From syslog-bounces@lists.ietf.org Sun Sep 02 11:57:19 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IRrnN-0006zJ-DG; Sun, 02 Sep 2007 11:55:29 -0400 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IRrnL-0006v8-D5; Sun, 02 Sep 2007 11:55:27 -0400 Received: from [202.99.23.227] (helo=people.com.cn) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1IRrnK-0006ss-En; Sun, 02 Sep 2007 11:55:27 -0400 Received: from people.com.cn([127.0.0.1]) by people.com.cn(AIMC 2.9.5.8) with SMTP id jm4846db357b; Mon, 03 Sep 2007 00:07:39 +0800 Received: from megatron.ietf.org([156.154.16.145]) by people.com.cn(AIMC 2.9.5.8) with SMTP id jm3a46d6016b; Thr, 30 Aug 2007 06:07:20 +0800 Received: from megatron.ietf.org([156.154.16.145]) by people.com.cn(AIMC 2.9.5.8) with SMTP id AISP action; Thr, 30 Aug 2007 06:07:20 +0800 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IQTya-0002GB-CM; Wed, 29 Aug 2007 16:17:20 -0400 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IQTwr-0000Iv-Kl; Wed, 29 Aug 2007 16:15:35 -0400 Received: from ns3.neustar.com ([156.154.24.138]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IQTwr-0000IU-23; Wed, 29 Aug 2007 16:15:33 -0400 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns3.neustar.com (Postfix) with ESMTP id A630E175A7; Wed, 29 Aug 2007 20:15:02 +0000 (GMT) Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1IQTwM-0004CG-4W; Wed, 29 Aug 2007 16:15:02 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Message-Id: Date: Wed, 29 Aug 2007 16:15:02 -0400 X-Spam-Score: 0.0 (/) X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1 X-BeenThere: i-d-announce@ietf.org X-Mailman-Version: 2.1.5 Precedence: list X-AIMC-AUTH: (null) X-AIMC-MAILFROM: i-d-announce-bounces@ietf.org X-AIMC-AUTH: (null) X-AIMC-MAILFROM: Internet-Drafts@ietf.org X-Auto-Forward: jaglee@people.com.cn jag@kw.com.cn X-Spam-Score: 2.8 (++) X-Scan-Signature: 14582b0692e7f70ce7111d04db3781c8 Cc: syslog@ietf.org Subject: [Syslog] I-D ACTION:draft-ietf-syslog-transport-udp-11.txt X-BeenThere: syslog@lists.ietf.org Reply-To: internet-drafts@ietf.org List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : Transmission of syslog messages over UDP Author(s) : A. Okmianski Filename : draft-ietf-syslog-transport-udp-11.txt Pages : 10 Date : 2007-8-29 This document describes the transport for syslog messages over UDP/ IPv4 or UDP/IPv6. The syslog protocol layered architecture provides for support of any number of transport mappings. However, for interoperability purposes, syslog protocol implementers are required to support this transport mapping. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-udp-11.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-syslog-transport-udp-11.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-syslog-transport-udp-11.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2007-8-29151332.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-syslog-transport-udp-11.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-syslog-transport-udp-11.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2007-8-29151332.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/i-d-announce --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog --NextPart-- From syslog-bounces@lists.ietf.org Wed Sep 05 16:17:23 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IT1Hl-0003jK-N4; Wed, 05 Sep 2007 16:15:37 -0400 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IT1Hh-0003f1-0w; Wed, 05 Sep 2007 16:15:33 -0400 Received: from ns4.neustar.com ([156.154.24.139]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IT1Hg-0000xk-L4; Wed, 05 Sep 2007 16:15:32 -0400 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns4.neustar.com (Postfix) with ESMTP id 9012F2AC61; Wed, 5 Sep 2007 20:15:02 +0000 (GMT) Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1IT1HC-00041i-8i; Wed, 05 Sep 2007 16:15:02 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Message-Id: Date: Wed, 05 Sep 2007 16:15:02 -0400 X-Spam-Score: 0.0 (/) X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1 Cc: syslog@ietf.org Subject: [Syslog] I-D ACTION:draft-ietf-syslog-transport-udp-12.txt X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : Transmission of syslog messages over UDP Author(s) : A. Okmianski Filename : draft-ietf-syslog-transport-udp-12.txt Pages : 10 Date : 2007-9-5 This document describes the transport for syslog messages over UDP/ IPv4 or UDP/IPv6. The syslog protocol layered architecture provides for support of any number of transport mappings. However, for interoperability purposes, syslog protocol implementers are required to support this transport mapping. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-udp-12.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-syslog-transport-udp-12.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-syslog-transport-udp-12.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2007-9-5151233.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-syslog-transport-udp-12.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-syslog-transport-udp-12.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2007-9-5151233.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog --NextPart-- From syslog-bounces@lists.ietf.org Thu Sep 06 15:16:57 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITMom-0003u2-AP; Thu, 06 Sep 2007 15:15:08 -0400 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITMog-0003tQ-Mi; Thu, 06 Sep 2007 15:15:02 -0400 Received: from ns4.neustar.com ([156.154.24.139]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1ITMog-0003Tc-8I; Thu, 06 Sep 2007 15:15:02 -0400 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns4.neustar.com (Postfix) with ESMTP id 0D2AB2AC61; Thu, 6 Sep 2007 19:15:02 +0000 (GMT) Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1ITMof-00082v-Q4; Thu, 06 Sep 2007 15:15:01 -0400 Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 To: i-d-announce@ietf.org From: Internet-Drafts@ietf.org Message-Id: Date: Thu, 06 Sep 2007 15:15:01 -0400 X-Spam-Score: 0.0 (/) X-Scan-Signature: 5011df3e2a27abcc044eaa15befcaa87 Cc: syslog@ietf.org Subject: [Syslog] I-D ACTION:draft-ietf-syslog-protocol-23.txt X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF. Title : The syslog Protocol Author(s) : R. Gerhards Filename : draft-ietf-syslog-protocol-23.txt Pages : 39 Date : 2007-9-6 This document describes the syslog protocol, which is used to convey event notification messages. This protocol utilizes a layered architecture, which allows the use of any number of transport protocols for transmission of syslog messages. It also provides a message format that allows vendor-specific extensions to be provided in a structured way. This document has been written with the original design goals for traditional syslog in mind. The reason for a new layered specification has arisen because standardization efforts for reliable and secure syslog extensions suffer from the lack of a standards- track and transport independent RFC. Without this document, each other standard needs to define its own syslog packet format and transport mechanism, which over time will introduce subtle compatibility issues. This document tries to provide a foundation that syslog extensions can build on. This layered architecture approach also provides a solid basis that allows code to be written once for each syslog feature rather than once for each transport. This document obsoletes RFC3164. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-protocol-23.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-syslog-protocol-23.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-syslog-protocol-23.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2007-9-6144602.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-syslog-protocol-23.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-syslog-protocol-23.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2007-9-6144602.I-D@ietf.org> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog --NextPart-- From syslog-bounces@lists.ietf.org Fri Sep 07 11:59:23 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITgDA-0007ZY-Gy; Fri, 07 Sep 2007 11:57:36 -0400 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITgD8-0007YX-KG; Fri, 07 Sep 2007 11:57:34 -0400 Received: from dhcp-18-188-10-61.dyn.mit.edu ([18.188.10.61] helo=carter-zimmerman.suchdamage.org) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1ITgD8-0000EW-7i; Fri, 07 Sep 2007 11:57:34 -0400 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 8747548C4; Fri, 7 Sep 2007 11:57:33 -0400 (EDT) From: Sam Hartman To: syslog@ietf.org,chris.newman@sun.com Date: Fri, 07 Sep 2007 11:57:33 -0400 Message-ID: User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 0.3 (/) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 Cc: iesg@ietf.org Subject: [Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8 security X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi, folks. I think the WG made a mistake trying to address Chris Newman's comment about Unicode TR36 and made the situation worse. My understanding of what the WG was trying to do is to require that if a BOM is present in a string, then the implementation can enforce strict checks because it knows the message is Unicode and UTF-8. Without the BOM, there's not a lot you can do. The goal here is to have consistent and secure internationalization between two new implementations--that is a sender that includes the BOM and a receiver that understands it. So, basically the BOM is a signal that "Hi, there; I'm new and you can trust my i18n to be reasonably well thought through." The following change seems to break this. - If a syslog application is processing a MSG starting with a BOM, then - it MUST be interpreted as being encoded in UTF-8 for the reasons - outlined in UNICODE TR36 [UNICODE-TR36], section 3.1. If a syslog - application does not encode MSG in UTF-8, the string MUST NOT start - with the Unicode BOM. Guidance about this is given in Appendix A.8. + If a syslog application is processing a MSG starting with a BOM, if + it contains UTF-8 that is not shortest form it MUST NOT be + interpreted as being encoded in UTF-8 for the reasons outlined in + [UNICODE-TR36], section 3.1. Guidance about this is given in + Appendix A.8. In particular if you get text from a new implementation that is not shortest-form, it is an error. You want to throw it away , or do something else to indicate you have a security problem, not just treat it as another encoding. I propose the following text but would be open to alternatives: If a syslog application is processing a MSG starting with a BOM, if it contains UTF-8 that is not shortest form it MUST be discarded for the reasons outlined in [UNICODE-TR36], section 3.1. Guidance about this is given in Appendix A.8. _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Fri Sep 07 14:10:44 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITiGD-00011F-CZ; Fri, 07 Sep 2007 14:08:53 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITiGC-000119-Mw for syslog@ietf.org; Fri, 07 Sep 2007 14:08:52 -0400 Received: from dhcp-18-188-10-61.dyn.mit.edu ([18.188.10.61] helo=carter-zimmerman.suchdamage.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ITiGB-00087t-Gm for syslog@ietf.org; Fri, 07 Sep 2007 14:08:52 -0400 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id D34F148C4; Fri, 7 Sep 2007 14:08:50 -0400 (EDT) To: syslog@ietf.org From: Sam Hartman Message-Id: <20070907180850.D34F148C4@carter-zimmerman.suchdamage.org> Date: Fri, 7 Sep 2007 14:08:50 -0400 (EDT) X-Spam-Score: 0.1 (/) X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b Cc: Subject: [Syslog] Implications of protocol draft changes for tls draft X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Greetings. Other than the issue I pointed out today, it looks like we're done with protocol and transport-udp. Once that issue is resolved I can approve both of these documents and send them to the rfc-editor. However, in your discussions with the transport area directors you made some changes to the protocol document that have implications for the tls document. Curently, the tls document is awaiting revisions to address my latest round of comments. I'd like the working group to think about the implications of changes to protocol when revising the tls document. In particular, you are now recommending that the tls transport be used in most situations in preference to the udp transport. As a consequence, that means the tls transport is no longer just for security sensitive applications. So, the TLS document needs to reflect this wider applicability. In particular, I definitely expect it to work in cases where senders do not have certificates. The working group also needs to think about delployment issues surrounding trust anchors. You need to either convince yourselves that getting appropriate trust anchors onto devices will not be a problem in these situations or provide mandatory-to-implmenet semantics when trust anchors cannot be provided. One possible solution would be a mandatory-to-implement mode where the tls transport does not protect against active attackers and certificates are not checked on either side. If explicit security configuration is available then certificates can be checked providing defense against active attack. there are other possible solutions as well, depending on what the working group believes is appropriate leves of configuration. I just want you to actually produce a protocol that will be easy to deploy because that will be important given its expanded applicability. _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From rybsmom@semianatropousw.nu Sat Sep 08 00:36:37 2007 Return-path: Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITs3h-0001HF-A1 for syslog-archive@lists.ietf.org; Sat, 08 Sep 2007 00:36:37 -0400 Received: from [201.244.240.20] (helo=cels.net) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1ITs3g-0002hk-JR for syslog-archive@lists.ietf.org; Sat, 08 Sep 2007 00:36:37 -0400 From: "rybsmom@semianatropousw.nu" To: Subject: This Watch is in spades Date: Fri, 07 Sep 2007 21:40:00 -0800 MIME-Version: 1.0 Content-Type: text/plain; Content-Transfer-Encoding: 7Bit boundary="--MABEFG77644" X-Spam-Score: 4.6 (++++) X-Scan-Signature: 68c8cc8a64a9d0402e43b8eee9fc4199 I had a meeting to attend to, and I needed something classy yet professional to wear. One of my friends told me about your website and I've seen him wearing one of your watches, but I was still sceptical to buy a replica watch. I took my chance though, and ordered a Rolex from your website. When I received it, I was definitely impressed, but wasn't sure if my ssociates would be able to tell it's a replica. But when I showed up to the meeting, they couldn't take their eyes off of my new watch. This watch gave me what I was looking for, classy style, with a touch of professionalism. - Sheena S., Just go to http://www.cs2r23c1337.com Hate receiveing these messages http://www.cs2r23c1337.com/remove From syslog-bounces@lists.ietf.org Sun Sep 09 22:41:39 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUZBo-0007Tz-Ka; Sun, 09 Sep 2007 22:39:52 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUZBm-0007L7-Oz; Sun, 09 Sep 2007 22:39:50 -0400 Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IUZBl-00061W-Hr; Sun, 09 Sep 2007 22:39:50 -0400 X-IronPort-AV: E=Sophos;i="4.20,228,1186383600"; d="scan'208";a="175159199" Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-5.cisco.com with ESMTP; 09 Sep 2007 19:39:49 -0700 Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id l8A2dm6T020269; Sun, 9 Sep 2007 19:39:48 -0700 Received: from sjc-cde-003.cisco.com (sjc-cde-003.cisco.com [171.71.162.27]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id l8A2dmEx025255; Mon, 10 Sep 2007 02:39:48 GMT Date: Sun, 9 Sep 2007 19:39:48 -0700 (PDT) From: Chris Lonvick To: Sam Hartman Subject: Re: [Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8 security In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2454; t=1189391988; x=1190255988; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=clonvick@cisco.com; z=From:=20Chris=20Lonvick=20 |Subject:=20Re=3A=20[Syslog]=20Change=20between=20syslog-protocol=2021=20 and=2023=20breaks=20UTF-8=0A=20security |Sender:=20; bh=Gni46pVd2ypNL3OFVutuXneSz01IJAHzac4cXoQCB94=; b=lo63Rc+WwqUcBHPjSkLnsspbi3q3u+HQ0cT41RHbe4/AFXBQIDKYjD42nw5R89v43P48WH8c XEnS6bfC2Ahzjbzl2V7fgT2lyOLZvF4lO1jQ/isOAvP4dAT2ihHsRAhYHhul94CQ84bmAen7Pe F+fYUBaCjewk+6fPzSQJhjdnQ=; Authentication-Results: sj-dkim-1; header.From=clonvick@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; ); X-Spam-Score: -3.8 (---) X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0 Cc: syslog@ietf.org, chris.newman@sun.com, iesg@ietf.org X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi Sam, I'm going to wait a day or so for any input from the WG. However, the proposed text seems to be acceptable. Do you want a new ID, or is this something that we can change in AUTH24? Thanks, Chris On Fri, 7 Sep 2007, Sam Hartman wrote: > > > Hi, folks. > > I think the WG made a mistake trying to address Chris Newman's comment > about Unicode TR36 and made the situation worse. > > My understanding of what the WG was trying to do is to require that if > a BOM is present in a string, then the implementation can enforce > strict checks because it knows the message is Unicode and UTF-8. > Without the BOM, there's not a lot you can do. The goal here is to > have consistent and secure internationalization between two new > implementations--that is a sender that includes the BOM and a receiver > that understands it. So, basically the BOM is a signal that "Hi, > there; I'm new and you can trust my i18n to be reasonably well thought > through." > The following change seems to break this. > > > - If a syslog application is processing a MSG starting with a BOM, then > - it MUST be interpreted as being encoded in UTF-8 for the reasons > - outlined in UNICODE TR36 [UNICODE-TR36], section 3.1. If a syslog > - application does not encode MSG in UTF-8, the string MUST NOT start > - with the Unicode BOM. Guidance about this is given in Appendix A.8. > + If a syslog application is processing a MSG starting with a BOM, if > + it contains UTF-8 that is not shortest form it MUST NOT be > + interpreted as being encoded in UTF-8 for the reasons outlined in > + [UNICODE-TR36], section 3.1. Guidance about this is given in > + Appendix A.8. > > > In particular if you get text from a new implementation that is not > shortest-form, it is an error. You want to throw it away , or do > something else to indicate you have a security problem, not just treat > it as another encoding. > > I propose the following text but would be open to alternatives: > > > If a syslog application is processing a MSG starting with a BOM, if > it contains UTF-8 that is not shortest form it MUST be discarded