From lists@mschuette.name Thu Apr 2 23:54:59 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 444DC3A68F3 for ; Thu, 2 Apr 2009 23:54:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.306 X-Spam-Level: * X-Spam-Status: No, score=1.306 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3, MIME_QP_LONG_LINE=1.396] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rYN6Mppwf6Ov for ; Thu, 2 Apr 2009 23:54:58 -0700 (PDT) Received: from mail.asta.uni-potsdam.de (mail.asta.uni-potsdam.de [141.89.58.198]) by core3.amsl.com (Postfix) with ESMTP id BD99B3A68D9 for ; Thu, 2 Apr 2009 23:54:57 -0700 (PDT) Received: from localhost (mail.asta.uni-potsdam.de [141.89.58.198]) by mail.asta.uni-potsdam.de (Postfix) with ESMTP id 81B797ECDA for ; Fri, 3 Apr 2009 08:55:58 +0200 (CEST) X-Virus-Scanned: on mail at asta.uni-potsdam.de Received: from mail.asta.uni-potsdam.de ([141.89.58.198]) by localhost (mail.asta.uni-potsdam.de [141.89.58.198]) (amavisd-new, port 10024) with ESMTP id wQHPoQmSeYEp for ; Fri, 3 Apr 2009 08:55:46 +0200 (CEST) Received: from neo.asta.uni-potsdam.de (neo.asta.uni-potsdam.de [141.89.58.195]) by mail.asta.uni-potsdam.de (Postfix) with ESMTP id C3D1C7EBCC for ; Fri, 3 Apr 2009 08:55:46 +0200 (CEST) Received: from p4FE6C042.dip.t-dialin.net (p4FE6C042.dip.t-dialin.net [79.230.192.66]) by www.asta.uni-potsdam.de (Horde MIME library) with HTTP; Fri, 03 Apr 2009 08:55:46 +0200 Message-ID: <20090403085546.bu61xca08o0wsoko@www.asta.uni-potsdam.de> Date: Fri, 03 Apr 2009 08:55:46 +0200 From: Martin =?iso-8859-1?b?U2No/HR0ZQ==?= To: syslog@ietf.org References: <20090331003001.8983D3A68DF@core3.amsl.com> In-Reply-To: <20090331003001.8983D3A68DF@core3.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.6) / FreeBSD-6.2 Subject: Re: [Syslog] I-D Action:draft-ietf-syslog-sign-25.txt X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2009 06:54:59 -0000 Zitat von Internet-Drafts@ietf.org: > single second. Implementers need to also beware of the year 2038 > problem, which will cause the unix time to wrap in the year 2038. In One nit here: Unix time will not wrap, only 32-bit representations of it wil= l. > DSA signature scheme, the value of the signature field contains the > DSA values r and s, encoded as two multiprecision integers (see > [RFC4880], Sections 5.2.2 and 3.2), concatenated, and then encoded in > base 64 [RFC4648]. The current examples still use DER for encoding. I will try to update =20 the implementation and provide a new set of examples. --=20 Martin Sch=FCtte From Pasi.Eronen@nokia.com Mon Apr 6 04:05:40 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 22EE928C136 for ; Mon, 6 Apr 2009 04:05:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.464 X-Spam-Level: X-Spam-Status: No, score=-6.464 tagged_above=-999 required=5 tests=[AWL=0.135, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dNB6wmIDA3eL for ; Mon, 6 Apr 2009 04:05:39 -0700 (PDT) Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by core3.amsl.com (Postfix) with ESMTP id CBB9F3A6C3A for ; Mon, 6 Apr 2009 04:05:38 -0700 (PDT) Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-mx06.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id n36B6UWA030825 for ; Mon, 6 Apr 2009 14:06:39 +0300 Received: from vaebh104.NOE.Nokia.com ([10.160.244.30]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 6 Apr 2009 14:06:28 +0300 Received: from smtp.mgd.nokia.com ([65.54.30.7]) by vaebh104.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Mon, 6 Apr 2009 14:06:24 +0300 Received: from NOK-AM1MHUB-05.mgdnok.nokia.com (65.54.30.9) by NOK-AM1MHUB-03.mgdnok.nokia.com (65.54.30.7) with Microsoft SMTP Server (TLS) id 8.1.340.0; Mon, 6 Apr 2009 13:06:23 +0200 Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by NOK-AM1MHUB-05.mgdnok.nokia.com ([65.54.30.9]) with mapi; Mon, 6 Apr 2009 13:06:23 +0200 From: To: Date: Mon, 6 Apr 2009 13:06:22 +0200 Thread-Topic: Syslog-sign -25 Thread-Index: Acm2p7iG06BHWwBZTUmHor6uUdYqsA== Message-ID: <808FD6E27AD4884E94820BC333B2DB7727F22149EE@NOK-EUMSG-01.mgdnok.nokia.