From syslog-bounces@lists.ietf.org Mon May 08 02:36:37 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FczLD-0002fV-6h; Mon, 08 May 2006 02:35:35 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FczF3-00029Q-6v for syslog@ietf.org; Mon, 08 May 2006 02:29:13 -0400 Received: from szxga01-in.huawei.com ([61.144.161.53] helo=huawei.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fcz8V-0006xT-RC for syslog@ietf.org; Mon, 08 May 2006 02:22:29 -0400 Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IYX000Z2OAVPP@szxga01-in.huawei.com> for syslog@ietf.org; Mon, 08 May 2006 14:20:56 +0800 (CST) Received: from huawei.com ([172.24.1.6]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IYX00IL2OA2GF@szxga01-in.huawei.com> for syslog@ietf.org; Mon, 08 May 2006 14:20:55 +0800 (CST) Received: from m19684 ([10.110.115.159]) by szxml02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0IYX005PMOXIMV@szxml02-in.huawei.com>; Mon, 08 May 2006 14:34:34 +0800 (CST) Date: Mon, 08 May 2006 14:20:00 +0800 From: Miao Fuyou Subject: RE: [Syslog] Summary of the syslog/tls issues resolving In-reply-to: <1146402896.8357.10.camel@bzorp.balabit> To: 'Balazs Scheidler' Message-id: <039a01c67267$6ff939c0$9f736e0a@china.huawei.com> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Office Outlook 11 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Thread-index: AcZsWBdFbYa4Ej7eTvKRUKDvX/7+sgF/aafA X-Spam-Score: 0.0 (/) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 Cc: 'David B Harrington' , syslog@ietf.org X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Yes, we need. But, it may not harm. The scenario may look like this: Client already has the locally stored hostname/url of a Syslog server(A). It sends a resolution request to DNS server, then get an IP from DNS server. When the response is falsified by an attacker, the IP address is fake, in fact the IP address is for Syslog server B. After client starts to talk to server B using the fake IP address, it gets B's certificate. There is hostname in the certificate. Client finds the hostname (B) in the certificate and locally stored hostname (A) are not consistent, then it disconnect the TLS connection. This is correct Syslog/TLS behavior we expected. One may argue that server B may send a certificate with Server A's hostname in its CN/SubjectAltName. In such case, there must be something wrong at CA when issuing certificate or private key for the certificate is compromised. It's CA or Certificate owner's job to make it correct. Syslog/TLS can do nothing in this case. > -----Original Message----- > From: Balazs Scheidler [mailto:bazsi@balabit.hu] > Sent: Sunday, April 30, 2006 9:15 PM > To: Miao Fuyou > Cc: 'David B Harrington'; syslog@ietf.org > Subject: RE: [Syslog] Summary of the syslog/tls issues resolving > > On Sun, 2006-04-30 at 17:30 +0800, Miao Fuyou wrote: > > Another problem of using DNS is: name resolution itself is > not secure > > if DNSSEC is not used (true im most cases). Dependency on DNS may > > introduce new security vulnerable to Syslog/TLS. > > > > Client should use knowledge a priori to check server's certificate, > > such as URL, if it is available. > > Yes, you need forward DNS resolution in this case too. (e.g. > hostname in URL -> IP address) > > -- > Bazsi > > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Mon May 08 18:50:43 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FdEYI-0006d5-SY; Mon, 08 May 2006 18:50:06 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FdEYE-0006bv-9A; Mon, 08 May 2006 18:50:02 -0400 Received: from oak.neustar.com ([209.173.53.70]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FdEYD-00061P-Ob; Mon, 08 May 2006 18:50:02 -0400 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by oak.neustar.com (8.12.8/8.12.8) with ESMTP id k48Mo1et010197 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 8 May 2006 22:50:01 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FdEYD-0006a0-G9; Mon, 08 May 2006 18:50:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Message-Id: Date: Mon, 08 May 2006 18:50:01 -0400 X-Spam-Score: 0.3 (/) X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1 Cc: syslog@ietf.org Subject: [Syslog] I-D ACTION:draft-ietf-syslog-transport-tls-01.txt X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : TLS Transport Mapping for SYSLOG Author(s) : F. Miao, M. Yuzhi Filename : draft-ietf-syslog-transport-tls-01.txt Pages : 11 Date : 2006-5-8 This document describes the security threats to Syslog and counter measures of using Transport Layer Security(TLS) protocol for such threats. Different phases are defined for using TLS to secure Syslog, such as initiation, sending data and closure phases. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-syslog-transport-tls-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-syslog-transport-tls-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-5-8151508.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-syslog-transport-tls-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-syslog-transport-tls-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-5-8151508.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog --NextPart-- From syslog-bounces@lists.ietf.org Tue May 09 10:27:55 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FdTBA-0001yE-H8; Tue, 09 May 2006 10:27:12 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FdTB9-0001xk-Ge for syslog@ietf.org; Tue, 09 May 2006 10:27:11 -0400 Received: from rwcrmhc13.comcast.net ([204.127.192.83]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FdTB7-0003LZ-80 for syslog@ietf.org; Tue, 09 May 2006 10:27:11 -0400 Received: from harrington73653 (c-24-128-66-70.hsd1.nh.comcast.net[24.128.66.70]) by comcast.net (rwcrmhc13) with SMTP id <20060509142707m1300paljee>; Tue, 9 May 2006 14:27:08 +0000 From: "David B Harrington" To: Date: Tue, 9 May 2006 10:26:24 -0400 Message-ID: <019001c67374$8d1a27e0$0400a8c0@china.huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Importance: Normal X-Spam-Score: 0.0 (/) X-Scan-Signature: 79899194edc4f33a41f49410777972f8 Cc: Subject: [Syslog] draft-ietf-syslog-transport-tls-01.txt X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi, A new revision of the syslog/TLS draft is available. http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-01 .txt We need reviewers. Can we get=20 1) a person to check the grammar? 2) a person to check the syslog technical parts? 3) a person to check compatibility with the other WG documents? 4) a person to check the TLS technical parts? We also need general reviews of the document by multiple people. Thanks, David Harrington co-chair, Syslog WG=20 ietfdbh@comcast.net _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Tue May 09 12:39:14 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FdVEN-0001ls-47; Tue, 09 May 2006 12:38:39 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FdVEM-0001hi-2J for syslog@ietf.org; Tue, 09 May 2006 12:38:38 -0400 Received: from hetzner.adiscon.com ([85.10.201.79]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FdVEK-0001xs-Ph for syslog@ietf.org; Tue, 09 May 2006 12:38:38 -0400 Received: from localhost (localhost [127.0.0.1]) by hetzner.adiscon.com (Postfix) with ESMTP id 0091727C066; Tue, 9 May 2006 18:37:22 +0200 (CEST) Received: from hetzner.adiscon.com ([127.0.0.1]) by localhost (hetzner [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17897-09; Tue, 9 May 2006 18:37:21 +0200 (CEST) Received: from fmint2.intern.adiscon.com (pd95b68d5.dip0.t-ipconnect.de [217.91.104.213]) by hetzner.adiscon.com (Postfix) with ESMTP id C16FE27C061; Tue, 9 May 2006 18:37:21 +0200 (CEST) Received: from grfint2.intern.adiscon.com ([172.19.0.6]) by fmint2.intern.adiscon.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 9 May 2006 18:38:29 +0200 Content-class: urn:content-classes:message Subject: RE: [Syslog] draft-ietf-syslog-transport-tls-01.txt MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Tue, 9 May 2006 18:38:18 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Message-ID: <577465F99B41C842AAFBE9ED71E70ABA1746A0@grfint2.intern.adiscon.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Syslog] draft-ietf-syslog-transport-tls-01.txt Thread-Index: AcZzdPe0nmqYPChbTI+yvH8L9Y8ZEAAEdYlA From: "Rainer Gerhards" To: "David B Harrington" , X-OriginalArrivalTime: 09 May 2006 16:38:30.0180 (UTC) FILETIME=[01093E40:01C67387] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at adiscon.com X-Spam-Score: 0.1 (/) X-Scan-Signature: d6b246023072368de71562c0ab503126 Cc: X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi David, I volunteer to =20 > 1) a person to check the grammar? > 2) a person to check the syslog technical parts? > 3) a person to check compatibility with the other WG documents? >=20 > We also need general reviews of the document by multiple people. >=20 I can not do > 4) a person to check the TLS technical parts? because I am not knowledgable enough about TLS. I am not sure if I can start this week, but I think I can finish a review until around end of next week. Rainer _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Mon May 15 20:51:38 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ffnm5-0000OQ-62; Mon, 15 May 2006 20:50:57 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ffnm4-0000OL-Em for syslog@ietf.org; Mon, 15 May 2006 20:50:56 -0400 Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Ffnm2-0006IF-3n for syslog@ietf.org; Mon, 15 May 2006 20:50:56 -0400 Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-1.cisco.com with ESMTP; 15 May 2006 17:50:53 -0700 Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id k4G0or0k007492 for ; Mon, 15 May 2006 17:50:53 -0700 Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k4G0omBD017099 for ; Mon, 15 May 2006 17:50:53 -0700 (PDT) Received: from xmb-sjc-236.amer.cisco.com ([128.107.191.121]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 15 May 2006 17:50:46 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 15 May 2006 17:50:45 -0700 Message-ID: <85B2F271FDF6B949B3672BA5A7BB62FB01B4176D@xmb-sjc-236.amer.cisco.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Syslog sign Thread-Index: AcZ4gsPd/pz96ozqTlitWBS6FlwUsQ== From: "Alexander Clemm \(alex\)" To: X-OriginalArrivalTime: 16 May 2006 00:50:46.0714 (UTC) FILETIME=[C4A929A0:01C67882] DKIM-Signature: a=rsa-sha1; q=dns; l=483; t=1147740653; x=1148604653; c=relaxed/simple; s=sjdkim3001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=alex@cisco.com; z=From:=22Alexander=20Clemm=20\(alex\)=22=20 |Subject:Syslog=20sign; X=v=3Dcisco.com=3B=20h=3DOBxFK7/IF8AoEXIOXOobq9IUFVw=3D; b=ZV2gcOJzJ48bOLFdua3EmtKUtpjSTFxYvXu12myTFWUmCJs2hDp/Y5LXCVV8j8ytVyhin0gd 7Tkye5q4wD9ly5JnY3o0L1POMHiH9ChSSU4HMRP50YdDfm+tpP9u8p9y; Authentication-Results: sj-dkim-3.cisco.com; header.From=alex@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Spam-Score: 0.0 (/) X-Scan-Signature: 68c8cc8a64a9d0402e43b8eee9fc4199 Cc: Subject: [Syslog] Syslog sign X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hello, I am planning to update the draft of syslog sign shortly - by the end of next week (http://www.ietf.org/internet-drafts/draft-ietf-syslog-sign-17.txt). Please kindly provide comments for any items you would like to see incorporated before I do so. Among comments received so far, references to base-64 will be replaced with base64 and a reference to it, striking of reference 23 which is a duplicate to reference 22. =20 Thank you & best regards --- Alex Clemm _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Wed May 17 17:11:12 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FgTI2-0003rp-L3; Wed, 17 May 2006 17:10:42 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FgTI1-0003rk-I0 for syslog@ietf.org; Wed, 17 May 2006 17:10:41 -0400 Received: from rwcrmhc14.comcast.net ([216.148.227.154]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FgTI0-0002R4-AA for syslog@ietf.org; Wed, 17 May 2006 17:10:41 -0400 Received: from harrington73653 (c-24-128-66-70.hsd1.nh.comcast.net[24.128.66.70]) by comcast.net (rwcrmhc14) with SMTP id <20060517211039m1400kelqce>; Wed, 17 May 2006 21:10:39 +0000 From: "David B Harrington" To: Date: Wed, 17 May 2006 17:09:46 -0400 Message-ID: <072001c679f6$3a0ffd80$0400a8c0@china.huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Importance: Normal X-Spam-Score: 0.0 (/) X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab Cc: Subject: [Syslog] Tls-01 X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi, The definition of sender in syslog-tls-01 differs from that in syslog-protocol. In -protocol, the "sender" is the message generator. In -tls, the sender is the message sender, whether that entity generated the message or not, and "originator" is the generator of the message. The distinction is important for discussing transport isues common to both senders and relays. Can the WG please take a look at the differences in terminology, so we can settle on terms that can be used consistently in all our documents? Thanks, David Harrington dharrington@huawei.com=20 dbharrington@comcast.net ietfdbh@comcast.net co-chair, Syslog WG=20 _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Fri May 19 00:14:51 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FgwNa-00054V-7E; Fri, 19 May 2006 00:14:22 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FgwNY-00054Q-Pl for syslog@ietf.org; Fri, 19 May 2006 00:14:20 -0400 Received: from szxga02-in.huawei.com ([61.144.161.54] helo=huawei.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FgwNY-0007rq-38 for syslog@ietf.org; Fri, 19 May 2006 00:14:20 -0400 Received: from huawei.com (szxga02-in [172.24.2.6]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IZH00JE3WFHUD@szxga02-in.huawei.com> for syslog@ietf.org; Fri, 19 May 2006 12:28:30 +0800 (CST) Received: from huawei.com ([172.24.1.3]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IZH003EHWFHCS@szxga02-in.huawei.com> for syslog@ietf.org; Fri, 19 May 2006 12:28:29 +0800 (CST) Received: from m19684 ([10.110.115.159]) by szxml01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0IZH006OWWL9GQ@szxml01-in.huawei.com>; Fri, 19 May 2006 12:32:00 +0800 (CST) Date: Fri, 19 May 2006 12:13:23 +0800 From: Miao Fuyou Subject: RE: [Syslog] Syslog sign In-reply-to: <85B2F271FDF6B949B3672BA5A7BB62FB01B4176D@xmb-sjc-236.amer.cisco.com> To: "'Alexander Clemm (alex)'" Message-id: <007f01c67afa$91f0ae00$9f736e0a@china.huawei.com> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Office Outlook 11 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Thread-index: AcZ4gsPd/pz96ozqTlitWBS6FlwUsQCdpDQg X-Spam-Score: 0.0 (/) X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17 Cc: syslog@ietf.org X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org In current security consideration of Syslog/TLS document, there are a paragraph about the relationship between Syslog/TLS and Syslog-sign. The problem is that Syslog/TLS may come first before Syslog-sign(this is open for debate). So I am considering whether we shall drop it from Syslog/TLS. If it is dropped I believe the same issue may be addressed in Syslog-sign. > -----Original Message----- > From: Alexander Clemm (alex) [mailto:alex@cisco.com] > Sent: Tuesday, May 16, 2006 8:51 AM > To: syslog@ietf.org > Subject: [Syslog] Syslog sign > > Hello, > > I am planning to update the draft of syslog sign shortly - by > the end of next week > (http://www.ietf.org/internet-drafts/draft-ietf-syslog-sign-17.txt). > Please kindly provide comments for any items you would like > to see incorporated before I do so. Among comments received > so far, references to base-64 will be replaced with base64 > and a reference to it, striking of reference 23 which is a > duplicate to reference 22. > > Thank you & best regards > --- Alex Clemm > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Fri May 19 16:05:29 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FhBDO-00024q-O4; Fri, 19 May 2006 16:04:50 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FhBDN-00024O-ON for syslog@ietf.org; Fri, 19 May 2006 16:04:49 -0400 Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FhBDL-0001Jn-D9 for syslog@ietf.org; Fri, 19 May 2006 16:04:49 -0400 Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-3.cisco.com with ESMTP; 19 May 2006 13:04:48 -0700 X-IronPort-AV: i="4.05,147,1146466800"; d="scan'208"; a="427953466:sNHT28065036" Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id k4JK4k0N010088; Fri, 19 May 2006 13:04:46 -0700 Received: from sjc-cde-003.cisco.com (sjc-cde-003.cisco.com [171.71.162.27]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k4JK4kBA017979; Fri, 19 May 2006 13:04:46 -0700 (PDT) Date: Fri, 19 May 2006 13:04:46 -0700 (PDT) From: Chris Lonvick To: Miao Fuyou Subject: RE: [Syslog] Syslog sign In-Reply-To: <007f01c67afa$91f0ae00$9f736e0a@china.huawei.com> Message-ID: References: <007f01c67afa$91f0ae00$9f736e0a@china.huawei.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed DKIM-Signature: a=rsa-sha1; q=dns; l=1697; t=1148069086; x=1148933086; c=relaxed/simple; s=sjdkim3001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=clonvick@cisco.com; z=From:Chris=20Lonvick=20 |Subject:RE=3A=20[Syslog]=20Syslog=20sign; X=v=3Dcisco.com=3B=20h=3DOoHahKoKJ6qYZ5G4qqO1K+KvZvA=3D; b=fQKYRGN6tqNpPohOS9Dv83c3IQxZx9kFjcihS66Yya3ab30cGVDq9ZE2EHzufHoK9tZesF8P LH+G24dJT+ScOWCO+AVepNw04AFRrOwZ6hmeGzhFm3gHfAg4tGYEEmHq; Authentication-Results: sj-dkim-3.cisco.com; header.From=clonvick@cisco.com; dkim=pass ( sig from cisco.com verified; ); X-Spam-Score: 0.0 (/) X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca Cc: syslog@ietf.org X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi Miao, We will submit syslog-transport-tls before syslog-sign is submitted to the IESG. Please take references of syslog-sign out of syslog-transport-udp so that it is not held up in the RFC Editors queue. Thanks, Chris On Fri, 19 May 2006, Miao Fuyou wrote: > > In current security consideration of Syslog/TLS document, there are a > paragraph about the relationship between Syslog/TLS and Syslog-sign. The > problem is that Syslog/TLS may come first before Syslog-sign(this is open > for debate). So I am considering whether we shall drop it from Syslog/TLS. > If it is dropped I believe the same issue may be addressed in Syslog-sign. > > >> -----Original Message----- >> From: Alexander Clemm (alex) [mailto:alex@cisco.com] >> Sent: Tuesday, May 16, 2006 8:51 AM >> To: syslog@ietf.org >> Subject: [Syslog] Syslog sign >> >> Hello, >> >> I am planning to update the draft of syslog sign shortly - by >> the end of next week >> (http://www.ietf.org/internet-drafts/draft-ietf-syslog-sign-17.txt). >> Please kindly provide comments for any items you would like >> to see incorporated before I do so. Among comments received >> so far, references to base-64 will be replaced with base64 >> and a reference to it, striking of reference 23 which is a >> duplicate to reference 22. >> >> Thank you & best regards >> --- Alex Clemm >> >> _______________________________________________ >> Syslog mailing list >> Syslog@lists.ietf.org >> https://www1.ietf.org/mailman/listinfo/syslog >> > > > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Sat May 20 04:17:51 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FhMdv-0003jp-5Z; Sat, 20 May 2006 04:16:59 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FhMdu-0003ex-0l for syslog@ietf.org; Sat, 20 May 2006 04:16:58 -0400 Received: from szxga01-in.huawei.com ([61.144.161.53] helo=huawei.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FhMds-0007wG-1Q for syslog@ietf.org; Sat, 20 May 2006 04:16:57 -0400 Received: from huawei.com (szxga01-in [172.24.2.3]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IZK0056V1P3YO@szxga01-in.huawei.com> for syslog@ietf.org; Sat, 20 May 2006 16:17:27 +0800 (CST) Received: from huawei.com ([172.24.1.6]) by szxga01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0IZK00NIX1P30M@szxga01-in.huawei.com> for syslog@ietf.org; Sat, 20 May 2006 16:17:27 +0800 (CST) Received: from m19684 ([10.110.115.159]) by szxml02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id <0IZK0036O2C5WQ@szxml02-in.huawei.com>; Sat, 20 May 2006 16:31:20 +0800 (CST) Date: Sat, 20 May 2006 16:16:26 +0800 From: Miao Fuyou Subject: RE: [Syslog] Syslog sign In-reply-to: To: 'Chris Lonvick' Message-id: <000001c67be5$b1163e30$9f736e0a@china.huawei.com> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Office Outlook 11 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Thread-index: AcZ7f33n7mMx1Hb3T/yseRedV1A2xwAZhPAg X-Spam-Score: 0.0 (/) X-Scan-Signature: fb6060cb60c0cea16e3f7219e40a0a81 Cc: syslog@ietf.org X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Sure, I will delete the reference to syslog-sign from Syslog/TLS. > -----Original Message----- > From: Chris Lonvick [mailto:clonvick@cisco.com] > Sent: Saturday, May 20, 2006 4:05 AM > To: Miao Fuyou > Cc: 'Alexander Clemm (alex)'; syslog@ietf.org > Subject: RE: [Syslog] Syslog sign > > Hi Miao, > > We will submit syslog-transport-tls before syslog-sign is > submitted to the IESG. Please take references of syslog-sign > out of syslog-transport-udp so that it is not held up in the > RFC Editors queue. > > Thanks, > Chris > > On Fri, 19 May 2006, Miao Fuyou wrote: > > > > > In current security consideration of Syslog/TLS document, > there are a > > paragraph about the relationship between Syslog/TLS and > Syslog-sign. > > The problem is that Syslog/TLS may come first before > Syslog-sign(this > > is open for debate). So I am considering whether we shall > drop it from Syslog/TLS. > > If it is dropped I believe the same issue may be addressed > in Syslog-sign. > > > > > >> -----Original Message----- > >> From: Alexander Clemm (alex) [mailto:alex@cisco.com] > >> Sent: Tuesday, May 16, 2006 8:51 AM > >> To: syslog@ietf.org > >> Subject: [Syslog] Syslog sign > >> > >> Hello, > >> > >> I am planning to update the draft of syslog sign shortly - > by the end > >> of next week > >> > (http://www.ietf.org/internet-drafts/draft-ietf-syslog-sign-17.txt). > >> Please kindly provide comments for any items you would like to see > >> incorporated before I do so. Among comments received so far, > >> references to base-64 will be replaced with base64 and a > reference to > >> it, striking of reference 23 which is a duplicate to reference 22. > >> > >> Thank you & best regards > >> --- Alex Clemm > >> > >> _______________________________________________ > >> Syslog mailing list > >> Syslog@lists.ietf.org > >> https://www1.ietf.org/mailman/listinfo/syslog > >> > > > > > > > > _______________________________________________ > > Syslog mailing list > > Syslog@lists.ietf.org > > https://www1.ietf.org/mailman/listinfo/syslog > > > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Fri May 26 13:42:39 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FjgKB-00064r-DA; Fri, 26 May 2006 13:42:11 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FjgK9-00064m-K3 for syslog@ietf.org; Fri, 26 May 2006 13:42:09 -0400 Received: from rwcrmhc14.comcast.net ([204.127.192.84]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FjgK5-0006mQ-3z for syslog@ietf.org; Fri, 26 May 2006 13:42:09 -0400 Received: from harrington73653 (c-24-128-66-70.hsd1.nh.comcast.net[24.128.66.70]) by comcast.net (rwcrmhc14) with SMTP id <20060526174201m1400ko2jue>; Fri, 26 May 2006 17:42:02 +0000 From: "David Harrington" To: "'Alexander Clemm \(alex\)'" Date: Fri, 26 May 2006 13:41:09 -0400 Message-ID: <0c7901c680eb$931f74e0$0400a8c0@china.huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: <85B2F271FDF6B949B3672BA5A7BB62FB01C0A5C8@xmb-sjc-236.amer.cisco.com> Importance: Normal X-Spam-Score: 0.0 (/) X-Scan-Signature: a743e34ab8eb08259de9a7307caed594 Cc: syslog@ietf.org Subject: [Syslog] RE: draft-ietf-syslog-sign-18.txt X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi, I did a quick review. 1) There needs to be a note in the document to the RFC Editor, asking the editor to replace the rfc xxxx with the actual RFC number before publication, similar to "NOTE to RFC editor: replace XXXX with actual RFC number for this document and remove this note " It is easiest for the rfc editor if you: a) identify each usage that needs the change, or b) use a consistent notation (you use rfc xxx in the Abstract and rfc xxxx [24] elsewhere.I recommend changing the abstract usage to match. Since every usage that need the change, except the abstract, has a corresponding citation, I suggest putting the note directly under the reference to the I-D, and identifying the search phrase to use.=20 -- 2) you need to separate the references into Normative versus Informational -- 3) I recommend using the "experimental" xml2rfc web service at http://xml.resource.org/experimental.html which does some extra formatting to satisfy specific style requirements of the rfc-editor. -- 4) I recommend running your XML through Bill Fenner's xml-validator at http://rtg.ietf.org/~fenner/ietf/xml2rfc-valid/. I think you have some invalid XML, even though xml2rfc accepts it. At line 246 and 325 and 469 and 521 and 765 and 805 and 833 and 840 and 897, you have a list element not contained within a text element. -- 5) you need to run the text through the id-nits tool at http://tools.ietf.org/tools/idnits/idnits.pyht. Here are the results I got: (dbh: note that the tool complains about the RFC2119 citation; this is a known problem - RFC2119 has a typo in the whitespace; if you cut and paste the text from the warning, that might fix it.) idnits 1.99=20 tmp/draft-ietf-syslog-sign-18.txt: tmp/draft-ietf-syslog-sign-18.txt(439): Line is too long: the offending characters are 'h' tmp/draft-ietf-syslog-sign-18.txt(440): Line is too long: the offending characters are 'y)' tmp/draft-ietf-syslog-sign-18.txt(443): Line is too long: the offending characters are 'y)' Checking nits according to http://www.ietf.org/ID-Checklist.html: * The document seems to lack separate sections for Informative/Normative References. =20 Checking conformance with RFC 3978/3979 boilerplate... the boilerplate looks good. Checking nits according to http://www.ietf.org/ietf/1id-guidelines.txt: Nothing found here (but these checks do not cover all of 1id-guidelines.txt yet). Miscellaneous warnings: - The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords.=20 RFC 2119 paragraph 2 text: "The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119." Experimental warnings: - Unused Reference: [4] is defined on line 1113, but not referenced ' [4] Menezes, A., van Oorschot, P., and S. Vanstone, ""Handbook of' - Unused Reference: [6] is defined on line 1119, but not referenced ' [6] Mockapetris, P., "Domain names - concepts and facilities",' - Unused Reference: [7] is defined on line 1122, but not referenced ' [7] Mockapetris, P., "Domain names - implementation and' - Unused Reference: [9] is defined on line 1128, but not referenced ' [9] Malkin, G., "Internet Users' Glossary", RFC 1983, August 1996.' - Unused Reference: [10] is defined on line 1130, but not referenced ' [10] Freed, N. and N. Borenstein, "Multipurpose Internet Mail' - Unused Reference: [11] is defined on line 1134, but not referenced ' [11] Oehler, M. and R. Glenn, "HMAC-MD5 IP Authentication with' - Unused Reference: [12] is defined on line 1137, but not referenced ' [12] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing' - Unused Reference: [22] is defined on line 1168, but not referenced ' [22] Klyne, G. and C. Newman, "Date and Time on the Internet:' - Unused Reference: [14] is defined on line 1143, but not referenced ' [14] Yergeau, F., "UTF-8, a transformation format of ISO 10646",' - Unused Reference: [15] is defined on line 1146, but not referenced ' [15] Crocker, D. and P. Overell, "Augmented BNF for Syntax' - Unused Reference: [25] is defined on line 1178, but not referenced ' [25] Schneier, B., "Applied Cryptography Second Edition: protocols,' - Unused Reference: [16] is defined on line 1149, but not referenced ' [16] Hinden, R. and S. Deering, "IP Version 6 Addressing' - Unused Reference: [3] is defined on line 1110, but not referenced ' [3] American National Standards Institute, "USA Code for' 6) The contact information in the "authors and working group chair" section recognizes only Chris since he was chair during the work on that document. I should probably be added in case the rfc-ditor needs to contact me, such as for AUTH48. My contact information is=20 David Harrington ietfdbh@comcast.net dharrington@huawei.com=20 Huawei Technologies (USA) 1700 Alma Drive, Suite 100 Plano, TX 75075 +1-603-436-8634 7) The authors' address information should be filled in more throughly to improve the rfc-editor's chance of finding all of us for AUTH48, and to imporve chances of readers with questions being able to reach us. Does J.Kelsey have an affiliation? If so, it should be reflected on the first page. 8) Please add the following to the top of the "authors and working group chair" section. "Comments are solicited and should be addressed to the working group's mailing list and/or the author(s)." Thanks, David Harrington dharrington@huawei.com=20 dbharrington@comcast.net ietfdbh@comcast.net > -----Original Message----- > From: Alexander Clemm (alex) [mailto:alex@cisco.com]=20 > Sent: Thursday, May 25, 2006 8:55 PM > To: David Harrington > Subject: FW: draft-ietf-syslog-sign-18.txt >=20 >=20 > Hello David, >=20 > sorry, I forgot to courtesy copy you but just realized my mistake. >=20 > Best regards > --- Alex >=20 > -----Original Message----- > From: Alexander Clemm (alex)=20 > Sent: Thursday, May 25, 2006 5:48 PM > To: internet-drafts@ietf.org > Cc: Chris Lonvick (clonvick); Jon Callas; Alexander Clemm (alex) > Subject: RE: draft-ietf-syslog-sign-18.txt >=20 > Hello, >=20 > please find enclosed the submission draft-ietf-syslog-sign-18.txt > (Signed syslog Messages), of the syslog Working Group, to=20 > replace draft > 17. =20 >=20 > I am also enclosing the XML file that was used to generate=20 > the .txt file > using the tool provided on http://xml.resource.org/. =20 >=20 > Please let me know if there are any questions. =20 >=20 > Thank you, and kind regards > --- Alexander