[Uta] draft-ietf-uta-ciphersuites-in-sec-syslog-01

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 01 August 2022 14:49 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B907C14F73E for <uta@ietfa.amsl.com>; Mon, 1 Aug 2022 07:49:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=XmofCgoS; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=XmofCgoS
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jrFIbysaDz5W for <uta@ietfa.amsl.com>; Mon, 1 Aug 2022 07:49:30 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50072.outbound.protection.outlook.com [40.107.5.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 080F9C14F73D for <uta@ietf.org>; Mon, 1 Aug 2022 07:49:29 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=FNovwi5t2DFaHT7APukXtVzPveTXaW/rUGnWmo/UFTxA4KOfCey6uVKX47EZGHziysEDVVlZsfQsb0WwFTSbGxMH4FpQAkwowdgZOOe6Xz/jMJ3/R2ee4N187sEa7k9GaHSyemFWOkcOv6SG43UZqrRb30zp3YcvxKrtPj5Ys4YVAwHUb+WJjTOjRm/S/4Cg4W7Ok16bxOrkArwmzlo4OM6GpCfH1pAsP9EMmNSiQCi2A5aRWxcFeMobuu/Z7wvTBwRZp2On4wFvE+tdl1ekG9zwgU2VZ5riNKhV9QSQzuBt68wgbpeSk3YjDOv5nJ1N0AseSeOAK/e4ndbDjscrTQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Pro8/z74q0hJlfEuRb0XwTggX3q+/RRktI+7kO6CqFc=; b=R1TnYAXLQWlj1PobjnpHb6jbL3TWzBt4n3Nj+eLPMEmhHBdRsnXBS2cedn2zfml4VLBmU3J1ENrTst6X2+TU86eKFyUdKSW0lqJ45s9+o7LdPfLN+Ult8kc++f/uNY+HJx8JrvR3LAWPXORZuNV0a9t0yVy6LIK6bvWYVb55sy3cUg7PeEML9By/BEhR/DQUf45iWu1SVLB8uJWsmhm0/s0TRz7dk0yM4oPb0X0v4cHvcI7ZlwYViRp1LwvmO4y6nHCmnEnlFiBejUP87EdYWWeBRai5955uf+e3eP3fgp08vkyXvD/RvECv/tOkdoyRzHMWGo0pcq9F4vJTVg8FiA==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=ietf.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pro8/z74q0hJlfEuRb0XwTggX3q+/RRktI+7kO6CqFc=; b=XmofCgoSXtSFj6JpCzM4OdDmpKuA5gC+F3TKUl2jHJo1OLMhhkyn/m1Mu1O4Feen/4+zw09EOr0JK86e5i1g1f7E9TE6pn1R1MkP91G6PF8MiB3DemrzBQLa70xxuztEatvSuE4DWJkAeaHhTlL0fhvhDSRb3cTJXEXgTfBmGhU=
Received: from AS9P250CA0011.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:532::17) by AS8PR08MB8249.eurprd08.prod.outlook.com (2603:10a6:20b:53f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.10; Mon, 1 Aug 2022 14:49:24 +0000
Received: from VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:532:cafe::77) by AS9P250CA0011.outlook.office365.com (2603:10a6:20b:532::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.16 via Frontend Transport; Mon, 1 Aug 2022 14:49:24 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT048.mail.protection.outlook.com (10.152.19.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.12 via Frontend Transport; Mon, 1 Aug 2022 14:49:24 +0000
Received: ("Tessian outbound 2af316122c7a:v123"); Mon, 01 Aug 2022 14:49:15 +0000
X-CR-MTA-TID: 64aa7808
Received: from df51da90d9f6.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id FB02946C-AAB7-4AF5-8336-55AF74EA7A70.1; Mon, 01 Aug 2022 14:49:10 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id df51da90d9f6.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 01 Aug 2022 14:49:10 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eo2CQiR9wmJRU/8twD2miCN/FQoA0rtvgsEKunTMVz0ENxkOqAwbOTKBlDWb7kcykSzmdicToh5mHMGpJ0wK5oy5YJ/8B86eXBLJvMh9jYnV6HLzpfVbIVTuYJPe4uzl5heKzkK9EAwwd/xJfvdBDdbtj6XBkdPYdaY+orGIfTR/2YF4Z81d02lKvVqMeEEqLJVNZvZZaZT1237jly6LuHICHDpnv1xO6qbJnNNVRckOT6R/L6FkmqJl4a5Q/4B9jbL+qXUdUCBeLrsM3M1IXxmdoURuWlewdIBesozwAO6C4Ai8/qmofwQHIBDimB5H7gVKBKUd5N/PNgBOKWNHlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Pro8/z74q0hJlfEuRb0XwTggX3q+/RRktI+7kO6CqFc=; b=gErXVUBdHBKnUnczxaLAFLdrN1oKI+ZyjZNDDp2OLKFP/KjtDqfSIW04aAjgGcjxQgT2ucPWwqtTiBkDYCXxNSEQA+Rxal1b0vGIY0HOSbrojUvFGOhOSG6Fbw0jEgvXc1dt+1eLYkPZ9Dq1KcUIsLlpH/Sb699F0JwTOz197ICQ56oApFsrJ34fhPDEy5q8T66AaLZzeIHm7fjDafkE5UsLo2L+gtTsrNhWOAVjoCGl9fY3jFQtXTundTTxbix+ja4G0+460qi2e5b+scF8O8eh/ZxvnjpBiZhdUM4Jpsg1n4YBqIUzw8886K1riJQMs2m9ISyYn3iZFUdsUv5iYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pro8/z74q0hJlfEuRb0XwTggX3q+/RRktI+7kO6CqFc=; b=XmofCgoSXtSFj6JpCzM4OdDmpKuA5gC+F3TKUl2jHJo1OLMhhkyn/m1Mu1O4Feen/4+zw09EOr0JK86e5i1g1f7E9TE6pn1R1MkP91G6PF8MiB3DemrzBQLa70xxuztEatvSuE4DWJkAeaHhTlL0fhvhDSRb3cTJXEXgTfBmGhU=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by HE1PR08MB2940.eurprd08.prod.outlook.com (2603:10a6:7:30::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.10; Mon, 1 Aug 2022 14:49:08 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::909a:4d68:f893:7b70]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::909a:4d68:f893:7b70%7]) with mapi id 15.20.5482.016; Mon, 1 Aug 2022 14:49:08 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "uta@ietf.org" <uta@ietf.org>