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 06 Apr 2009 11:06:24.0400 (UTC) FILETIME=[B974C100:01C9B6A7] X-Nokia-AV: Clean Subject: [Syslog] Syslog-sign -25 X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2009 11:05:40 -0000 Hi Alexander, Jon and others, Version -25 looks pretty good, and addresses all my comments except one: the email "Signature groups, originators, etc." (on February 5). Could you take the first attempt in proposing text that clarifies the definition of Signature Group, and makes the algorithm in Section 7.1 actually work in all the cases? Couple of minor nits: - As Martin pointed out, the examples (4.2.9 and 5.3.2.9) still=20 use DER encoding, not MPIs - The SD-PARAM-NAME for Total Payload Block Length should be=20 "TPBL", right? (not TBPL) - Section 5.3.2.8, typo "Section Section" - As pointed out by Richard (on December 22), Sections 5.3.2.4 and 5.3.2.6 should have "with leading zeroes omitted" (like all other integer-valued fields) Best regards, Pasi= From ietfdbh@comcast.net Tue Apr 7 11:24:12 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 358833A6C79 for ; Tue, 7 Apr 2009 11:24:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.202 X-Spam-Level: X-Spam-Status: No, score=-2.202 tagged_above=-999 required=5 tests=[AWL=-0.203, BAYES_00=-2.599, J_CHICKENPOX_93=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r5apWUPQL73D for ; Tue, 7 Apr 2009 11:24:10 -0700 (PDT) Received: from QMTA11.westchester.pa.mail.comcast.net (qmta11.westchester.pa.mail.comcast.net [76.96.59.211]) by core3.amsl.com (Postfix) with ESMTP id 871623A688F for ; Tue, 7 Apr 2009 11:24:10 -0700 (PDT) Received: from OMTA07.westchester.pa.mail.comcast.net ([76.96.62.59]) by QMTA11.westchester.pa.mail.comcast.net with comcast id cbla1b00B1GhbT85BiRHbf; Tue, 07 Apr 2009 18:25:17 +0000 Received: from Harrington73653 ([24.147.240.21]) by OMTA07.westchester.pa.mail.comcast.net with comcast id ciRH1b00W0UQ6dC3TiRHHE; Tue, 07 Apr 2009 18:25:17 +0000 From: "David Harrington" To: References: <20090331230902.7AEC726B6E4@bosco.isi.edu> Date: Tue, 7 Apr 2009 14:25:16 -0400 Message-ID: <016e01c9b7ae$333602e0$0600a8c0@china.huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcmyVcoiVu/ZTwcSTWOx9ZQIDsTBzQFWDAIA In-Reply-To: <20090331230902.7AEC726B6E4@bosco.isi.edu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Subject: Re: [Syslog] RFC 5427 on Textual Conventions for Syslog Management X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Apr 2009 18:24:12 -0000 Congratulations to the editors and the WG for completing the standardization of this document. Thank you, David Harrington dbharrington@comcast.net ietfdbh@comcast.net dharrington@huawei.com > -----Original Message----- > From: ietf-announce-bounces@ietf.org > [mailto:ietf-announce-bounces@ietf.org] On Behalf Of > rfc-editor@rfc-editor.org > Sent: Tuesday, March 31, 2009 7:09 PM > To: ietf-announce@ietf.org; rfc-dist@rfc-editor.org > Cc: syslog@ietf.org; rfc-editor@rfc-editor.org > Subject: RFC 5427 on Textual Conventions for Syslog Management > > > A new Request for Comments is now available in online RFC libraries. > > > RFC 5427 > > Title: Textual Conventions for Syslog Management > Author: G. Keeni > Status: Standards Track > Date: March 2009 > Mailbox: glenn@cysols.com > Pages: 8 > Characters: 17829 > Updates/Obsoletes/SeeAlso: None > > I-D Tag: draft-ietf-syslog-tc-mib-08.txt > > URL: http://www.rfc-editor.org/rfc/rfc5427.txt > > This MIB module defines textual conventions to represent > Facility and Severity information commonly used in syslog messages. > The intent is that these textual conventions will be imported and > used in MIB modules that would otherwise define their own > representations. [STANDARDS TRACK] > > This document is a product of the Security Issues in Network > Event Logging Working Group of the IETF. > > This is now a Proposed Standard Protocol. > > STANDARDS TRACK: This document specifies an Internet standards track > protocol for the Internet community,and requests discussion > and suggestions > for improvements. Please refer to the current edition of the Internet > Official Protocol Standards (STD 1) for the standardization state and > status of this protocol. Distribution of this memo is unlimited. > > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > http://www.ietf.org/mailman/listinfo/ietf-announce > http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist > > For searching the RFC series, see > http://www.rfc-editor.org/rfcsearch.html. > For downloading RFCs, see http://www.rfc-editor.org/rfc.html. > > Requests for special distribution should be addressed to either the > author of the RFC in question, or to > rfc-editor@rfc-editor.org. Unless > specifically noted otherwise on the RFC itself, all RFCs are for > unlimited distribution. > > > The RFC Editor Team > USC/Information Sciences Institute > > > _______________________________________________ > IETF-Announce mailing list > IETF-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-announce > From hongyanfeng@huaweisymantec.com Fri Apr 10 02:20:07 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40A673A6D84 for ; Fri, 10 Apr 2009 02:20:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.495 X-Spam-Level: X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hjmef2uM+6jW for ; Fri, 10 Apr 2009 02:20:06 -0700 (PDT) Received: from mta2.huaweisymantec.com (unknown [218.17.155.15]) by core3.amsl.com (Postfix) with ESMTP id 489D23A67EF for ; Fri, 10 Apr 2009 02:20:06 -0700 (PDT) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-disposition: inline Content-type: text/plain; charset=us-ascii Received: from hstml02-in.huaweisymantec.com ([172.26.3.42]) by hstga02-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHV001J2LKX1240@hstga02-in.huaweisymantec.com> for syslog@ietf.org; Fri, 10 Apr 2009 16:14:59 +0800 (CST) Received: from huaweisymantec.com ([127.0.0.1]) by hstml02-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHV00EKNLKVL400@hstml02-in.huaweisymantec.com> for syslog@ietf.org; Fri, 10 Apr 2009 16:14:57 +0800 (CST) Received: from [10.27.154.136] by hstml02-in.huaweisymantec.com (mshttpd); Fri, 10 Apr 2009 16:14:55 +0800 From: fenghongyan To: syslog@ietf.org Message-id: Date: Fri, 10 Apr 2009 16:14:55 +0800 X-Mailer: Sun Java(tm) System Messenger Express 6.3-5.02 (built Oct 12 2007; 32bit) Content-language: zh-CN X-Accept-Language: zh-CN Priority: normal Subject: [Syslog] Announcement: update of my draft, draft-feng-syslog-transport-dtls-01.txt is uploaded. X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2009 09:20:07 -0000 Hi, A new version of my draft is available, please feel free to add any comments or suggestions on it. This revision made some editorial changes, support for SCTP according to Wes's suggestion, pointer to syslog/tls rather than reiterating the security discussion according to Pasi's advice. Please feel free to have comments on this update, your suggestions will help to improve the text. To Rainer and Tom: I had read your draft after your update uploaded, I think those changes I made in my new version your draft is also need to make. DTLS not only works on UDP, also works on transport like DCCP, SCTP. You can see these changes in rfc4347-bis-02. The security discussion is similar as state in syslog/tls, simply pointer to syslog/tls would be better I think. I made some comments on your draft: 1. Those changes is needed as I mentioned above, those security requirements should be removed and replaced with pointer to syslog-tls, i.e. RFC5425. 2. In section 2.1, I don't see if there's a necessary for a syslog server should be a DTLS client. In my understanding, a dtls request is alway initiate by a dtls client, if syslog server being dtls client, how does a server know which client want to connect to it? I think RFC5425 has state authentication in very detail and come up the corresponding security policy. Also, fingerprint is aim to cover the case you discussed in your draft having a certificate url authentication. 3. Port number, I think a udp "registered port number" is required to assign for udp mapping and a sctp "registered port number" is required to assign for sctp mapping respectively. 4. I have claim to minimize the operation and security where both syslog/tls and syslog/dtls are supported, why do you need write the commands in your proposal? 5. ciphersuite, tls extensions, authentication can be merged into security policy and pointer to RFC5425. My "Message Process" section is not satisfied yet, David's comment is "a bit redundant and convoluted". I think there must be other unsatisfied places existence, would you like to be coauthors ? We can work together to make the proposal on syslog-dtls to be better? Thanks Linda From hongyanfeng@huaweisymantec.com Sat Apr 11 08:26:54 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D00693A6953 for ; Sat, 11 Apr 2009 08:26:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.105 X-Spam-Level: ** X-Spam-Status: No, score=2.105 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPmlwegrQHPy for ; Sat, 11 Apr 2009 08:26:54 -0700 (PDT) Received: from mta1.huaweisymantec.com (unknown [218.17.155.14]) by core3.amsl.com (Postfix) with ESMTP id EE0EC3A6936 for ; Sat, 11 Apr 2009 08:26:53 -0700 (PDT) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-disposition: inline Content-type: text/plain; charset=us-ascii Received: from hstml01-in.huaweisymantec.com ([172.26.3.41]) by hstga01-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHY00DW90ACVZ50@hstga01-in.huaweisymantec.com> for syslog@ietf.org; Sat, 11 Apr 2009 23:27:50 +0800 (CST) Received: from huaweisymantec.com ([127.0.0.1]) by hstml01-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHY00B0C0A8EM10@hstml01-in.huaweisymantec.com> for syslog@ietf.org; Sat, 11 Apr 2009 23:27:48 +0800 (CST) Received: from [125.33.139.151] by hstml01-in.huaweisymantec.com (mshttpd) ; Sat, 11 Apr 2009 23:27:44 +0800 From: fenghongyan To: syslog@ietf.org Message-id: Date: Sat, 11 Apr 2009 23:27:44 +0800 X-Mailer: Sun Java(tm) System Messenger Express 6.3-5.02 (built Oct 12 2007; 32bit) Content-language: zh-CN X-Accept-Language: zh-CN Priority: normal Cc: hongyanfeng@huaweisymantec.com Subject: [Syslog] update to draft-feng-syslog-transport-dtls available X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Apr 2009 15:26:54 -0000 Hi, A new version "draft-feng-syslog-transport-dtls-01.txt" is available. The discussions of message size and input/output message processing are not satisfactory yet. Please feel free to have comments on this update, your suggestions will help to improve the text. Thanks Linda From hongyanfeng@huaweisymantec.com Sat Apr 11 09:19:35 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A50493A6872 for ; Sat, 11 Apr 2009 09:19:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.364 X-Spam-Level: * X-Spam-Status: No, score=1.364 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tb3O1J5b4Y2d for ; Sat, 11 Apr 2009 09:19:35 -0700 (PDT) Received: from mta1.huaweisymantec.com (unknown [218.17.155.14]) by core3.amsl.com (Postfix) with ESMTP id B829F3A685F for ; Sat, 11 Apr 2009 09:19:34 -0700 (PDT) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-disposition: inline Content-type: text/plain; charset=us-ascii Received: from hstml02-in.huaweisymantec.com ([172.26.3.41]) by hstga01-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHY00D6G2Q6VZ60@hstga01-in.huaweisymantec.com> for syslog@ietf.org; Sun, 12 Apr 2009 00:20:32 +0800 (CST) Received: from huaweisymantec.com ([127.0.0.1]) by hstml02-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHY0002Z2Q4GZ10@hstml02-in.huaweisymantec.com> for syslog@ietf.org; Sun, 12 Apr 2009 00:20:30 +0800 (CST) Received: from [123.112.60.144] by hstml02-in.huaweisymantec.com (mshttpd) ; Sun, 12 Apr 2009 00:20:28 +0800 From: fenghongyan To: syslog@ietf.org Message-id: Date: Sun, 12 Apr 2009 00:20:28 +0800 X-Mailer: Sun Java(tm) System Messenger Express 6.3-5.02 (built Oct 12 2007; 32bit) Content-language: zh-CN X-Accept-Language: zh-CN Priority: normal Subject: [Syslog] Review of draft-petch-gerhards-syslog-transport-dtls-01.txt" X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Apr 2009 16:19:35 -0000 Hi, I read this proposal "draft-petch-gerhards-syslog-transport-dtls-01", I have some comments on it: Those changes I made in my new version this draft is also need to make, I think. section 1.3 The security discussion is similar as stated in syslog/tls, Pasi recommended simply pointer to syslog/tls would be better. section 1.4 This is covered in syslog/tls; a pointer to that document would work. section 2.1 I don't see if there's a necessary for a syslog server should be a DTLS client. In my understanding, a dtls request is alway initiate by a dtls client, if syslog server being dtls client, how does a server know which client want to connect to it? I think RFC5425 has state authentication in very detail and come up the corresponding security policy. Also, fingerprint is aim to cover the case you discussed in your draft having a certificate url authentication. A pointer to that document would work. section 2.2 I think a udp "registered port number" is required to assign for udp mapping and a sctp "registered port number" is required to assign for sctp mapping respectively. section 2.3 I claimed in my proposal to minimize the operation and security where both syslog/tls and syslog/dtls are supported, why do you need write the commands in your proposal? section 2.6, section 2.8 It is covered in syslog/tls security policy; a pointer to that document would work. Thanks Linda From hongyanfeng@huaweisymantec.com Sat Apr 11 09:24:32 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E63A23A6952 for ; Sat, 11 Apr 2009 09:24:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.735 X-Spam-Level: * X-Spam-Status: No, score=1.735 tagged_above=-999 required=5 tests=[AWL=-0.370, BAYES_50=0.001, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOxzOalMr4qT for ; Sat, 11 Apr 2009 09:24:32 -0700 (PDT) Received: from mta1.huaweisymantec.com (unknown [218.17.155.14]) by core3.amsl.com (Postfix) with ESMTP id 0AB3B3A6872 for ; Sat, 11 Apr 2009 09:24:32 -0700 (PDT) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-disposition: inline Content-type: text/plain; charset=us-ascii Received: from hstml02-in.huaweisymantec.com ([172.26.3.41]) by hstga01-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHY00D7E2YIVZ60@hstga01-in.huaweisymantec.com> for syslog@ietf.org; Sun, 12 Apr 2009 00:25:30 +0800 (CST) Received: from huaweisymantec.com ([127.0.0.1]) by hstml02-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KHY00J3H2YG9W10@hstml02-in.huaweisymantec.com> for syslog@ietf.org; Sun, 12 Apr 2009 00:25:30 +0800 (CST) Received: from [123.112.60.144] by hstml02-in.huaweisymantec.com (mshttpd) ; Sun, 12 Apr 2009 00:25:28 +0800 From: fenghongyan To: syslog@ietf.org Message-id: Date: Sun, 12 Apr 2009 00:25:28 +0800 X-Mailer: Sun Java(tm) System Messenger Express 6.3-5.02 (built Oct 12 2007; 32bit) Content-language: zh-CN X-Accept-Language: zh-CN Priority: normal Subject: [Syslog] Merging drafts X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Apr 2009 16:24:33 -0000 Hi, To Rainer and Tom: I think my draft still have much unsatisfactory places existence, would you like to be coauthors ? We can work together to make the proposal on syslog-dtls to be better? Thanks Linda From hongyanfeng@huaweisymantec.com Fri Apr 17 01:47:02 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC17E3A6E0B for ; Fri, 17 Apr 2009 01:47:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.805 X-Spam-Level: X-Spam-Status: No, score=0.805 tagged_above=-999 required=5 tests=[AWL=-1.300, BAYES_50=0.001, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLb9WcR84iLe for ; Fri, 17 Apr 2009 01:47:02 -0700 (PDT) Received: from mta2.huaweisymantec.com (unknown [218.17.155.15]) by core3.amsl.com (Postfix) with ESMTP id E6FAF3A6EA5 for ; Fri, 17 Apr 2009 01:47:01 -0700 (PDT) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-disposition: inline Content-type: text/plain; charset=us-ascii Received: from hstml02-in.huaweisymantec.com ([172.26.3.42]) by hstga02-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KI80087ALS3VK20@hstga02-in.huaweisymantec.com> for syslog@ietf.org; Fri, 17 Apr 2009 16:48:05 +0800 (CST) Received: from huaweisymantec.com ([127.0.0.1]) by hstml02-in.huaweisymantec.com (Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)) with ESMTP id <0KI800KSXLS1AV00@hstml02-in.huaweisymantec.com> for syslog@ietf.org; Fri, 17 Apr 2009 16:48:03 +0800 (CST) Received: from [10.27.154.136] by hstml02-in.huaweisymantec.com (mshttpd); Fri, 17 Apr 2009 16:48:01 +0800 From: fenghongyan To: syslog@ietf.org Message-id: Date: Fri, 17 Apr 2009 16:48:01 +0800 X-Mailer: Sun Java(tm) System Messenger Express 6.3-5.02 (built Oct 12 2007; 32bit) Content-language: zh-CN X-Accept-Language: zh-CN Priority: normal Subject: [Syslog] Is anybody here have any comment on draft-feng-syslog-transport-dtls-01.txt ? X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Apr 2009 08:47:02 -0000 Hi, all Does anyone have any comment on the draft ? Please feel free to add your comments here:-) I think it has value to have such proposal to submit, and I need your help to improve it. Thanks Linda From clonvick@cisco.com Mon Apr 20 06:41:05 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 257933A6B6E for ; Mon, 20 Apr 2009 06:41:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hL+sITeZGZdA for ; Mon, 20 Apr 2009 06:41:04 -0700 (PDT) Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id B66113A63EC for ; Mon, 20 Apr 2009 06:40:35 -0700 (PDT) X-IronPort-AV: E=Sophos;i="4.40,217,1238976000"; d="scan'208";a="154808170" Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-3.cisco.com with ESMTP; 20 Apr 2009 13:41:51 +0000 Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id n3KDfpvM003685; Mon, 20 Apr 2009 06:41:51 -0700 Received: from sjc-cde-010.cisco.com (sjc-cde-010.cisco.com [128.107.183.100]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id n3KDfpG7011366; Mon, 20 Apr 2009 13:41:51 GMT Date: Mon, 20 Apr 2009 06:41:48 -0700 (PDT) From: Chris Lonvick To: fenghongyan In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=634; t=1240234911; x=1241098911; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=clonvick@cisco.com; z=From:=20Chris=20Lonvick=20 |Subject:=20Re=3A=20[Syslog]=20Is=20anybody=20here=20have=2 0any=20comment=20on=0A=20draft-feng-syslog-transport-dtls-01 .txt=20? |Sender:=20; bh=9Goi36fS2uLHyivnrfkKcpv21x8AV+LHp2O6nnTGW7E=; b=JguWhD3irD0UbkR61praWEREgXxqMiCpz0KFo6au4Ycw0tYuXoi8WlIa5f /BL8buBvIQ/QTlkoYMf1IXvyesTC161FaDtQGqQuggRaC/VDrL/vTzkxRfCR 7Vi+gj/LCv; Authentication-Results: sj-dkim-2; header.From=clonvick@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; ); Cc: syslog@ietf.org Subject: Re: [Syslog] Is anybody here have any comment on draft-feng-syslog-transport-dtls-01.txt ? X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2009 13:41:05 -0000 Hi Linda, This isn't a Working Group item. I think it might be best to wait on this until we finish the Charter items and then bring it up in a discusson on rechartering the Working Group. Regards, Chris On Fri, 17 Apr 2009, fenghongyan wrote: > Hi, all > > Does anyone have any comment on the draft ? Please feel free to add your comments here:-) > I think it has value to have such proposal to submit, and I need your help to improve it. > > > > Thanks > Linda > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog > From cfinss@dial.pipex.com Wed Apr 22 13:36:41 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 283BB3A69E6 for ; Wed, 22 Apr 2009 13:36:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.621 X-Spam-Level: X-Spam-Status: No, score=-0.621 tagged_above=-999 required=5 tests=[AWL=-0.950, BAYES_20=-0.74, DATE_IN_PAST_06_12=1.069] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vPX141EJ+JHY for ; Wed, 22 Apr 2009 13:36:40 -0700 (PDT) Received: from mk-outboundfilter-6.mail.uk.tiscali.com (mk-outboundfilter-6.mail.uk.tiscali.com [212.74.114.14]) by core3.amsl.com (Postfix) with ESMTP id 14F073A7121 for ; Wed, 22 Apr 2009 13:36:24 -0700 (PDT) X-Trace: 96000426/mk-outboundfilter-6.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-customers/62.188.19.46/None/cfinss@dial.pipex.com X-SBRS: None X-RemoteIP: 62.188.19.46 X-IP-MAIL-FROM: cfinss@dial.pipex.com X-SMTP-AUTH: X-MUA: Microsoft Outlook Express 6.00.2800.1106Produced By Microsoft MimeOLE V6.00.2800.1106 X-IP-BHB: Once X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjYFANcc70k+vBMu/2dsb2JhbABFgmJLijnDNgeDbQY X-IronPort-AV: E=Sophos;i="4.40,232,1238972400"; d="scan'208";a="96000426" X-IP-Direction: IN Received: from 1cust46.tnt2.lnd3.gbr.da.uu.net (HELO allison) ([62.188.19.46]) by smtp.pipex.tiscali.co.uk with SMTP; 22 Apr 2009 21:37:39 +0100 Message-ID: <001e01c9c381$c79b21c0$0601a8c0@allison> From: "tom.petch" To: "fenghongyan" , References: Date: Wed, 22 Apr 2009 15:24:29 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Re: [Syslog] Review ofdraft-petch-gerhards-syslog-transport-dtls-01.txt" X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "tom.petch" List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2009 20:36:41 -0000 Linda, Thank you for your comments and my apologies for not responding earlier. Bear in mind that this I-D was written in 2006 when the tls draft did not exist in its present form and so could not be referenced. It has been re-issued now in the light of renewed interest in the topic and this required the references to be updated but otherwise the I-D was not changed. So yes, more revision is needed and hopefully will happen next week. Meanwhile, bear in mind that it was written to offer alternatives to the approaches being considered in 2006, especially that the roles of DTLS client and server could be reversed with advantage which in turn needs a protocol to agree this, which in turn is a common practice with other TLS applications and so was lifted from that. As to whether or not this is a good idea, well, the way to find out is to write an I-D and see what the response is. If there is no consensus to support an idea, then the editor removes it:-) Tom Petch ----- Original Message ----- From: "fenghongyan" To: Sent: Saturday, April 11, 2009 6:20 PM Subject: [Syslog] Review ofdraft-petch-gerhards-syslog-transport-dtls-01.txt" > Hi, > > I read this proposal "draft-petch-gerhards-syslog-transport-dtls-01", > I have some comments on it: > > Those changes I made in my new version this draft is also need to make, I think. > > > section 1.3 > The security discussion is similar as stated in syslog/tls, Pasi > recommended simply pointer to syslog/tls would be better. > > section 1.4 > This is covered in syslog/tls; a pointer to that document would work. > > section 2.1 > I don't see if there's a necessary for a syslog server should be a DTLS client. > In my understanding, a dtls request is alway initiate by a dtls client, if syslog server being dtls client, > how does a server know which client want to connect to it? > I think RFC5425 has state authentication in very detail and come up the corresponding security policy. > Also, fingerprint is aim to cover the case you discussed in your draft having a certificate url authentication. > A pointer to that document would work. > > section 2.2 > I think a udp "registered port number" is required to assign for udp mapping and > a sctp "registered port number" is required to assign for sctp mapping respectively. > > section 2.3 > I claimed in my proposal to minimize the operation and security where > both syslog/tls and syslog/dtls are supported, why do you need write > the commands in your proposal? > > section 2.6, section 2.8 > It is covered in syslog/tls security policy; a pointer to that document would work. > > Thanks > Linda > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog