IETF Logo Mail Archive

Re: [Uta] Fwd: I-D Action: draft-ietf-uta-ciphersuites-in-sec-syslog-02.txt

"Salz, Rich" <rsalz@akamai.com> Thu, 15 September 2022 00:15 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AACDC14F692 for <uta@ietfa.amsl.com>; Wed, 14 Sep 2022 17:15:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.573
X-Spam-Level:
X-Spam-Status: No, score=-2.573 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NcRzMA4CJySr for <uta@ietfa.amsl.com>; Wed, 14 Sep 2022 17:15:43 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34CD2C14CF01 for <Uta@ietf.org>; Wed, 14 Sep 2022 17:15:42 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.17.1.5/8.17.1.5) with ESMTP id 28EKxHr1005641; Thu, 15 Sep 2022 01:15:41 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=ULO67TXS92dNs+YmKO+/3+hUGffz9oniwqLxCWB+ivs=; b=hgRVrwAJ9n55CK2WwJUsX9ipQ6Qi37qto/BTdFTEj04e32Q4oRj+U0ET4No3VIvw9kn8 CbsDYex+LLTroWjwAsPlXdT8NYkpgTaeF76aTxNwMypWEQGWr5xo7bJmMf930ib3drex 4/oU7r0OmSxwZ1YaoZHVH45g3jBZpEPbgYMarh0YBKHEuy2YbzBfv2EmFjoaOu+l7JSI PzxWGsjgxpMJbFH95AEC6A8WtxkhvCm87QT3+Rl1PIj+q8WX0b8m3Qgys6AK5TfQGhkh 1AWHxMz5nPQAXy3irF+1FiGEVQcLD7zXWpM3IP3cqgiri8wrJQxWQ5h5x3RA2RXI2F8d YQ==
Received: from prod-mail-ppoint3 (a72-247-45-31.deploy.static.akamaitechnologies.com [72.247.45.31] (may be forged)) by m0050096.ppops.net-00190b01. (PPS) with ESMTPS id 3jjyn3rdb5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 15 Sep 2022 01:15:41 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.17.1.5/8.17.1.5) with ESMTP id 28ENlfbp010075; Wed, 14 Sep 2022 20:15:40 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.206]) by prod-mail-ppoint3.akamai.com (PPS) with ESMTPS id 3jjy17g678-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Sep 2022 20:15:40 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.12; Wed, 14 Sep 2022 17:15:39 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1118.012; Wed, 14 Sep 2022 17:15:39 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: Chris Lonvick <lonvick.ietf@gmail.com>, "Uta@ietf.org" <Uta@ietf.org>
Thread-Topic: [Uta] Fwd: I-D Action: draft-ietf-uta-ciphersuites-in-sec-syslog-02.txt
Thread-Index: AQHYxi1gZEHaFCggrUOar12ncptS0q3f1nyA
Date: Thu, 15 Sep 2022 00:15:39 +0000
Message-ID: <0E5D350F-EBE5-4E73-89A5-F3D41EAFB01D@akamai.com>
References: <166293342857.40256.2618625423416419090@ietfa.amsl.com> <CADPQ2UHxmEQAedRhpjM2G8WnRYHJKjS0TkL4LyBcitwn9Xp07Q@mail.gmail.com>
In-Reply-To: <CADPQ2UHxmEQAedRhpjM2G8WnRYHJKjS0TkL4LyBcitwn9Xp07Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.64.22081401
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_0E5D350FEBE54E7389A5F3D41EAFB01Dakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-14_11,2022-09-14_04,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxscore=0 mlxlogscore=999 phishscore=0 bulkscore=0 spamscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2208220000 definitions=main-2209140116
X-Proofpoint-GUID: qIC0v-7mLCz_yGJutkTwExPqO5LVut-K
X-Proofpoint-ORIG-GUID: qIC0v-7mLCz_yGJutkTwExPqO5LVut-K
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-14_11,2022-09-14_04,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 bulkscore=0 adultscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 phishscore=0 spamscore=0 impostorscore=0 clxscore=1011 mlxscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2208220000 definitions=main-2209140117
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/LlJ1Pv_7ZC3ziRPOApCE9f2W7N4>
Subject: Re: [Uta] Fwd: I-D Action: draft-ietf-uta-ciphersuites-in-sec-syslog-02.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2022 00:15:47 -0000

In my view, TLS 1.0 and 1.1 should be MUST NOT. Ideally: 1.3 is MUST and 1.2 is MUST NOT, but I will not be upset if 1.3 is SHOULD and 1.2 is MAY. From what I have seen, the industry is not ready to make 1.2 a DO NOT USE.

Hope this helps.


From: Chris Lonvick <lonvick.ietf@gmail.com>
Date: Sunday, September 11, 2022 at 6:25 PM
To: "uta@ietf.org" <Uta@ietf.org>
Subject: [Uta] Fwd: I-D Action: draft-ietf-uta-ciphersuites-in-sec-syslog-02.txt

Hi,

We've submitted an update to this ID for review by the Working Group.

Thanks to our reviewers and their suggestions. We've incorporated most of their recommended changes.

We would like to ask the WG for consensus regarding the use of TLS 1.2 and 1.3. Obviously, using 1.3 would be optimal. As a counterpoint, there are a lot of old-n-slow syslog devices out there that might not be up to running that, or might not be timely updated to run 1.3. Can we get some comments from the reviewers on this?

Thanks,
Chris

---------- Forwarded message ---------
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Sun, Sep 11, 2022 at 5:57 PM
Subject: [Uta] I-D Action: draft-ietf-uta-ciphersuites-in-sec-syslog-02.txt
To: <i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>>
Cc: <uta@ietf.org<mailto:uta@ietf.org>>



A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Using TLS in Applications WG of the IETF.

        Title           : Updates to the Cipher Suites in Secure Syslog
        Authors         : Chris Lonvick
                          Sean Turner
                          Joe Salowey
  Filename        : draft-ietf-uta-ciphersuites-in-sec-syslog-02.txt
  Pages           : 8
  Date            : 2022-09-11

Abstract:
   The Syslog Working Group published two specifications, namely RFC
   5425 and RFC 6012, for securing the Syslog protocol using TLS and
   DTLS, respectively.

   This document updates the cipher suites in RFC 5425, Transport Layer
   Security (TLS) Transport Mapping for Syslog, and RFC 6012, Datagram
   Transport Layer Security (DTLS) Transport Mapping for Syslog.  It
   also updates the transport protocol in RFC 6012.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-uta-ciphersuites-in-sec-syslog/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-uta-ciphersuites-in-sec-syslog/__;!!GjvTz_vk!Tc2yw5XoO7kPCXXXc3UF_xj6jsbLMd8absl-vkWq2ggnrs2dm69MgC2sgKF7_FOU2h-9Pj77ewzXPVs9foU$>

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-uta-ciphersuites-in-sec-syslog-02.html<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ietf-uta-ciphersuites-in-sec-syslog-02.html__;!!GjvTz_vk!Tc2yw5XoO7kPCXXXc3UF_xj6jsbLMd8absl-vkWq2ggnrs2dm69MgC2sgKF7_FOU2h-9Pj77ewzXT8_3pJI$>

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-ciphersuites-in-sec-syslog-02<https://urldefense.com/v3/__https:/www.ietf.org/rfcdiff?url2=draft-ietf-uta-ciphersuites-in-sec-syslog-02__;!!GjvTz_vk!Tc2yw5XoO7kPCXXXc3UF_xj6jsbLMd8absl-vkWq2ggnrs2dm69MgC2sgKF7_FOU2h-9Pj77ewzX8RURZFY$>


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
Uta mailing list
Uta@ietf.org<mailto:Uta@ietf.org>
https://www.ietf.org/mailman/listinfo/uta<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/uta__;!!GjvTz_vk!Tc2yw5XoO7kPCXXXc3UF_xj6jsbLMd8absl-vkWq2ggnrs2dm69MgC2sgKF7_FOU2h-9Pj77ewzXTlXvEBA$>

v2.23.0 | Report a Bug | By Email