Thread-Topic: draft-ietf-uta-ciphersuites-in-sec-syslog-01
Thread-Index: AdiltbAk3fkSDXY4RhS1KSd4u78XGw==
Date: Mon, 01 Aug 2022 14:49:08 +0000
Message-ID: <DBBPR08MB5915463E3500B30224F41EF8FA9A9@DBBPR08MB5915.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: F5C716AF3C1DE54CBD2E4FF31223AAE4.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: e098cd05-daf2-46ee-ec4e-08da73cd069e
x-ms-traffictypediagnostic: HE1PR08MB2940:EE_|VE1EUR03FT048:EE_|AS8PR08MB8249:EE_
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: j5bu6rv3O7YKDGb1RX/t8BsyDIkaisDqyt1VA83kt87kb+YqnHJ22FgEgTlUYhopD4N94fg3msgjeba1TQNjRWnIvmnIAkGRblrD29FAckQyETOoy7elNh0KNSeOHhYoWov2zkHe4xM2v1/JDwcyWEc1GPyXRZoPQoVD9H0N6M3SSy7R7F8R5/ekqvE8jxl27TwIGQMh/pKRTR7NG5uS+hzWkm7JRfsUuZ3uMH2u5lbe2jhfhzq5/Q4PgNeoposWEd3mXpoAaJGuh37XkgSIU7QsmUyWQn87ulJHKWIB1KMqNpsRW556oKhS7pC9vNxArIYzv+sinI3bfc7t4+ocrtc/d766kU37EnUPoN7eVbnpzRbtAXoEk2SIu7LbFYIDYj+KvNpPhU+fB9AFw2yFOBlWy/6kxvqpiQUrU3IDv6wsZwDCiL4VIBHjzAF0uX8sskrtu2av3E6gjl1yE9iV7Dasmz8sttguArhWbMoMqejk+yQDlI6mXl+pMyXsgjMolcsunawISjw8xk2yu+/IS7pbobeNrrFYdwz946gHkN0ZXT58Ry7LhssGBeHb5+aJTCm9eh1QAUYBw78bWOZntaXnS6TWSEZGoQYkyEBhUsCdOIK8G8pp0c9ULKNxFqVuPczSLgl7ENR9EhymsdIyqUEDtOiEpOsZk/cj0B5JGm6PTRKzs/t53DpkIxhCkPGmo6ofvVCnXXXt1p/mSLWOOv7pYOYK0wMEBNpEbaPiUkN6p4WQ9b/wTqPtkbQ3WAkhPPgidX3BV085iTYT9hQ9paMhMYzkQ2s2VCl61sP/uz+LEUis8qja/NGXtrr1uWjG
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(396003)(136003)(366004)(39860400002)(346002)(376002)(186003)(83380400001)(6916009)(6506007)(7696005)(2906002)(41300700001)(9686003)(86362001)(33656002)(122000001)(55016003)(38070700005)(66946007)(8936002)(5660300002)(52536014)(66476007)(478600001)(316002)(38100700002)(66556008)(66446008)(71200400001)(76116006)(64756008)(8676002); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_DBBPR08MB5915463E3500B30224F41EF8FA9A9DBBPR08MB5915eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR08MB2940
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 66cff6c2-2fca-4763-bc12-08da73ccfd1c
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: OpbKdppZ6PQXlM6j2UPMRLK62DkXra5u1RdGDTtGlP09u/f2FSCanv1BN7MkoAtY7xduO/vGsJciQ9/Y+L6sN6D09l8hIK4SmINsK6IK3ur1774k2O2O7XxmIKFCwHTCWmmSxNZwL8/hbNdAfYK2kkeebua8SJ1+C1LCnpz+ZcJ7vg968f4mXebN/wUeaubNd3FNqWXxikBwgNt3I0xTiWzx8yOw/k+HHXJWoguE6AXbf0qssC3zY5Flp9SyuqKj3WE68wO4a7KWTck1RU0OyrHEYRJNEwi0dX11aez1by/mLpMpaN1i0hTUTIKp+xmj6eYvZpR+0EgvlJxLcXbCNf2eG7B17cEjTaajDT81uqRfohjdD/5PJdnYr91/G0/MmuH24fgjINldahths8LzHjuF6NiSr/G7n+LMS7Axr9ogJIrU8b4G9qNa7os9hVWHGComx0tG8cxQVxUl40BO7A1yfrgMiveWRObEVCKYsjbea+dwotyvpYwF1e33vuBCFVoI+NDOmG+tJcOhgzlvakgKg1cNf0MqRalJxxAh0qF/y4MeKxnV24bacS0nG1yByCv+8ndNUj+uObvXYskiY4mp9b7WK1ImWb4BfrnAsSL4gwAsTAAFXAG8XOOj/3Jdniw7eniJo2qTq6Ii7pQ7E6ZUPbVb1HuFf+n16l6/Iisp0F9IY6r37aI65p7JSuEkYojjQexZgw6EX+Xy6d1TX061Fm7+ASQyxJqZRt4m1qYl/ZeFNalufV4R45aiOMDzuIFLmq6GjsGD7M0xVvcBeXI9X/XlgiJEd2IF8JU8JDHQIEPU3yRwa+qnHWFl3X89
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230016)(4636009)(136003)(346002)(39860400002)(396003)(376002)(36840700001)(40470700004)(46966006)(70586007)(8676002)(70206006)(316002)(8936002)(6916009)(36860700001)(86362001)(82740400003)(33656002)(356005)(81166007)(47076005)(9686003)(26005)(6506007)(7696005)(41300700001)(478600001)(55016003)(40460700003)(82310400005)(83380400001)(40480700001)(336012)(186003)(52536014)(2906002)(5660300002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Aug 2022 14:49:24.1003 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e098cd05-daf2-46ee-ec4e-08da73cd069e
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB8249
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/DHAzw0InHLUs8sMUUyH04jfVPvg>
Subject: [Uta] draft-ietf-uta-ciphersuites-in-sec-syslog-01
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2022 14:49:32 -0000

During the IETF UTA session I volunteered to review draft-ietf-uta-ciphersuites-in-sec-syslog-01.

Here are my notes:

------------

Abstract

It might be good to say something about syslog in the first paragraph and then in a second paragraph talk about the updates in the draft.

For example,

"
   The Syslog Working Group published two specifications, namely RFC 5425
   and RFC 6012, for securing the Syslog protocol using TLS and DTLS,
   respectively.

   This document updates the cipher suites in RFC 5425, Transport Layer
   Security (TLS) Transport Mapping for Syslog, and RFC 6012, Datagram
   Transport Layer Security (DTLS) Transport Mapping for Syslog.  It
   also updates the transport protocol in RFC 6012.
"

Introduction

   The Syslog Working Group produced Transport Layer Security (TLS)
   Transport Mapping for Syslog [RFC5425] and Datagram Transport Layer
   Security (DTLS) Transport Mapping for Syslog [RFC6012].

This sentence sounds a bit broken.

I would write:

"
   The Syslog Working Group published RFC 5425, Transport Layer Security (TLS)
   Transport Mapping for Syslog, and RFC 6012, Datagram Transport Layer
   Security (DTLS) Transport Mapping for Syslog.
"

   Both [RFC5425] and [RFC6012] MUST support certificates as defined in
   [RFC5280].

Here I would write:

   Both specifications, [RFC5425] and [RFC6012], require the use of
   RSA-based certificates and the use of out-of-date TLS/DTLS versions.

Please update the reference to [I-D.ietf-tls-dtls13] with RFC 9147. IMHO DTLS 1.3 cannot be an informative reference.

Please update [I-D.salowey-tls-rfc8447bis] to draft-ietf-tls-rfc8447bis-01.

Please update [I-D.saviram-tls-deprecate-obsolete-kex] to draft-ietf-tls-deprecate-obsolete-kex

Why are you not recommending the use of TLS 1.3 instead of TLS 1.2?
Likewise, you are recommending DTLS 1.2 when the most recent version is DTLS 1.3

You have a note in Section 5 about "EDITOR's NOTE: Need to address 0-RTT considerations." while the subsequent section talks about 0-RTT. I would suggest to delete the note.

I don't understand the author's notes. Is the idea to incorporate the marked text? If so, I don't think it is a good idea because the text cannot be understood unless a reader also reads or knows the IEC 62351-3 specification. Is there some actionable advice that could be re-used from that specification?

------------

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.