Re: [Syslog] byte-counting vs special character

"tom.petch" <cfinss@dial.pipex.com> Fri, 18 August 2006 17:39 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GE8JE-0006eI-51; Fri, 18 Aug 2006 13:39:04 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GE8JC-0006e8-KG for syslog@ietf.org; Fri, 18 Aug 2006 13:39:02 -0400
Received: from blaster.systems.pipex.net ([62.241.163.7]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GE8JB-0002VK-BP for syslog@ietf.org; Fri, 18 Aug 2006 13:39:02 -0400
Received: from pc6 (1Cust156.tnt107.lnd4.gbr.da.uu.net [213.116.62.156]) by blaster.systems.pipex.net (Postfix) with SMTP id E2CD2E0000D2; Fri, 18 Aug 2006 18:38:48 +0100 (BST)
Message-ID: <000201c6c2e4$0d6e43e0$0601a8c0@pc6>
From: "tom.petch" <cfinss@dial.pipex.com>
To: "Anton Okmianski (aokmians)" <aokmians@cisco.com>
References: <98AE08B66FAD1742BED6CB9522B7312201C971AC@xmb-rtp-20d.amer.cisco.com>
Subject: Re: [Syslog] byte-counting vs special character
Date: Thu, 17 Aug 2006 12:53:25 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: syslog@ietf.org
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "tom.petch" <cfinss@dial.pipex.com>
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org

<inline tp>
----- Original Message -----
From: "Anton Okmianski (aokmians)" <aokmians@cisco.com>
To: "David Harrington" <ietfdbh@comcast.net>; "Rainer Gerhards"
<rgerhards@hq.adiscon.com>
Cc: <syslog@ietf.org>
Sent: Tuesday, August 15, 2006 8:04 PM
Subject: RE: [Syslog] byte-counting vs special character


I second these concerns.  Escaping requirements result in a more
interdependent layering, which is a weaker architecture (not to mention
the overhead to a new standard). The syslog transport would need to mess
with payload instead of treating it as opaque blob with easily known
length. Not nice. Imagine TCP/IP escaping all payload to separate
datagrams and segments.

Escaping of magic characters is IMHO clearly a hack and should not be
put into a standard!

<tp>
Well, I think you just wrote off most of the IETF STANDARDs that deal with
character-based protocols (like the e-mail we are using to communicate(?)).

A set of characters, of symbols, in a 'message' is encoded, given a number, be
it 6 or 8 or 16 or whatever number of bits.  If that bit pattern conflicts with
the 'control' aspects of a protocol, then that bit pattern must be
'transfer-encoded' so that it does not appear per se on the wire.  That is what
base64 or quoted-printable do for e-mail.

So we are talking of using a well-understood, widely deployed piece of protocol
architecture to solve a common problem.

</tp>
<snip/>


_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog