RE: [Syslog] Syslog-sign & -protocol

"Rainer Gerhards" <rgerhards@hq.adiscon.com> Tue, 15 August 2006 04:52 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GCquM-00085i-GU; Tue, 15 Aug 2006 00:52:06 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GCquK-000855-CJ for syslog@ietf.org; Tue, 15 Aug 2006 00:52:04 -0400
Received: from mail.hq.adiscon.com ([84.245.151.34]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GCquI-0001rN-Si for syslog@ietf.org; Tue, 15 Aug 2006 00:52:04 -0400
Received: from localhost (localhost [127.0.0.1]) by mail.hq.adiscon.com (Postfix) with ESMTP id 3387B9C00C; Tue, 15 Aug 2006 06:53:25 +0200 (CEST)
Received: from mail.hq.adiscon.com ([127.0.0.1]) by localhost (mail.grf.adiscon.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17361-04; Tue, 15 Aug 2006 06:53:21 +0200 (CEST)
Received: from grfint2.intern.adiscon.com (grfint2 [172.19.0.6]) by mail.hq.adiscon.com (Postfix) with ESMTP id BFED09C00B; Tue, 15 Aug 2006 06:53:21 +0200 (CEST)
Subject: RE: [Syslog] Syslog-sign & -protocol
Date: Tue, 15 Aug 2006 06:51:55 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Message-ID: <577465F99B41C842AAFBE9ED71E70ABA174DF5@grfint2.intern.adiscon.com>
Content-class: urn:content-classes:message
In-Reply-To: <Pine.GSO.4.63.0608140720340.16946@sjc-cde-003.cisco.com>
X-MimeOLE: Produced By Microsoft Exchange V6.5
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] Syslog-sign & -protocol
Thread-Index: Aca/roV6TkTD2QabTj61TB3npoH+gQAd6opQ
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: Chris Lonvick <clonvick@cisco.com>
X-Virus-Scanned: by amavisd-new-2.3.3 (20050822) (Debian) at adiscon.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4
Cc: syslog@ietf.org
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

Chris,

Sorry, I obviously had a previous copy cached... I've just downloaded a
fresh one and started re-reading it. As you say, it already is adapted
to syslog-protocol.

Let me raise one point without being completely through with it: -sign
now supports RFC 3164, 3195 and -protocol format. I see value in that
approach (works for each and everything). On the other hand, it may
introduce additional complexity, even on the operator side
(configuration). Given the fact that -sign code needs to be written from
scratch, wouldn't it make sense to limit it to just -protocol format?

Rainer 

> -----Original Message-----
> From: Chris Lonvick [mailto:clonvick@cisco.com] 
> Sent: Monday, August 14, 2006 8:33 AM
> To: Rainer Gerhards
> Cc: syslog@ietf.org
> Subject: Re: [Syslog] Syslog-sign & -protocol
> 
> Hi All,
> 
> On Sun, 13 Aug 2006, Rainer Gerhards wrote:
> 
> > Hi,
> >
> > A general comment: syslog-sign is still based on rfc 3164 
> and has ist own format definitions. It needs to be edited to 
> utilize the new work in syslog-protocol. It should now use 
> structured data for ist signature blocks.
> 
> Alex has moved much of it to be conformant with 
> syslog-protocol.  The work 
> that needs to be addressed (as I see it :)
> 
> For the Signature Block, should the payload of signatures be 
> part of the 
> "ssign" SD-ID, or should it be the payload (behind the BOM)?  
> Right now, 
> it is part of the SD-ID.
> 
> Similarly, about the "ssign-cert" and it's payload.  I think 
> it likely 
> that the Payload Block can be placed within a single 
> Certificate Block 
> based upon our discussions of the max length.
> 
> The document needs to define how to use "@enterpriseID" in some cases.
> 
> Section 8.2 - the length is no longer limited to 1024B.
> 
> Section 9 - "Cookie Fields" are no longer used.
> 
> The IANA section also needs to specify which SD-IDs and 
> SD-Params should 
> be registered.
> 
> Should other SD-IDs be included with "ssign" and "ssign-cert" 
> SD-IDs?  (I 
> think so as that's how we include information about time 
> accuracy, etc.)
> 
> Thanks,
> Chris
> 

_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog