From root@core3.amsl.com Wed Oct 14 13:15:01 2009 Return-Path: X-Original-To: syslog@ietf.org Delivered-To: syslog@core3.amsl.com Received: by core3.amsl.com (Postfix, from userid 0) id 7B5483A68C0; Wed, 14 Oct 2009 13:15:01 -0700 (PDT) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20091014201501.7B5483A68C0@core3.amsl.com> Date: Wed, 14 Oct 2009 13:15:01 -0700 (PDT) Cc: syslog@ietf.org Subject: [Syslog] I-D Action:draft-ietf-syslog-dtls-00.txt X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2009 20:15:01 -0000 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog Author(s) : J. Salowey, et al. Filename : draft-ietf-syslog-dtls-00.txt Pages : 18 Date : 2009-10-14 This document describes the transport of syslog messages over DTLS (Datagram Transport Level Security). It provides a secure transport for syslog messages in cases where a connection-less transport is desired. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-dtls-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-syslog-dtls-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-10-14131107.I-D@ietf.org> --NextPart-- From jsalowey@cisco.com Wed Oct 14 14:23:34 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F4863A6804 for ; Wed, 14 Oct 2009 14:23:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MBt9jd80iOOU for ; Wed, 14 Oct 2009 14:23:33 -0700 (PDT) Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id 3B1D63A6801 for ; Wed, 14 Oct 2009 14:23:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=jsalowey@cisco.com; l=3425; q=dns/txt; s=sjiport01001; t=1255555416; x=1256765016; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20"Joseph=20Salowey=20(jsalowey)"=20|Subject:=20FW:=20[Syslog]=20I-D=20Action:draft-iet f-syslog-dtls-00.txt|Date:=20Wed,=2014=20Oct=202009=2014: 23:34=20-0700|Message-ID:=20|To:=20|MIME-Version:=201.0; bh=ZPmpFejKbMR6I4Zk1dEyKuYZM+DlNN+h13M0Hmkg5r8=; b=sfeXd/RAukdoGALb+K7tCFngKNpaBlZO3Tx6bSx1cEHdEvwaGHKsKmtp lEv3C8OXynhDD18u8NKzNvWPg8XBv0fA1f7bGEZeFX1jwD1Or9vi/luPd yJUPHnTTQkJ8Z/AUg6i0GnquiAers/epNJhdXZ+aKmyEAVpc5HPag2PpS w=; Authentication-Results: sj-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none X-Files: draft-ietf-syslog-dtls-00.URL : 90 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAIve1UqrRN+K/2dsb2JhbADCGJhnhC4E X-IronPort-AV: E=Sophos;i="4.44,561,1249257600"; d="url'?scan'208";a="256093965" Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-1.cisco.com with ESMTP; 14 Oct 2009 21:23:36 +0000 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-4.cisco.com (8.13.8/8.14.3) with ESMTP id n9ELNZSZ002651 for ; Wed, 14 Oct 2009 21:23:35 GMT Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 14 Oct 2009 14:23:35 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CA4D14.96A937B1" Date: Wed, 14 Oct 2009 14:23:34 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Syslog] I-D Action:draft-ietf-syslog-dtls-00.txt Thread-Index: AcpNCyNWa1ezmQ7JSmSmM7H6xmRwVQACPg6Q From: "Joseph Salowey (jsalowey)" To: X-OriginalArrivalTime: 14 Oct 2009 21:23:35.0929 (UTC) FILETIME=[96DDE690:01CA4D14] Subject: [Syslog] FW: I-D Action:draft-ietf-syslog-dtls-00.txt X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2009 21:23:34 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01CA4D14.96A937B1 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I Just posted a -00 version of the syslog DTLS draft (http://www.ietf.org/internet-drafts/draft-ietf-syslog-dtls-00.txt). I tried to merge the two proposals together and keep consistent with the Syslog TLS draft. Below are some issues I have identified, I'm sure there are others. =20 1. Transport DTLS can run over several different transports, right now the draft requires UDP and recommends DCCP. I think these are the most well defined. The draft also forbids DTLS over TCP and favors TLS over TCP to keep things consistent. I left out SCTP, I'm not sure where SCTP over DTLS is in the process and there also is a TLS option for SCTP. =20 2. Port Number DTLS could use the same port and TLS, which seems simple. The difficulty could be that for some transports you could use either TLS or DTLS (SCTP for example). In theory you could tell the difference between TLS and DTLS by version number so maybe this isn't a problem. =20 3. Initiation One of the drafts allowed either side to initiate. I did not include this. If we have a use case for it we could bring it back in. =20 4. Dead Peer Detection There has been a lot of discussion on DPD on the list. I don't have any specific remedy in the draft, just a warning that it could be a problem. Its likely that some work on this will happen in DTLS, but I'm not confident on the timeframe at this point.