|
»
« Return to Thread: Re: New Version Notification fordraft-gerhards-syslog-plain-tcp-05 (fwd)
Re: New Version Notification fordraft-gerhards-syslog-plain
by David Harrington
::
Rate this Message:
Hi,
Many of the changes were made at my request.
I believe the document as written would not have made it through IESG
approval.
1) the IETF has defined a standard syslog; how to make your legacy
proprietary version work is not an IETF problem.
2) the syslog WG was created to develop a secure syslog solution with
secure transport and signing capability.
How to make your legacy proprietary version work over non-secure
transport is not an IETF problem.
3) Publishing this as a proposed standard seems to violate BCP 61.
syslog/tls already provides "strong security" over tcp, so syslog/tcp
is not needed to meet IETF goals. Under what
circumstances is it **desirable** to use this specification (with no
strong security available) in the Internet? Why not use the syslog/TLS
specification, with the security features administratively turned off
within secure environments?
You cannot justify implementing this by saying things like
"syslog/TLS is required and this is optional", and not explain WHY
this
additional non-bcp61-compliant specification is needed.
4) The aim of this IETF specification should be to document "how TCP
MAY be used as a
transport for standardized syslog", when the standard secure transport
may not apply.
(But I expect serious pushback from the IESG on this; see #3)
Because this might have to work with legacy deployments, we also
include as an appendix
"how to correlate the legacy and standard usages."
5) RFC3164 is just a survey, not a specification.
6) RFC2119 language needed to be cleaned up.
David Harrington
Director, IETF Transport Area
ietfdbh@... (preferred for ietf)
dbharrington@...
+1 603 828 1401 (cell)
> -----Original Message-----
> From: syslog-bounces@...
> [mailto:syslog-bounces@...] On Behalf Of t.petch
> Sent: Tuesday, November 02, 2010 1:02 AM
> To: Chris Lonvick; syslog@...
> Subject: Re: [Syslog] New Version Notification
> fordraft-gerhards-syslog-plain-tcp-05 (fwd)
>
> Chris
>
> I had not noticed before but this seems to have changed
> direction during the
> summer; Informational not Standards Track, and stressing
> byte-counting more,
> byte-stuffing less.
>
> I do find it less clear. I think that the Introduction needs
> more work in the
> light of the changes to the rest of the document. I read
> "This specification includes descriptions of both
> format options in an attempt to ensure that standardized syslog
> transport receivers can receive and properly interpret
> messages sent
> from legacy syslog senders."
> got to the end of the document and thought 'oh no it does
> not!' and then
> realised that this is now an Appendix whereas before it was
> in the main body.
> Of course, if you never knew it was in the body, you might
> not be as confused as
> I.
>
> But really, the emphasis on standardised and legacy syslog
> seems misplaced. The
> carriage over TCP is the same whether the carried is
> SYSLOG-3164 or SYSLOG-MSG
> so the distinction seems spurious. And SYSLOG-3164 does not
> appear in any RFC
> or I-D I can find.
>
> Rather, you have two forms of adaptation to carry a message,
> and what that
> message is is mostly academic.
>
> Separately, I think that more is needed on Security. It is
> easier to sabotage
> TCP than it is UDP; spurious FIN, RST etc.
>
> And I think more is needed on closing the session. The
> transport receiver
> detects a format error (well, the transport sender is not
> going to) sends FIN,
> gets FIN-ACK and .... the transport sender carries merrily
> on. I think that
> there should be a recommendation that the transport sender
> closes the connection
> and reopens it if it wants to.
>
> Tom Petch
> ----- Original Message -----
> From: "Chris Lonvick" <clonvick@...>
> To: <syslog@...>
> Sent: Friday, October 01, 2010 9:16 PM
> Subject: [Syslog] New Version Notification for
> draft-gerhards-syslog-plain-tcp-05 (fwd)
>
>
> > Hi Folks,
> >
> > While this is a non-WG item, there are some people interested.I've
> > updated the syslog/tcp draft and I'll invite reviews and comments.
> >
> > Thanks,
> > Chris
> >
> > ---------- Forwarded message ----------
> > Date: Thu, 30 Sep 2010 09:04:15 -0700 (PDT)
> > From: IETF I-D Submission Tool <idsubmission@...>
> > To: clonvick@...
> > Cc: rgerhards@...
> > Subject: New Version Notification for
> draft-gerhards-syslog-plain-tcp-05
> >
> >
> > A new version of I-D,
> draft-gerhards-syslog-plain-tcp-05.txt has been
> successfully submitted by Chris Lonvick and posted to the
> IETF repository.
> >
> > Filename: draft-gerhards-syslog-plain-tcp
> > Revision: 05
> > Title: Transmission of Syslog Messages over TCP
> > Creation_date: 2010-09-30
> > WG ID: Independent Submission
> > Number_of_pages: 14
> >
> > Abstract:
> > There have been many implementations and deployments of
> legacy syslog
> > over TCP for many years. That protocol has evolved without being
> > standardized and has proven to be quite interoperable in practice.
> >
> > The aim of this specification is to document three things: how to
> > transmit standardized syslog over TCP, how TCP has been used as a
> > transport for legacy syslog, and how to correlate these usages.
> >
> >
> >
> > The IETF Secretariat.
> >
> >
> > _______________________________________________
> > Syslog mailing list
> > Syslog@...
> > https://www.ietf.org/mailman/listinfo/syslog
>
> _______________________________________________
> Syslog mailing list
> Syslog@...
> https://www.ietf.org/mailman/listinfo/syslog
_______________________________________________
Syslog mailing list
Syslog@...
https://www.ietf.org/mailman/listinfo/syslog
Many of the changes were made at my request.