Clemm >=20 >=20 _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Fri May 26 16:07:36 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FjiaL-0002ph-GV; Fri, 26 May 2006 16:07:01 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FjiaH-0002db-4R; Fri, 26 May 2006 16:06:57 -0400 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FjiaH-0007KJ-2m; Fri, 26 May 2006 16:06:57 -0400 Received: from cypress.neustar.com ([209.173.57.84]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FjiSn-0004ND-2t; Fri, 26 May 2006 15:59:14 -0400 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by cypress.neustar.com (8.12.8/8.12.8) with ESMTP id k4QJo167013562 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 26 May 2006 19:50:01 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FjiJt-0005fG-LX; Fri, 26 May 2006 15:50:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Message-Id: Date: Fri, 26 May 2006 15:50:01 -0400 X-Spam-Score: -2.6 (--) X-Scan-Signature: 73734d43604d52d23b3eba644a169745 Cc: syslog@ietf.org Subject: [Syslog] I-D ACTION:draft-ietf-syslog-sign-18.txt X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : Signed syslog Messages Author(s) : J. Kelsey, et al. Filename : draft-ietf-syslog-sign-18.txt Pages : 33 Date : 2006-5-26 This document describes a mechanism to add origin authentication, message integrity, replay-resistance, message sequencing, and detection of missing messages to the transmitted syslog messages. This specification draws upon the work defined in RFC xxx, "The syslog Protocol", however it may be used atop any message delivery mechanism, even that defined in RFC 3164, "The BSD syslog Protocol", or in the RAW mode of "RFC 3195, "The Reliable Delivery of syslog". A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-sign-18.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-syslog-sign-18.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-syslog-sign-18.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-5-26135913.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-syslog-sign-18.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-syslog-sign-18.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-5-26135913.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog --NextPart-- From syslog-bounces@lists.ietf.org Tue May 30 18:50:27 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FlD2J-0001Tv-TN; Tue, 30 May 2006 18:50:03 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FlD2I-0001TD-JT; Tue, 30 May 2006 18:50:02 -0400 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=pine.neustar.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FlD2I-0006EW-3w; Tue, 30 May 2006 18:50:02 -0400 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by pine.neustar.com (8.12.8/8.12.8) with ESMTP id k4UMo1Hp015878 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 30 May 2006 22:50:01 GMT Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FlD2H-0000nG-ED; Tue, 30 May 2006 18:50:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Message-Id: Date: Tue, 30 May 2006 18:50:01 -0400 X-Spam-Score: -2.5 (--) X-Scan-Signature: c3a18ef96977fc9bcc21a621cbf1174b Cc: syslog@ietf.org Subject: [Syslog] I-D ACTION:draft-ietf-syslog-transport-udp-07.txt X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : Transmission of syslog messages over UDP Author(s) : A. Okmianski Filename : draft-ietf-syslog-transport-udp-07.txt Pages : 10 Date : 2006-5-30 This document describes the transport for syslog messages over UDP/ IPv4 or UDP/IPv6. The syslog protocol layered architecture provides for support of any number of transport mappings. However, for interoperability purposes, syslog protocol implementors are required to support this transport protocol. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-udp-07.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-syslog-transport-udp-07.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-syslog-transport-udp-07.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2006-5-30163823.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-syslog-transport-udp-07.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-syslog-transport-udp-07.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2006-5-30163823.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog --NextPart--