From wwwrun@rfc-editor.org Fri Jan 7 23:56:49 2011 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF67528C0F0 for ; Fri, 7 Jan 2011 23:56:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.295 X-Spam-Level: X-Spam-Status: No, score=-102.295 tagged_above=-999 required=5 tests=[AWL=0.305, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hFpvnYAmU0kX for ; Fri, 7 Jan 2011 23:56:49 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:1112:1::2f]) by core3.amsl.com (Postfix) with ESMTP id 1E31328C0EC for ; Fri, 7 Jan 2011 23:56:49 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 89752E0717; Fri, 7 Jan 2011 23:58:56 -0800 (PST) To: rgerhards@adiscon.com, turners@ieca.com, tim.polk@nist.gov, ietfdbh@comcast.net, clonvick@cisco.com From: RFC Errata System Message-Id: <20110108075856.89752E0717@rfc-editor.org> Date: Fri, 7 Jan 2011 23:58:56 -0800 (PST) Cc: syslog@ietf.org, iamvic@rambler.ru, rfc-editor@rfc-editor.org Subject: [Syslog] [Editorial Errata Reported] RFC5424 (2682) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jan 2011 07:56:49 -0000 The following errata report has been submitted for RFC5424, "The Syslog Protocol". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=5424&eid=2682 -------------------------------------- Type: Editorial Reported by: VicTor Smirnoff Section: 6.2.1. Original Text ------------- 15 clock daemon (note 2) (...) Table 1. Syslog Message Facilities Corrected Text -------------- 15 clock daemon (...) Table 1. Syslog Message Facilities Notes ----- Note 2 isn't present in this document. It's an artefact from RFC 3164. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC5424 (draft-ietf-syslog-protocol-23) -------------------------------------- Title : The Syslog Protocol Publication Date : March 2009 Author(s) : R. Gerhards Category : PROPOSED STANDARD Source : Security Issues in Network Event Logging Area : Security Stream : IETF Verifying Party : IESG From ietfc@btconnect.com Tue Jan 11 03:44:49 2011 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 48A2428C122 for ; Tue, 11 Jan 2011 03:44:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.799 X-Spam-Level: X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 438NIpu5Jg1E for ; Tue, 11 Jan 2011 03:44:48 -0800 (PST) Received: from mail.btconnect.com (c2bthomr13.btconnect.com [213.123.20.131]) by core3.amsl.com (Postfix) with ESMTP id CE2A128C152 for ; Tue, 11 Jan 2011 03:44:47 -0800 (PST) Received: from host217-44-202-158.range217-44.btcentralplus.com (HELO pc6) ([217.44.202.158]) by c2bthomr13.btconnect.com with SMTP id BGY48743; Tue, 11 Jan 2011 11:46:58 +0000 (GMT) Message-ID: <00e401cbb17c$68868ae0$4001a8c0@gateway.2wire.net> From: "t.petch" To: References: <20110108075856.89752E0717@rfc-editor.org> Date: Tue, 11 Jan 2011 11:43:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Mirapoint-IP-Reputation: reputation=Neutral-1, source=Queried, refid=tid=0001.0A0B0301.4D2C432D.0124, actions=tag X-Junkmail-Status: score=10/50, host=c2bthomr13.btconnect.com X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0B0203.4D2C4336.0109,ss=1,fgs=0, ip=0.0.0.0, so=2010-07-22 22:03:31, dmn=2009-09-10 00:05:08, mode=single engine X-Junkmail-IWF: false Cc: syslog@ietf.org Subject: Re: [Syslog] [Editorial Errata Reported] RFC5424 (2682) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jan 2011 11:44:49 -0000 Oh dear:-( Looks like a good correction to me. (nb I have stripped off all the addressees which I will get bounces for; they will need restoring for whatever conclusion we reach) Tom Petch ----- Original Message ----- From: "RFC Errata System" To: ; ; ; ; Cc: ; ; Sent: Saturday, January 08, 2011 8:58 AM Subject: [Syslog] [Editorial Errata Reported] RFC5424 (2682) > > The following errata report has been submitted for RFC5424, > "The Syslog Protocol". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=5424&eid=2682 > > -------------------------------------- > Type: Editorial > Reported by: VicTor Smirnoff > > Section: 6.2.1. > > Original Text > ------------- > 15 clock daemon (note 2) > (...) > Table 1. Syslog Message Facilities > > > > Corrected Text > -------------- > 15 clock daemon > (...) > Table 1. Syslog Message Facilities > > > Notes > ----- > Note 2 isn't present in this document. It's an artefact from RFC 3164. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5424 (draft-ietf-syslog-protocol-23) > -------------------------------------- > Title : The Syslog Protocol > Publication Date : March 2009 > Author(s) : R. Gerhards > Category : PROPOSED STANDARD > Source : Security Issues in Network Event Logging > Area : Security > Stream : IETF > Verifying Party : IESG > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog From rgerhards@hq.adiscon.com Tue Jan 11 04:03:32 2011 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD1EE28C273 for ; Tue, 11 Jan 2011 04:03:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_15=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFaqiCXewHXH for ; Tue, 11 Jan 2011 04:03:32 -0800 (PST) Received: from vmmail.adiscon.com (vmmail.adiscon.com [178.63.79.189]) by core3.amsl.com (Postfix) with ESMTP id A4C3C28C279 for ; Tue, 11 Jan 2011 04:03:31 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by vmmail.adiscon.com (Postfix) with ESMTP id 3586D74A4D0; Tue, 11 Jan 2011 13:05:47 +0100 (CET) Received: from vmmail.adiscon.com ([127.0.0.1]) by localhost (vmmail.adiscon.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VLrimUDda-KD; Tue, 11 Jan 2011 13:05:47 +0100 (CET) Received: from GRFEXC.intern.adiscon.com (pd95c774a.dip0.t-ipconnect.de [217.92.119.74]) by vmmail.adiscon.com (Postfix) with ESMTPA id ED93A74A4C5; Tue, 11 Jan 2011 13:05:46 +0100 (CET) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Tue, 11 Jan 2011 13:05:45 +0100 Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71DD9B8@GRFEXC.intern.adiscon.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Syslog] [Editorial Errata Reported] RFC5424 (2682) Thread-Index: AcuxhVLSN62jO/vYRZO21IuS1wtv+AAAoN9Q References: <20110108075856.89752E0717@rfc-editor.org> <00e401cbb17c$68868ae0$4001a8c0@gateway.2wire.net> From: "Rainer Gerhards" To: "t.petch" Cc: syslog@ietf.org Subject: Re: [Syslog] [Editorial Errata Reported] RFC5424 (2682) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jan 2011 12:03:32 -0000 I agree, this is definitely a useful correction :( rainer > -----Original Message----- > From: syslog-bounces@ietf.org [mailto:syslog-bounces@ietf.org] On > Behalf Of t.petch > Sent: Tuesday, January 11, 2011 11:44 AM > To: Rainer Gerhards > Cc: syslog@ietf.org > Subject: Re: [Syslog] [Editorial Errata Reported] RFC5424 (2682) >=20 > Oh dear:-( >=20 > Looks like a good correction to me. >=20 > (nb I have stripped off all the addressees which I will get bounces > for; they > will need restoring for whatever conclusion we reach) >=20 > Tom Petch >=20 > ----- Original Message ----- > From: "RFC Errata System" > To: ; ; ; > ; > Cc: ; ; = > Sent: Saturday, January 08, 2011 8:58 AM > Subject: [Syslog] [Editorial Errata Reported] RFC5424 (2682) >=20 >=20 > > > > The following errata report has been submitted for RFC5424, > > "The Syslog Protocol". > > > > -------------------------------------- > > You may review the report below and at: > > http://www.rfc-editor.org/errata_search.php?rfc=3D5424&eid=3D2682 > > > > -------------------------------------- > > Type: Editorial > > Reported by: VicTor Smirnoff > > > > Section: 6.2.1. > > > > Original Text > > ------------- > > 15 clock daemon (note 2) > > (...) > > Table 1. Syslog Message Facilities > > > > > > > > Corrected Text > > -------------- > > 15 clock daemon > > (...) > > Table 1. Syslog Message Facilities > > > > > > Notes > > ----- > > Note 2 isn't present in this document. It's an artefact from RFC > 3164. > > > > Instructions: > > ------------- > > This errata is currently posted as "Reported". If necessary, please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party (IESG) > > can log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC5424 (draft-ietf-syslog-protocol-23) > > -------------------------------------- > > Title : The Syslog Protocol > > Publication Date : March 2009 > > Author(s) : R. Gerhards > > Category : PROPOSED STANDARD > > Source : Security Issues in Network Event Logging > > Area : Security > > Stream : IETF > > Verifying Party : IESG > > _______________________________________________ > > Syslog mailing list > > Syslog@ietf.org > > https://www.ietf.org/mailman/listinfo/syslog >=20 > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog From clonvick@cisco.com Sun Jan 30 08:57:56 2011 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D602C3A6834 for ; Sun, 30 Jan 2011 08:57:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.224 X-Spam-Level: X-Spam-Status: No, score=-110.224 tagged_above=-999 required=5 tests=[AWL=-0.225, BAYES_00=-2.599, J_CHICKENPOX_41=0.6, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yoIDYsSTuy0G for ; Sun, 30 Jan 2011 08:57:55 -0800 (PST) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 997E03A6802 for ; Sun, 30 Jan 2011 08:57:55 -0800 (PST) Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhIFAFcoRU2rR7Hu/2dsb2JhbACWUgEBjiFznnOaG4VOBIUT Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-6.cisco.com with ESMTP; 30 Jan 2011 17:01:07 +0000 Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id p0UH17wN027982 for ; Sun, 30 Jan 2011 17:01:07 GMT Date: Sun, 30 Jan 2011 09:01:07 -0800 (PST) From: Chris Lonvick To: syslog@ietf.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: [Syslog] New syslog/tcp draft available X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2011 16:57:57 -0000 Hi Folks, We've finally gotten around to revising draft-gerhards-syslog-plain-tcp. :-) This addresses the issues that Tom raised about - the intro specifically stating what to expect in the body of the text - a note on the transport security. For the first, we just sort'a straightened things out with a few edits. For the latter, I looked in many places for a list of TCP vulnerabilities but couldn't find anything substantial. The US-CERT had a few implementation things and there were a scattering of other things. In the end, I just added a subsection to warn impelemters to look closely before writing code. If anyone has any other suggestions, please let us know. Thanks, Chris From turners@ieca.com Sun Jan 30 09:09:17 2011 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE4863A6B09 for ; Sun, 30 Jan 2011 09:09:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.247 X-Spam-Level: X-Spam-Status: No, score=-102.247 tagged_above=-999 required=5 tests=[AWL=-0.249, BAYES_00=-2.599, J_CHICKENPOX_41=0.6, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qQ7Wjme9GhkK for ; Sun, 30 Jan 2011 09:09:16 -0800 (PST) Received: from nm1.bullet.mail.ac4.yahoo.com (nm1.bullet.mail.ac4.yahoo.com [98.139.52.198]) by core3.amsl.com (Postfix) with SMTP id A327B3A6802 for ; Sun, 30 Jan 2011 09:09:16 -0800 (PST) Received: from [98.139.52.196] by nm1.bullet.mail.ac4.yahoo.com with NNFMP; 30 Jan 2011 17:12:26 -0000 Received: from [98.139.52.133] by tm9.bullet.mail.ac4.yahoo.com with NNFMP; 30 Jan 2011 17:12:26 -0000 Received: from [127.0.0.1] by omp1016.mail.ac4.yahoo.com with NNFMP; 30 Jan 2011 17:12:26 -0000 X-Yahoo-Newman-Id: 164861.80115.bm@omp1016.mail.ac4.yahoo.com Received: (qmail 21366 invoked from network); 30 Jan 2011 17:12:26 -0000 Received: from thunderfish.local (turners@71.191.11.171 with plain) by smtp114.biz.mail.re2.yahoo.com with SMTP; 30 Jan 2011 09:12:25 -0800 PST X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ X-YMail-OSG: MLr59tcVM1k_jGjR9DXe9BtjMq3YcbfHzT.rwxVPKQWJvUr 7IZHgatuOFlUvNjhuIP2N.FlPtKd.BoDLGOVj1biyCzgYE7Kh9GWly70.71v mJnymGwtjSgKSaafnYciEPz3HL5oSV6v6JjpvYrVxjT2J4e45xMRSeg1lwHM HtW5MvVBfmtqx0LRIOn75ElgS1A5crxV.qMxv.52NUk0J9RD_h5qgPjDk9aV Ix9gkCRkuqUABAA.KaA3YPP5vXPACf5iM2MEtG0B0IpFoIJI91OZEeC7.v7n WYchdjg4- X-Yahoo-Newman-Property: ymail-3 Message-ID: <4D459BF9.9050407@ieca.com> Date: Sun, 30 Jan 2011 12:12:25 -0500 From: Sean Turner User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Chris Lonvick References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: syslog@ietf.org Subject: Re: [Syslog] New syslog/tcp draft available X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2011 17:09:17 -0000 Chris, Not sure if this is what you're looking for, but have you checked out: http://datatracker.ietf.org/doc/draft-ietf-tcpm-tcp-security/ spt On 1/30/11 12:01 PM, Chris Lonvick wrote: > Hi Folks, > > We've finally gotten around to revising draft-gerhards-syslog-plain-tcp. > :-) > > This addresses the issues that Tom raised about > - the intro specifically stating what to expect in the body of the text > - a note on the transport security. > > For the first, we just sort'a straightened things out with a few edits. > For the latter, I looked in many places for a list of TCP > vulnerabilities but couldn't find anything substantial. The US-CERT had > a few implementation things and there were a scattering of other things. > In the end, I just added a subsection to warn impelemters to look > closely before writing code. If anyone has any other suggestions, please > let us know. > > Thanks, > Chris > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog > From clonvick@cisco.com Mon Jan 31 18:45:31 2011 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D64B3A6CBD for ; Mon, 31 Jan 2011 18:45:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.199 X-Spam-Level: X-Spam-Status: No, score=-110.199 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, J_CHICKENPOX_41=0.6, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbNXZ0LHhkNu for ; Mon, 31 Jan 2011 18:45:30 -0800 (PST) Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id 0A3473A68F1 for ; Mon, 31 Jan 2011 18:45:30 -0800 (PST) Authentication-Results: sj-iport-3.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAGsDR02rRN+K/2dsb2JhbACkfHOgYJs7hU4EhRM Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-3.cisco.com with ESMTP; 01 Feb 2011 02:48:45 +0000 Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-4.cisco.com (8.13.8/8.14.3) with ESMTP id p112mjjH023151; Tue, 1 Feb 2011 02:48:45 GMT Date: Mon, 31 Jan 2011 18:48:45 -0800 (PST) From: Chris Lonvick To: Sean Turner In-Reply-To: <4D459BF9.9050407@ieca.com> Message-ID: References: <4D459BF9.9050407@ieca.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: syslog@ietf.org Subject: Re: [Syslog] New syslog/tcp draft available X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2011 02:45:31 -0000 Hi Sean, I've seen that but I don't want this document to sit idle for the next couple of years while that matures and becomes a normative and stable reference via becoming an RFC. I'm really thinking that putting in definitive references for transport layer vulnerabilities is going a bit beyond what is expected of an INFORMATIONAL document. That being said, I think it's a good idea and am willing to pursue it within reason. Gont's document does reference a paper by Steve Bellovin: Bellovin, S. M. 1989. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48. That may be found here: http://portal.acm.org/citation.cfm?id=378449 What would you think about referencing that document as an INFORMATIVE reference in the third subsection of the Security Considerations section? Thanks, Chris On Sun, 30 Jan 2011, Sean Turner wrote: > Chris, > > Not sure if this is what you're looking for, but have you checked out: > http://datatracker.ietf.org/doc/draft-ietf-tcpm-tcp-security/ > > spt > > > On 1/30/11 12:01 PM, Chris Lonvick wrote: >> Hi Folks, >> >> We've finally gotten around to revising draft-gerhards-syslog-plain-tcp. >> : -) >> >> This addresses the issues that Tom raised about >> - the intro specifically stating what to expect in the body of the text >> - a note on the transport security. >> >> For the first, we just sort'a straightened things out with a few edits. >> For the latter, I looked in many places for a list of TCP >> vulnerabilities but couldn't find anything substantial. The US-CERT had >> a few implementation things and there were a scattering of other things. >> In the end, I just added a subsection to warn impelemters to look >> closely before writing code. If anyone has any other suggestions, please >> let us know. >> >> Thanks, >> Chris >> _______________________________________________ >> Syslog mailing list >> Syslog@ietf.org >> https://www.ietf.org/mailman/listinfo/syslog >> >