I believe the document as written would not have made it through IESG
approval.
1) the IETF has defined a standard syslog; how to make your legacy
proprietary version work is not an IETF problem.
2) the syslog WG was created to develop a secure syslog solution with
secure transport and signing capability.
How to make your legacy proprietary version work over non-secure
transport is not an IETF problem.
3) Publishing this as a proposed standard seems to violate BCP 61.
syslog/tls already provides "strong security" over tcp, so syslog/tcp
is not needed to meet IETF goals. Under what
circumstances is it **desirable** to use this specification (with no
strong security available) in the Internet? Why not use the syslog/TLS
specification, with the security features administratively turned off
within secure environments?
You cannot justify implementing this by saying things like
"syslog/TLS is required and this is optional", and not explain WHY
this
additional non-bcp61-compliant specification is needed.
4) The aim of this IETF specification should be to document "how TCP
MAY be used as a
transport for standardized syslog", when the standard secure transport
may not apply.
(But I expect serious pushback from the IESG on this; see #3)
Because this might have to work with legacy deployments, we also
include as an appendix
"how to correlate the legacy and standard usages."
5) RFC3164 is just a survey, not a specification.
6) RFC2119 language needed to be cleaned up.
David Harrington
Director, IETF Transport Area
ietfdbh@... (preferred for ietf)
dbharrington@...
+1 603 828 1401 (cell)
> -----Original Message-----
> From: syslog-bounces@...
> [mailto:syslog-bounces@...] On Behalf Of t.petch
> Sent: Tuesday, November 02, 2010 1:02 AM
> To: Chris Lonvick; syslog@...
> Subject: Re: [Syslog] New Version Notification
> fordraft-gerhards-syslog-plain-tcp-05 (fwd)
>
> Chris
>
> I had not noticed before but this seems to have changed
> direction during the
> summer; Informational not Standards Track, and stressing
> byte-counting more,
> byte-stuffing less.
>
> I do find it less clear. I think that the Introduction needs
> more work in the
> light of the changes to the rest of the document. I read
> "This specification includes descriptions of both
> format options in an attempt to ensure that standardized syslog
> transport receivers can receive and properly interpret
> messages sent
> from legacy syslog senders."
> got to the end of the document and thought 'oh no it does
> not!' and then
> realised that this is now an Appendix whereas before it was
> in the main body.
> Of course, if you never knew it was in the body, you might
> not be as confused as
> I.
>
> But really, the emphasis on standardised and legacy syslog
> seems misplaced. The
> carriage over TCP is the same whether the carried is
> SYSLOG-3164 or SYSLOG-MSG
> so the distinction seems spurious. And SYSLOG-3164 does not
> appear in any RFC
> or I-D I can find.
>
> Rather, you have two forms of adaptation to carry a message,
> and what that
> message is is mostly academic.
>
> Separately, I think that more is needed on Security. It is
> easier to sabotage
> TCP than it is UDP; spurious FIN, RST etc.
>
> And I think more is needed on closing the session. The
> transport receiver
> detects a format error (well, the transport sender is not
> going to) sends FIN,
> gets FIN-ACK and .... the transport sender carries merrily
> on. I think that
> there should be a recommendation that the transport sender
> closes the connection
> and reopens it if it wants to.
>
> Tom Petch
> ----- Original Message -----
> From: "Chris Lonvick" <clonvick@...>
> To: <syslog@...>
> Sent: Friday, October 01, 2010 9:16 PM
> Subject: [Syslog] New Version Notification for
> draft-gerhards-syslog-plain-tcp-05 (fwd)
>
>
> > Hi Folks,
> >
> > While this is a non-WG item, there are some people interested.
> > updated the syslog/tcp draft and I'll invite reviews and comments.
> >
> > Thanks,
> > Chris
> >
> > ---------- Forwarded message ----------
> > Date: Thu, 30 Sep 2010 09:04:15 -0700 (PDT)
> > From: IETF I-D Submission Tool <idsubmission@...>
> > To: clonvick@...
> > Cc: rgerhards@...
> > Subject: New Version Notification for
> draft-gerhards-syslog-plain-tcp-05
> >
> >
> > A new version of I-D,
> draft-gerhards-syslog-plain-tcp-05.txt has been
> successfully submitted by Chris Lonvick and posted to the
> IETF repository.
> >
> > Filename: draft-gerhards-syslog-plain-tcp
> > Revision: 05
> > Title: Transmission of Syslog Messages over TCP
> > Creation_date: 2010-09-30
> > WG ID: Independent Submission
> > Number_of_pages: 14
> >
> > Abstract:
> > There have been many implementations and deployments of
> legacy syslog
> > over TCP for many years. That protocol has evolved without being
> > standardized and has proven to be quite interoperable in practice.
> >
> > The aim of this specification is to document three things: how to
> > transmit standardized syslog over TCP, how TCP has been used as a
> > transport for legacy syslog, and how to correlate these usages.
> >
> >
> >
> > The IETF Secretariat.
> >
> >
> > _______________________________________________
> > Syslog mailing list
> > Syslog@...
> > https://www.ietf.org/mailman/listinfo/syslog
>
> _______________________________________________
> Syslog mailing list
> Syslog@...
> https://www.ietf.org/mailman/listinfo/syslog
_______________________________________________
Syslog mailing list
Syslog@...
https://www.ietf.org/mailman/listinfo/syslog
« Return to Thread: Re: New Version Notification fordraft-gerhards-syslog-plain-tcp-05 (fwd)
| Free embeddable forum powered by Nabble | Forum Help |