=20 5. Message Size The text on message size could use some review.=20 Cheers, Joe =20 -----Original Message----- From: syslog-bounces@ietf.org [mailto:syslog-bounces@ietf.org] On Behalf Of Internet-Drafts@ietf.org Sent: Wednesday, October 14, 2009 1:15 PM To: i-d-announce@ietf.org Cc: syslog@ietf.org Subject: [Syslog] I-D Action:draft-ietf-syslog-dtls-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog Author(s) : J. Salowey, et al. Filename : draft-ietf-syslog-dtls-00.txt Pages : 18 Date : 2009-10-14 This document describes the transport of syslog messages over DTLS (Datagram Transport Level Security). It provides a secure transport for syslog messages in cases where a connection-less transport is desired. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-dtls-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. ------_=_NextPart_001_01CA4D14.96A937B1 Content-Type: application/octet-stream; name="draft-ietf-syslog-dtls-00.URL" Content-Transfer-Encoding: base64 Content-Description: draft-ietf-syslog-dtls-00.URL Content-Disposition: attachment; filename="draft-ietf-syslog-dtls-00.URL" W0ludGVybmV0U2hvcnRjdXRdDQpVUkw9ZnRwOi8vZnRwLmlldGYub3JnL2ludGVybmV0LWRyYWZ0 cy9kcmFmdC1pZXRmLXN5c2xvZy1kdGxzLTAwLnR4dA0K ------_=_NextPart_001_01CA4D14.96A937B1-- From root@core3.amsl.com Wed Oct 14 22:45:01 2009 Return-Path: X-Original-To: syslog@ietf.org Delivered-To: syslog@core3.amsl.com Received: by core3.amsl.com (Postfix, from userid 0) id B96143A697B; Wed, 14 Oct 2009 22:45:01 -0700 (PDT) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20091015054501.B96143A697B@core3.amsl.com> Date: Wed, 14 Oct 2009 22:45:01 -0700 (PDT) Cc: syslog@ietf.org Subject: [Syslog] I-D Action:draft-ietf-syslog-sign-28.txt X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2009 05:45:01 -0000 --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : Signed syslog Messages Author(s) : J. Kelsey, et al. Filename : draft-ietf-syslog-sign-28.txt Pages : 46 Date : 2009-10-14 This document describes a mechanism to add origin authentication, message integrity, replay resistance, message sequencing, and detection of missing messages to the transmitted syslog messages. This specification is intended to be used in conjunction with the work defined in [RFC5424], "The syslog Protocol". A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-sign-28.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-syslog-sign-28.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2009-10-14224333.I-D@ietf.org> --NextPart-- From cfinss@dial.pipex.com Tue Oct 27 03:38:52 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 567E728C1A7 for ; Tue, 27 Oct 2009 03:38:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.05 X-Spam-Level: X-Spam-Status: No, score=-0.05 tagged_above=-999 required=5 tests=[AWL=0.135, BAYES_40=-0.185] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9AV9fm2DXTd for ; Tue, 27 Oct 2009 03:38:51 -0700 (PDT) Received: from mk-outboundfilter-1.mail.uk.tiscali.com (mk-outboundfilter-1.mail.uk.tiscali.com [212.74.114.37]) by core3.amsl.com (Postfix) with ESMTP id 310D928C1C2 for ; Tue, 27 Oct 2009 03:38:51 -0700 (PDT) X-Trace: 296857694/mk-outboundfilter-1.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-customers/62.188.100.22/None/cfinss@dial.pipex.com X-SBRS: None X-RemoteIP: 62.188.100.22 X-IP-MAIL-FROM: cfinss@dial.pipex.com X-SMTP-AUTH: X-MUA: Microsoft Outlook Express 6.00.2800.1106Produced By Microsoft MimeOLE V6.00.2800.1106 X-IP-BHB: Once X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aq4EAHFq5ko+vGQW/2dsb2JhbACDI416xx8KhDUE X-IronPort-AV: E=Sophos;i="4.44,632,1249254000"; d="scan'208";a="296857694" X-IP-Direction: IN Received: from 1cust22.tnt1.lnd9.gbr.da.uu.net (HELO allison) ([62.188.100.22]) by smtp.pipex.tiscali.co.uk with SMTP; 27 Oct 2009 10:39:03 +0000 Message-ID: <012201ca56e8$f0e4ac40$0601a8c0@allison> From: "tom.petch" To: "Joseph Salowey \(jsalowey\)" , References: Date: Tue, 27 Oct 2009 10:12:37 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Re: [Syslog] FW: I-D Action:draft-ietf-syslog-dtls-00.txt X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "tom.petch" List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 10:38:52 -0000 Good stuff. Ports; I like the idea of a common port, because it makes operational deployment (eg filtering in Middle boxes) so much simpler and less error prone. DTLS has an updated I-D in Working Group Last Call draft-ietf-tls-rfc4347-bis which I think we should reference. It covers DTLS over DCCP properly, which its predecessor might not be seen to. Message size I think needs more coverage. I would include a summary of the advice on PMTU discovery in DTLS 4.1.1.1 and specifically mention the 2**14 limit on records in DTLS. Earlier discussions on this list showed a desire for 2**16 syslog messages which, to me, implies fragmentation by the transport sender. Dead Peer Detection I would sit on until something more happens with the TLS Working Group. Tom Petch ----- Original Message ----- From: "Joseph Salowey (jsalowey)" To: Sent: Wednesday, October 14, 2009 10:23 PM Subject: [Syslog] FW: I-D Action:draft-ietf-syslog-dtls-00.txt I Just posted a -00 version of the syslog DTLS draft (http://www.ietf.org/internet-drafts/draft-ietf-syslog-dtls-00.txt). I tried to merge the two proposals together and keep consistent with the Syslog TLS draft. Below are some issues I have identified, I'm sure there are others. 1. Transport DTLS can run over several different transports, right now the draft requires UDP and recommends DCCP. I think these are the most well defined. The draft also forbids DTLS over TCP and favors TLS over TCP to keep things consistent. I left out SCTP, I'm not sure where SCTP over DTLS is in the process and there also is a TLS option for SCTP. 2. Port Number DTLS could use the same port and TLS, which seems simple. The difficulty could be that for some transports you could use either TLS or DTLS (SCTP for example). In theory you could tell the difference between TLS and DTLS by version number so maybe this isn't a problem. 3. Initiation One of the drafts allowed either side to initiate. I did not include this. If we have a use case for it we could bring it back in. 4. Dead Peer Detection There has been a lot of discussion on DPD on the list. I don't have any specific remedy in the draft, just a warning that it could be a problem. Its likely that some work on this will happen in DTLS, but I'm not confident on the timeframe at this point. 5. Message Size The text on message size could use some review. Cheers, Joe From ietfdbh@comcast.net Tue Oct 27 09:45:27 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3305428C20A for ; Tue, 27 Oct 2009 09:45:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.283 X-Spam-Level: X-Spam-Status: No, score=-2.283 tagged_above=-999 required=5 tests=[AWL=0.316, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bajmWjeMiBji for ; Tue, 27 Oct 2009 09:45:26 -0700 (PDT) Received: from QMTA07.westchester.pa.mail.comcast.net (qmta07.westchester.pa.mail.comcast.net [76.96.62.64]) by core3.amsl.com (Postfix) with ESMTP id 40A4728C188 for ; Tue, 27 Oct 2009 09:45:26 -0700 (PDT) Received: from OMTA18.westchester.pa.mail.comcast.net ([76.96.62.90]) by QMTA07.westchester.pa.mail.comcast.net with comcast id xo5a1c01L1wpRvQ57slhdc; Tue, 27 Oct 2009 16:45:41 +0000 Received: from Harrington73653 ([24.147.240.98]) by OMTA18.westchester.pa.mail.comcast.net with comcast id xsrE1c00D284sdk3esrF49; Tue, 27 Oct 2009 16:51:15 +0000 From: "David Harrington" To: Date: Tue, 27 Oct 2009 12:45:40 -0400 Message-ID: <0c6601ca5724$eae36250$0600a8c0@china.huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Thread-Index: AcpXHQm+0Cafz0RVS+CiSZG/lC1u2QAB8TKw Subject: [Syslog] FW: [OPS-AREA] OPS Area open office hours in Hiroshima X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 16:45:27 -0000 Hi, The OPS Area will hold the Open Office Hours at the Hiroshima IETF meeting on Thursday 11/12 between 15:00 and 16:30 in the IESG breakout room which is Room Castleview 2. Please join us for any OPS Area or IETF business issues that you would like to talk with us. OPS-CHAIRS - please distribute this message to your WG's. Thanks and Regards, Ron and Dan _______________________________________________ OPS-AREA mailing list OPS-AREA@ietf.org https://www.ietf.org/mailman/listinfo/ops-area From ietfdbh@comcast.net Tue Oct 27 15:14:29 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 916A53A684C for ; Tue, 27 Oct 2009 15:14:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.018 X-Spam-Level: X-Spam-Status: No, score=-2.018 tagged_above=-999 required=5 tests=[AWL=-0.019, BAYES_00=-2.599, J_CHICKENPOX_35=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EThGznB+rxPi for ; Tue, 27 Oct 2009 15:14:28 -0700 (PDT) Received: from QMTA14.westchester.pa.mail.comcast.net (qmta14.westchester.pa.mail.comcast.net [76.96.59.212]) by core3.amsl.com (Postfix) with ESMTP id 5DB473A67FB for ; Tue, 27 Oct 2009 15:14:28 -0700 (PDT) Received: from OMTA20.westchester.pa.mail.comcast.net ([76.96.62.71]) by QMTA14.westchester.pa.mail.comcast.net with comcast id xqFj1c0071YDfWL5EyEjs0; Tue, 27 Oct 2009 22:14:43 +0000 Received: from Harrington73653 ([24.147.240.98]) by OMTA20.westchester.pa.mail.comcast.net with comcast id xyKz1c00F284sdk3gyKzEV; Tue, 27 Oct 2009 22:20:02 +0000 From: "David Harrington" To: "'tom.petch'" , "'Joseph Salowey \(jsalowey\)'" , References: <012201ca56e8$f0e4ac40$0601a8c0@allison> Date: Tue, 27 Oct 2009 18:14:40 -0400 Message-ID: <0cc801ca5752$e24aad00$0600a8c0@china.huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <012201ca56e8$f0e4ac40$0601a8c0@allison> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Thread-Index: AcpW8bgkGbJbqoPHQcu1bW4gl7K0oQAXoYZg X-Mailman-Approved-At: Wed, 28 Oct 2009 08:23:48 -0700 Cc: "'Woundy, Richard'" , deketelaere@tComLabs.com, enechamkin@broadcom.com, "'Ong, Lyndon'" , 'Margaret Wasserman' , 'Wes Hardaker' , 'Sumanth Channabasappa' , 'Andi Kosich' , 'Sam Hartman' , v.marinov@jacobs-university.de, akarmaka@cisco.com, 'Huang Min' , 'Jeffrey Hutzelman' Subject: Re: [Syslog] FW: I-D Action:draft-ietf-syslog-dtls-00.txt X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 22:14:29 -0000 Thanks Tom. We need others in the WG to review this draft as well. We have committed to submitting this to IESG by March, and we have holiday seasons (Xmas, Chinese New Year, etc.) that are likely to get in the way. So we really need to get in-depth reviews done soon so we can get issues resolved and revisions published within the next four months. Please help by reviewing this document. Thanks David Harrington ietfdbh@comcast.net syslog WG co-chair > -----Original Message----- > From: syslog-bounces@ietf.org > [mailto:syslog-bounces@ietf.org] On Behalf Of tom.petch > Sent: Tuesday, October 27, 2009 5:13 AM > To: Joseph Salowey (jsalowey); syslog@ietf.org > Subject: Re: [Syslog] FW: I-D Action:draft-ietf-syslog-dtls-00.txt > > Good stuff. > > Ports; I like the idea of a common port, because it makes operational > deployment (eg filtering in Middle boxes) so much simpler and less > error prone. > > DTLS has an updated I-D in Working Group Last Call > draft-ietf-tls-rfc4347-bis > which I think we should reference. It covers DTLS over DCCP properly, > which its predecessor might not be seen to. > > Message size I think needs more coverage. I would include a > summary of the > advice on PMTU discovery in DTLS 4.1.1.1 and specifically > mention the 2**14 > limit on records in DTLS. Earlier discussions on this list > showed a desire for > 2**16 > syslog messages which, to me, implies fragmentation by the > transport sender. > > Dead Peer Detection I would sit on until something more > happens with the > TLS Working Group. > > Tom Petch > > ----- Original Message ----- > From: "Joseph Salowey (jsalowey)" > To: > Sent: Wednesday, October 14, 2009 10:23 PM > Subject: [Syslog] FW: I-D Action:draft-ietf-syslog-dtls-00.txt > > > I Just posted a -00 version of the syslog DTLS draft > (http://www.ietf.org/internet-drafts/draft-ietf-syslog-dtls-00.txt). I > tried to merge the two proposals together and keep consistent with the > Syslog TLS draft. Below are some issues I have identified, I'm sure > there are others. > > 1. Transport > > DTLS can run over several different transports, right now the draft > requires UDP and recommends DCCP. I think these are the most well > defined. The draft also forbids DTLS over TCP and favors TLS over TCP > to keep things consistent. I left out SCTP, I'm not sure where SCTP > over DTLS is in the process and there also is a TLS option for SCTP. > > 2. Port Number > > DTLS could use the same port and TLS, which seems simple. The > difficulty could be that for some transports you could use > either TLS or > DTLS (SCTP for example). In theory you could tell the difference > between TLS and DTLS by version number so maybe this isn't a problem. > > 3. Initiation > > One of the drafts allowed either side to initiate. I did not include > this. If we have a use case for it we could bring it back in. > > 4. Dead Peer Detection > > There has been a lot of discussion on DPD on the list. I > don't have any > specific remedy in the draft, just a warning that it could be > a problem. > Its likely that some work on this will happen in DTLS, but I'm not > confident on the timeframe at this point. > > 5. Message Size > > The text on message size could use some review. > > Cheers, > > Joe > > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog > From lear@cisco.com Wed Oct 28 05:10:17 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A714D3A69BD for ; Wed, 28 Oct 2009 05:10:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.671 X-Spam-Level: X-Spam-Status: No, score=-9.671 tagged_above=-999 required=5 tests=[AWL=0.328, BAYES_00=-2.599, J_CHICKENPOX_12=0.6, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zRkD7QneGIYf for ; Wed, 28 Oct 2009 05:10:16 -0700 (PDT) Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id 47E243A69B9 for ; Wed, 28 Oct 2009 05:10:16 -0700 (PDT) Authentication-Results: ams-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-AV: E=Sophos;i="4.44,639,1249257600"; d="scan'208";a="52977591" Received: from ams-core-1.cisco.com ([144.254.224.150]) by ams-iport-1.cisco.com with ESMTP; 28 Oct 2009 12:10:30 +0000 Received: from dhcp-10-55-88-221.cisco.com (dhcp-10-55-88-221.cisco.com [10.55.88.221]) by ams-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n9SCATNg014967; Wed, 28 Oct 2009 12:10:29 GMT Message-ID: <4AE834B4.6090209@cisco.com> Date: Wed, 28 Oct 2009 13:10:28 +0100 From: Eliot Lear User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.5pre) Gecko/20091024 Shredder/3.0pre MIME-Version: 1.0 To: David Harrington References: <012201ca56e8$f0e4ac40$0601a8c0@allison> <0cc801ca5752$e24aad00$0600a8c0@china.huawei.com> In-Reply-To: <0cc801ca5752$e24aad00$0600a8c0@china.huawei.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Wed, 28 Oct 2009 08:23:48 -0700 Cc: "'Woundy, Richard'" , deketelaere@tComLabs.com, enechamkin@broadcom.com, "'Ong, Lyndon'" , 'Wes Hardaker' , 'Margaret Wasserman' , 'Sumanth Channabasappa' , 'Andi Kosich' , 'Sam Hartman' , v.marinov@jacobs-university.de, akarmaka@cisco.com, 'Huang Min' , syslog@ietf.org, 'Jeffrey Hutzelman' Subject: Re: [Syslog] FW: I-D Action:draft-ietf-syslog-dtls-00.txt X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2009 12:10:17 -0000 David, Thank you for bringing this draft (back) to my attention. I want to congratulate the authors on a generally well written document. DTLS is an important missing component from the SYSLOG framework. I agree 110% with the introduction, and perhaps would go further, that sometimes in the worst of circumstances, it is important simply to try to get the message out and hope someone hears it. What you will find from me below are suggestions to simplify some text, most of which is non-normative. I believe Section 5.1 is serving two masters, and in my experience, this generally doesn't work well. Your first master is rationale behind choice of transport. What you are reaching for here is a protocol applicability statement. If you have the discussion about protocol applicability, and nothing says that you even need to go there at this stage, my suggestion would be to include it in your introduction and do away with all of the sub-sub-headings in Section 5.1. By way of example, I believe you are striving for relatively simple statements a'la this: > In those circumstances where reliability or ordering is important, > SYSLOG over TLS is appropriate. As the Internet best runs on the > basis of appropriate resource sharing, SYSLOG over DTLS over DCCP is > defined in this document. For systems where DCCP is either not > available or not usable (such as the afformentioned situation), DTLS > over UDP is also defined. Editorial: s/has state such problems/has discussed (or addressed) this problem Section 5.3: 1st para, 2nd sentence: Why only RECOMMENDED? 2nd para, last sentence: > This document is assumed to apply to > future versions of DTLS, in which case the mandatory to implement > cipher suite for the implemented version MUST be supported. Why do you need to say this at all? 3rd paragraph: > Both transport receiver and transport sender implementations MUST > provide means to generate a key pair and self-signed certificate in > the case that a key pair and certificate are not available through > another mechanism. Why is this necessary? Isn't it sufficient to import and make use of a self-signed certificate? Isn't it easy enough to run OpenSSL on a Mac or linux box and import the stuff? I could see an argument for usability concerns, but that's not sufficient grounds for a MUST. An aside about your 2119 language: I haven't reviewed all of it, nor am I an 2119 expert, but I can say that you will confuse people when you use MUST, SHALL, and REQUIRED. Section 5.3.2, 2nd para, last sentence: > The security parameters SHOULD be checked against the > security requirements of the requested session to make sure that the > resumed session provides proper security. I think what you are aiming at here is a downgrade attack. First, isn't this covered in DTLS? Otherwise, here I would argue for a MUST, and I would be more clear about what you are protecting against, such as the following: > In order to avoid downgrade attacks, an exiting session MUST NOT be > reused if its protection does not match the minimum policy > requirements of the new SYSLOG over DTLS session request. Editorial: Same section ABNF: is it not customary to use lower case, particularly for non-terminals? Again, thanks to the authors for putting this out there. Eliot From hartmans@mit.edu Wed Oct 28 07:21:24 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E8E23A6802 for ; Wed, 28 Oct 2009 07:21:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.297 X-Spam-Level: X-Spam-Status: No, score=-3.297 tagged_above=-999 required=5 tests=[AWL=-1.032, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xsgtt72tpRgy for ; Wed, 28 Oct 2009 07:21:23 -0700 (PDT) Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id ECA473A6768 for ; Wed, 28 Oct 2009 07:21:22 -0700 (PDT) Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 7DDD920112; Wed, 28 Oct 2009 10:21:37 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 9F2B2445F; Wed, 28 Oct 2009 10:21:31 -0400 (EDT) To: Eliot Lear References: <012201ca56e8$f0e4ac40$0601a8c0@allison> <0cc801ca5752$e24aad00$0600a8c0@china.huawei.com> <4AE834B4.6090209@cisco.com> From: Sam Hartman Date: Wed, 28 Oct 2009 10:21:31 -0400 In-Reply-To: <4AE834B4.6090209@cisco.com> (Eliot Lear's message of "Wed\, 28 Oct 2009 13\:10\:28 +0100") Message-ID: User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Wed, 28 Oct 2009 08:23:48 -0700 Cc: "'Woundy, Richard'" , deketelaere@tComLabs.com, enechamkin@broadcom.com, "'Ong, Lyndon'" , 'Wes Hardaker' , 'Margaret Wasserman' , 'Sumanth Channabasappa' , 'Andi Kosich' , 'Sam Hartman' , v.marinov@jacobs-university.de, akarmaka@cisco.com, 'Huang Min' , syslog@ietf.org, 'Jeffrey Hutzelman' Subject: Re: [Syslog] FW: I-D Action:draft-ietf-syslog-dtls-00.txt X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2009 14:21:24 -0000 >>>>> "Eliot" == Eliot Lear writes: Eliot> Why is this necessary? Isn't it sufficient to import and Eliot> make use of a self-signed certificate? Isn't it easy Eliot> enough to run OpenSSL on a Mac or linux box and import the Eliot> stuff? I could see an argument for usability concerns, but Eliot> that's not sufficient grounds for a MUST. Eliot> An aside about your 2119 language: I haven't reviewed all Eliot> of it, nor am I an 2119 expert, but I can say that you will Eliot> confuse people when you use MUST, SHALL, and REQUIRED. Eliot> Section 5.3.2, 2nd para, last sentence: >> The security parameters SHOULD be checked against the security >> requirements of the requested session to make sure that the >> resumed session provides proper security. Eliot> I think what you are aiming at here is a downgrade attack. Eliot> First, isn't this covered in DTLS? Otherwise, here I would Eliot> argue for a MUST, and I would be more clear about what you Eliot> are protecting against, such as the following: >> In order to avoid downgrade attacks, an exiting session MUST >> NOT be reused if its protection does not match the minimum >> policy requirements of the new SYSLOG over DTLS session >> request. Eliot> Editorial: Eliot> Same section ABNF: is it not customary to use lower case, Eliot> particularly for non-terminals? Eliot> Again, thanks to the authors for putting this out there. Eliot> Eliot Why isn't usability sufficient for a MUST in this case? Here's the argument. Unless turning on security is as easy as not doing so, then there is a sigfificant cost to security and we will not get the benefits we should. As a result, especially because there are significant passive attacks protected against by using DTLS, the security of the protocol will be significantly improved by requiring implementations provide a easy-to-enable security solution. Generating a self-signed cert on a Mac or Linux box is *not* easy compared to running syslogd. Sam, with his painless-security.com hat on. From clonvick@cisco.com Wed Oct 28 12:31:58 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 83CD53A6836 for ; Wed, 28 Oct 2009 12:31:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.224 X-Spam-Level: X-Spam-Status: No, score=-6.224 tagged_above=-999 required=5 tests=[AWL=-0.225, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VuESxa45ft57 for ; Wed, 28 Oct 2009 12:31:56 -0700 (PDT) Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 1E5953A6940 for ; Wed, 28 Oct 2009 12:31:56 -0700 (PDT) Authentication-Results: sj-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmYFAEs56EqrR7H+/2dsb2JhbACQGgGyPJgthD8E X-IronPort-AV: E=Sophos;i="4.44,641,1249257600"; d="scan'208";a="218878716" Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-2.cisco.com with ESMTP; 28 Oct 2009 19:32:11 +0000 Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id n9SJWBfV017003 for ; Wed, 28 Oct 2009 19:32:11 GMT Date: Wed, 28 Oct 2009 12:32:11 -0700 (PDT) From: Chris Lonvick To: syslog@ietf.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: [Syslog] RFC 5674 on Alarms in Syslog (fwd) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2009 19:31:59 -0000 Hi Folks, Just passing this along. Congratulations to Sharon and Reiner. Best regards, Chris ---------- Forwarded message ---------- Date: Wed, 28 Oct 2009 12:19:21 -0700 (PDT) From: rfc-editor@rfc-editor.org To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org Cc: opsawg@ietf.org, rfc-editor@rfc-editor.org Subject: RFC 5674 on Alarms in Syslog A new Request for Comments is now available in online RFC libraries. RFC 5674 Title: Alarms in Syslog Author: S. Chisholm, R. Gerhards Status: Standards Track Date: October 2009 Mailbox: schishol@nortel.com, rgerhards@adiscon.com Pages: 7 Characters: 13837 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-opsawg-syslog-alarm-02.txt URL: http://www.rfc-editor.org/rfc/rfc5674.txt This document describes how to send alarm information in syslog. It includes the mapping of ITU perceived severities onto syslog message fields. It also includes a number of alarm-specific SD-PARAM definitions from X.733 and the IETF Alarm MIB. [STANDARDS TRACK] This document is a product of the Operations and Management Area Working Group Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team USC/Information Sciences Institute _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce From rgerhards@hq.adiscon.com Wed Oct 28 12:58:57 2009 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA6E228C0CE for ; Wed, 28 Oct 2009 12:58:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_93=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1xFFh56E-gI for ; Wed, 28 Oct 2009 12:58:56 -0700 (PDT) Received: from mailin.adiscon.com (hetzner.adiscon.com [85.10.198.18]) by core3.amsl.com (Postfix) with ESMTP id CDEA83A691E for ; Wed, 28 Oct 2009 12:58:55 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mailin.adiscon.com (Postfix) with ESMTP id 1C744241C019; Wed, 28 Oct 2009 20:45:02 +0100 (CET) Received: from mailin.adiscon.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 113gW2aj-Tgt; Wed, 28 Oct 2009 20:45:01 +0100 (CET) Received: from GRFEXC.intern.adiscon.com (p54AC55D3.dip.t-dialin.net [84.172.85.211]) by mailin.adiscon.com (Postfix) with ESMTP id 6192C241C001; Wed, 28 Oct 2009 20:45:01 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 28 Oct 2009 20:59:08 +0100 Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5 Message-ID: <9B6E2A8877C38245BFB15CC491A11DA71032EE@GRFEXC.intern.adiscon.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Syslog] RFC 5674 on Alarms in Syslog (fwd) Thread-Index: AcpYBWwqAGQzCzxwS5+ilVYe+5BrSwAA4DcA References: From: "Rainer Gerhards" To: "Chris Lonvick" , Subject: Re: [Syslog] RFC 5674 on Alarms in Syslog (fwd) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2009 19:58:57 -0000 Hi Chris, Thanks - but it really was Sharon who brought this forward and did the = vast majority of work. I primarily helped it to bootstrap :) Thanks, Sharon! Rainer=20 > -----Original Message----- > From: syslog-bounces@ietf.org=20 > [mailto:syslog-bounces@ietf.org] On Behalf Of Chris Lonvick > Sent: Wednesday, October 28, 2009 8:32 PM > To: syslog@ietf.org > Subject: [Syslog] RFC 5674 on Alarms in Syslog (fwd) >=20 > Hi Folks, >=20 > Just passing this along. Congratulations to Sharon and Reiner. >=20 > Best regards, > Chris >=20 > ---------- Forwarded message ---------- > Date: Wed, 28 Oct 2009 12:19:21 -0700 (PDT) > From: rfc-editor@rfc-editor.org > To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org > Cc: opsawg@ietf.org, rfc-editor@rfc-editor.org > Subject: RFC 5674 on Alarms in Syslog >=20 >=20 > A new Request for Comments is now available in online RFC libraries. >=20 >=20 > RFC 5674 >=20 > Title: Alarms in Syslog > Author: S. Chisholm, R. Gerhards > Status: Standards Track > Date: October 2009 > Mailbox: schishol@nortel.com, > rgerhards@adiscon.com > Pages: 7 > Characters: 13837 > Updates/Obsoletes/SeeAlso: None >=20 > I-D Tag: draft-ietf-opsawg-syslog-alarm-02.txt >=20 > URL: http://www.rfc-editor.org/rfc/rfc5674.txt >=20 > This document describes how to send alarm information in syslog. It > includes the mapping of ITU perceived severities onto syslog message > fields. It also includes a number of alarm-specific SD-PARAM > definitions from X.733 and the IETF Alarm MIB. [STANDARDS TRACK] >=20 > This document is a product of the Operations and Management=20 > Area Working Group Working Group of the IETF. >=20 > This is now a Proposed Standard Protocol. >=20 > STANDARDS TRACK: This document specifies an Internet standards track > protocol for the Internet community,and requests discussion=20 > and suggestions > for improvements. Please refer to the current edition of the Internet > Official Protocol Standards (STD 1) for the standardization state and > status of this protocol. Distribution of this memo is unlimited. >=20 > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > http://www.ietf.org/mailman/listinfo/ietf-announce > http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist >=20 > For searching the RFC series, see=20 > http://www.rfc-editor.org/rfcsearch.html. > For downloading RFCs, see http://www.rfc-editor.org/rfc.html. >=20 > Requests for special distribution should be addressed to either the > author of the RFC in question, or to=20 > rfc-editor@rfc-editor.org. Unless > specifically noted otherwise on the RFC itself, all RFCs are for > unlimited distribution. >=20 >=20 > The RFC Editor Team > USC/Information Sciences Institute >=20 >=20 > _______________________________________________ > IETF-Announce mailing list > IETF-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-announce > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog >=20