.0.0.1]) by hetzner.adiscon.com (Postfix) with ESMTP id AFF9527C065; Fri, 16 Jun 2006 11:25:00 +0200 (CEST)
Received: from hetzner.adiscon.com ([127.0.0.1]) by localhost (hetzner [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01904-07; Fri, 16 Jun 2006 11:25:00 +0200 (CEST)
Received: from fmint2.intern.adiscon.com (pd95b68d5.dip0.t-ipconnect.de [217.91.104.213]) by hetzner.adiscon.com (Postfix) with ESMTP id 6240F27C061; Fri, 16 Jun 2006 11:25:00 +0200 (CEST)
Received: from grfint2.intern.adiscon.com ([172.19.0.6]) by fmint2.intern.adiscon.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 16 Jun 2006 11:28:06 +0200
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Syslog] stream transport wasdraft-ietf-syslog-transport-tls-01.txt
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Fri, 16 Jun 2006 11:28:06 +0200
Message-ID: <577465F99B41C842AAFBE9ED71E70ABA17491A@grfint2.intern.adiscon.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] stream transport wasdraft-ietf-syslog-transport-tls-01.txt
thread-index: AcaRJs1uX145nDUdSsmUw45RzaxolAAADcCQ
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: Tom Petch <nwnetworks@dial.pipex.com>, syslog@ietf.org
X-OriginalArrivalTime: 16 Jun 2006 09:28:06.0893 (UTC) FILETIME=[2CDAD9D0:01C69127]
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at adiscon.com
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 057ebe9b96adec30a7efb2aeda4c26a4
Cc:
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

I agree with Tom that a TCP document would be useful and probably
needed. Before someone from Huawei comes along and tries to patent this,
too, I volunteer to write this document...

Rainer 

> -----Original Message-----
> From: Tom Petch [mailto:nwnetworks@dial.pipex.com] 
> Sent: Friday, June 16, 2006 10:13 AM
> To: syslog@ietf.org
> Subject: Re: [Syslog] stream transport 
> wasdraft-ietf-syslog-transport-tls-01.txt
> 
> I think that this document has some way to go.  It has 
> introduced, and woven
> together, both TLS and TCP transport, which I think wrong.  
> Ideally, I think
> that we should have two separate documents, one dealing with 
> TLS, the other with
> TCP issues; given that both would be short, it is probably 
> sensible to have only
> the one, but I still see the need for separation within the 
> document.  After
> all, DTLS exists: an outsider could, should, think that 
> syslog is UDP-based,
> DTLS provides UDP security so DTLS is the obvious choice, 
> what on earth is this
> document talking about?  We need a section on DTLS (if only 
> justifying why it is
> not for further consideration).  And, for me, that alone 
> justifies teasing out
> the TLS issues from the TCP issues; is FRAME-LEN needed over DTLS?.
> 
> That said, I do not think that this document adequately 
> covers the TCP issues,
> ones that have surfaced on the list before.
> 
> TLSoTCP can deliver one syslog message, many syslog messages, 
> part of a syslog
> message or a combination thereof - it is in the nature of a 
> stream protocol.
> This needs spelling out.
> 
> A TCP connection takes time to set up, TLSoTCP longer.  This 
> needs spelling out;
> if timely delivery is a concern, then the connection should 
> be established in
> advance.
> 
> The section on TCP termination is too weak.  If we are 
> recommending a timeout,
> then we should recommend a value, even specifying that it 
> should be configurable
> over a range.  And if we cannot agree on such values, I do 
> not think we should
> be specifying a timeout.
> 
> TCP perforce introduces flow control.  This will slow down 
> and rate limit
> messages; what is the impact of this on the application?
> 
> TCP failures can terminate the connection!  Again, this has 
> an impact on the
> application with the time taken to become aware that the 
> connection has failed.
> 
> Tom Petch
> 
> ----- Original Message -----
> From: "David B Harrington" <dbharrington@comcast.net>
> To: <syslog@ietf.org>
> Sent: Tuesday, May 09, 2006 4:26 PM
> Subject: [Syslog] draft-ietf-syslog-transport-tls-01.txt
> 
> 
> Hi,
> 
> A new revision of the syslog/TLS draft is available.
> http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01
> .txt
> 
> We need reviewers.
> Can we get
> 1) a person to check the grammar?
> 2) a person to check the syslog technical parts?
> 3) a person to check compatibility with the other WG documents?
> 4) a person to check the TLS technical parts?
> 
> We also need general reviews of the document by multiple people.
> 
> Thanks,
> David Harrington
> co-chair, Syslog WG
> ietfdbh@comcast.net
> _______________________________________________
> Syslog mailing list
> Syslog@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/syslog
> 
> 
> _______________________________________________
> Syslog mailing list
> Syslog@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/syslog
> 

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog