> It's discussed in section 5.4 (Unreliable Delivery - in the Security Considerations section) in RFC 5426 and throughout Section 3.1 (Loss-Insensitive Messaging) in RFC 4347. I'm thinking that it would be good to note this in Section 4 (Using DTLS to Secure Syslog) in the draft.
> Overall, the community is comfortable with the loss of information as they've been using syslog/udp for many years and know the problems with that. RFC 5424 also notes that implementers who wish a lossless stream should be using tls/tcp as their transport. From that, it's probably best to reference RFC 5848 (referenced as draft-ietf-syslog-sign in the draft) which can also provide an indication of loss of messages. "
> ACTION: I'd like to get some discussion going on this. Do people think that this is good?
I think a note somewhere reminding people that DTLS is unreliable, and that syslog-sign protects both reliable and unreliable transports is reasonable, but I wouldn't spend more than a sentence on each.