RE: [Syslog] stream transport wasdraft-ietf-syslog-transport-tls-01.txt
"Anton Okmianski \(aokmians\)" <aokmians@cisco.com> Fri, 16 June 2006 15:24 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrGBj-00081s-Vs; Fri, 16 Jun 2006 11:24:47 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FrGBj-00081n-Cb for syslog@ietf.org; Fri, 16 Jun 2006 11:24:47 -0400
Received: from rtp-iport-2.cisco.com ([64.102.122.149]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FrGBi-0006sw-1X for syslog@ietf.org; Fri, 16 Jun 2006 11:24:47 -0400
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by rtp-iport-2.cisco.com with ESMTP; 16 Jun 2006 11:24:46 -0400
X-IronPort-AV: i="4.06,143,1149480000"; d="scan'208"; a="90222717:sNHT31019736"
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k5GFOjYL001518; Fri, 16 Jun 2006 11:24:45 -0400 (EDT)
Received: from xmb-rtp-20d.amer.cisco.com ([64.102.31.51]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 16 Jun 2006 11:24:45 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Syslog] stream transport wasdraft-ietf-syslog-transport-tls-01.txt
Date: Fri, 16 Jun 2006 11:24:44 -0400
Message-ID: <98AE08B66FAD1742BED6CB9522B7312201909803@xmb-rtp-20d.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] stream transport wasdraft-ietf-syslog-transport-tls-01.txt
Thread-Index: AcaRJsZmy9+SKaZhT9+KabUVEKsEewAMMLNw
From: "Anton Okmianski (aokmians)" <aokmians@cisco.com>
To: Tom Petch <nwnetworks@dial.pipex.com>, syslog@ietf.org
X-OriginalArrivalTime: 16 Jun 2006 15:24:45.0194 (UTC) FILETIME=[FF3C76A0:01C69158]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ff03b0075c3fc728d7d60a15b4ee1ad2
Cc:
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org
I was just talking to Rainer about similar concern. I think first of all we need a basic mapping to TCP or more generally define syslog payload (framing) format for connection-oriented protocols. This should cover sending multiple messages over the same connection, obviously. The same payload structure can be used over various TCP protocols (TLScTCP, SSHoTCP, etc) or even over straight TCP with IPSec. Connection establishment and tear-down issues should be left to the actual transport. If we don't introduce anything new in TLS or SSH, I am not sure why anything extra is needed to be specified. Maybe just to create a baseline of requirement (minim cipher suite, auth mode, etc), but even that is questionable. BTW, can IPSec be considered a viable security transport for syslog using UDP transport? I already mentioned how IPSec can address security issues in syslog-transport-udp-07. So, do we simply need to provide an overview of how it does it in that ID to pass the IESG criteria of secure syslog transport? Thanks, Anton. > -----Original Message----- > From: Tom Petch [mailto:nwnetworks@dial.pipex.com] > Sent: Friday, June 16, 2006 4:13 AM > To: syslog@ietf.org > Subject: Re: [Syslog] stream transport > wasdraft-ietf-syslog-transport-tls-01.txt > > I think that this document has some way to go. It has > introduced, and woven > together, both TLS and TCP transport, which I think wrong. > Ideally, I think > that we should have two separate documents, one dealing with > TLS, the other with > TCP issues; given that both would be short, it is probably > sensible to have only > the one, but I still see the need for separation within the > document. After > all, DTLS exists: an outsider could, should, think that > syslog is UDP-based, > DTLS provides UDP security so DTLS is the obvious choice, > what on earth is this > document talking about? We need a section on DTLS (if only > justifying why it is > not for further consideration). And, for me, that alone > justifies teasing out > the TLS issues from the TCP issues; is FRAME-LEN needed over DTLS?. > > That said, I do not think that this document adequately > covers the TCP issues, > ones that have surfaced on the list before. > > TLSoTCP can deliver one syslog message, many syslog messages, > part of a syslog > message or a combination thereof - it is in the nature of a > stream protocol. > This needs spelling out. > > A TCP connection takes time to set up, TLSoTCP longer. This > needs spelling out; > if timely delivery is a concern, then the connection should > be established in > advance. > > The section on TCP termination is too weak. If we are > recommending a timeout, > then we should recommend a value, even specifying that it > should be configurable > over a range. And if we cannot agree on such values, I do > not think we should > be specifying a timeout. > > TCP perforce introduces flow control. This will slow down > and rate limit > messages; what is the impact of this on the application? > > TCP failures can terminate the connection! Again, this has > an impact on the > application with the time taken to become aware that the > connection has failed. > > Tom Petch > > ----- Original Message ----- > From: "David B Harrington" <dbharrington@comcast.net> > To: <syslog@ietf.org> > Sent: Tuesday, May 09, 2006 4:26 PM > Subject: [Syslog] draft-ietf-syslog-transport-tls-01.txt > > > Hi, > > A new revision of the syslog/TLS draft is available. > http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01 > .txt > > We need reviewers. > Can we get > 1) a person to check the grammar? > 2) a person to check the syslog technical parts? > 3) a person to check compatibility with the other WG documents? > 4) a person to check the TLS technical parts? > > We also need general reviews of the document by multiple people. > > Thanks, > David Harrington > co-chair, Syslog WG > ietfdbh@comcast.net > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog > > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
- RE: [Syslog] stream transport wasdraft-ietf-syslo… Rainer Gerhards
- RE: [Syslog] stream transport wasdraft-ietf-syslo… Anton Okmianski (aokmians)
- RE: [Syslog] stream transportwasdraft-ietf-syslog… Rainer Gerhards