for the reasons outlined in > [UNICODE-TR36], section 3.1. Guidance about this is given in > Appendix A.8. > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Mon Sep 10 13:37:46 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUnAx-0001IP-MM; Mon, 10 Sep 2007 13:35:55 -0400 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUnAw-0001Hg-Az; Mon, 10 Sep 2007 13:35:54 -0400 Received: from dhcp-18-188-10-61.dyn.mit.edu ([18.188.10.61] helo=carter-zimmerman.suchdamage.org) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IUnAw-0005pL-4C; Mon, 10 Sep 2007 13:35:54 -0400 Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 98FE948C4; Mon, 10 Sep 2007 13:35:53 -0400 (EDT) From: Sam Hartman To: Chris Lonvick Subject: Re: [Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8 security References: Date: Mon, 10 Sep 2007 13:35:53 -0400 In-Reply-To: (Chris Lonvick's message of "Sun, 9 Sep 2007 19:39:48 -0700 (PDT)") Message-ID: User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 0.3 (/) X-Scan-Signature: bb8eae9af85e4fcfe76f325e38493bf4 Cc: syslog@ietf.org, chris.newman@sun.com, iesg@ietf.org X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org If the WG is OK with my proposed text, I'll handle it in an rfc editor note _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Tue Sep 11 03:09:05 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUzqA-0002yF-FD; Tue, 11 Sep 2007 03:07:18 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUzq4-0002rv-OZ; Tue, 11 Sep 2007 03:07:12 -0400 Received: from hetzner.adiscon.com ([85.10.201.79]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IUzq3-0001IX-AS; Tue, 11 Sep 2007 03:07:12 -0400 Received: from localhost (localhost [127.0.0.1]) by hetzner.adiscon.com (Postfix) with ESMTP id EF12527C08D; Tue, 11 Sep 2007 09:06:27 +0200 (CEST) Received: from hetzner.adiscon.com ([127.0.0.1]) by localhost (hetzner [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04966-09; Tue, 11 Sep 2007 09:06:27 +0200 (CEST) Received: from grfint2.intern.adiscon.com (p50989a7c.dip0.t-ipconnect.de [80.152.154.124]) by hetzner.adiscon.com (Postfix) with ESMTP id B259327C06F; Tue, 11 Sep 2007 09:06:27 +0200 (CEST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8security X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Tue, 11 Sep 2007 09:07:03 +0200 Message-ID: <577465F99B41C842AAFBE9ED71E70ABA278989@grfint2.intern.adiscon.com> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8security Thread-Index: Acfz0RR0UcyVXWprRX2u3A8lxygaDQAcS8Tg References: From: "Rainer Gerhards" To: "Sam Hartman" , "Chris Lonvick" X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at adiscon.com X-Spam-Score: 0.2 (/) X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906 Cc: syslog@ietf.org, chris.newman@sun.com, iesg@ietf.org X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Sam, your proposed text is fine with me. So from my side, please go ahead. Thanks for your help, Rainer > -----Original Message----- > From: Sam Hartman [mailto:hartmans-ietf@mit.edu] > Sent: Monday, September 10, 2007 7:36 PM > To: Chris Lonvick > Cc: syslog@ietf.org; chris.newman@sun.com; iesg@ietf.org > Subject: Re: [Syslog] Change between syslog-protocol 21 and 23 breaks > UTF-8security >=20 > If the WG is OK with my proposed text, I'll handle it in an rfc editor > note >=20 > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Tue Sep 11 08:54:19 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IV5EB-00049Q-Qr; Tue, 11 Sep 2007 08:52:27 -0400 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IV5EA-00048o-Do; Tue, 11 Sep 2007 08:52:26 -0400 Received: from sj-iport-6.cisco.com ([171.71.176.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IV5EA-0003Rh-4A; Tue, 11 Sep 2007 08:52:26 -0400 X-IronPort-AV: E=Sophos;i="4.20,237,1186383600"; d="scan'208";a="215981028" Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 11 Sep 2007 05:52:25 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id l8BCqPYu012698; Tue, 11 Sep 2007 05:52:25 -0700 Received: from sjc-cde-003.cisco.com (sjc-cde-003.cisco.com [171.71.162.27]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l8BCqPau021262; Tue, 11 Sep 2007 12:52:25 GMT Date: Tue, 11 Sep 2007 05:52:25 -0700 (PDT) From: Chris Lonvick To: Sam Hartman Subject: Re: [Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8 security In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=244; t=1189515145; x=1190379145; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=clonvick@cisco.com; z=From:=20Chris=20Lonvick=20 |Subject:=20Re=3A=20[Syslog]=20Change=20between=20syslog-protocol=2021=20 and=2023=20breaks=20UTF-8=0A=20=20security |Sender:=20; bh=knxC9vYiSYAkm7ufUzClRmF6PlR7EmS3Ql4KmRzkNiI=; b=C4M9mNS24FMGgRuRWR7L+N3aMy6VPnEgSUmPKpHn6P9+pUL76G20rCW499Xe7UtZFB6FDkPQ pjJ6ZDeUac+tnq+ebXEAbRIEcyMnsUAULjIrkM8kzXICBm5YsdAlUlyw; Authentication-Results: sj-dkim-3; header.From=clonvick@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; ); X-Spam-Score: 0.2 (/) X-Scan-Signature: 68c8cc8a64a9d0402e43b8eee9fc4199 Cc: syslog@ietf.org, chris.newman@sun.com, iesg@ietf.org X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi Sam, I've heard no objection from the WG on your proposed wording. Please go with that. Thanks, Chris On Mon, 10 Sep 2007, Sam Hartman wrote: > If the WG is OK with my proposed text, I'll handle it in an rfc editor note > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Tue Sep 11 10:23:57 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IV6d1-0004Ru-LG; Tue, 11 Sep 2007 10:22:11 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IV6cy-0004Qm-5k; Tue, 11 Sep 2007 10:22:08 -0400 Received: from ns1.neustar.com ([2001:503:c779:1a::9c9a:108a]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IV6cx-0004Cw-Me; Tue, 11 Sep 2007 10:22:08 -0400 Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns1.neustar.com (Postfix) with ESMTP id 7350026E7B; Tue, 11 Sep 2007 14:22:07 +0000 (GMT) Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1IV6cx-00044i-Bu; Tue, 11 Sep 2007 10:22:07 -0400 X-test-idtracker: no From: The IESG To: IETF-Announce Message-Id: Date: Tue, 11 Sep 2007 10:22:07 -0400 X-Spam-Score: -1.4 (-) X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17 Cc: syslog mailing list , Internet Architecture Board , syslog chair , RFC Editor Subject: [Syslog] Protocol Action: 'The syslog Protocol' to Proposed Standard X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org The IESG has approved the following documents: - 'The syslog Protocol ' as a Proposed Standard - 'Transmission of syslog messages over UDP ' as a Proposed Standard These documents are products of the Security Issues in Network Event Logging Working Group. The IESG contact persons are Sam Hartman and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-syslog-protocol-23.txt Technical Summary This document describes the syslog protocol, which is used to convey event notification messages. This protocol utilizes a layered architecture, which allows the use of any number of transport protocols for transmission of syslog messages. It also provides a message format that allows vendor-specific extensions to be provided in a structured way. This document has been written with the anticipated original design goals for traditional syslog in mind. The reason for a new layered specification has arisen because standardization efforts for reliable and secure syslog extensions suffer from the lack of a standards- track and transport independent RFC. Without this document, each other standard needs to define its own syslog packet format and transport mechanism, which over time will introduce subtle compatibility issues. This document tries to provide a foundation that syslog extensions can build on. This layered architecture approach also provides a solid basis that allows code to be written once for each syslog feature rather than once for each transport. This ballot also includes the UDP transport for syslog. This transport is similar to that used across the internet today. Working Group Summary The working group had consensus to publish these documents as a proposed standard. Protocol Quality This document has been reviewed by Sam Hartman for the IESG. Note to RFC Editor The protocol draft obsoletes RFC 3164 In the protocol draft section 6.4: old: If a syslog application is processing a MSG starting with a BOM, if it contains UTF-8 that is not shortest form it MUST NOT be interpreted as being encoded in UTF-8 for the reasons outlined in [UNICODE-TR36], section 3.1. Guidance about this is given in Appendix A.8. new: If a syslog application is processing a MSG starting with a BOM, if it contains UTF-8 that is not shortest form it MUST be discarded for the reasons outlined in [UNICODE-TR36], section 3.1. Guidance about this is given in Appendix A.8. _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Wed Sep 12 10:22:00 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVT4i-00010i-7H; Wed, 12 Sep 2007 10:20:16 -0400 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVT4g-00010P-Rw for syslog@ietf.org; Wed, 12 Sep 2007 10:20:15 -0400 Received: from galaxy.systems.pipex.net ([62.241.162.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IVT4f-0008PP-L0 for syslog@ietf.org; Wed, 12 Sep 2007 10:20:14 -0400 Received: from pc6 (1Cust86.tnt2.lnd4.gbr.da.uu.net [62.188.131.86]) by galaxy.systems.pipex.net (Postfix) with SMTP id 4D2B6E000A9D; Wed, 12 Sep 2007 15:20:12 +0100 (BST) Message-ID: <077901c7f53e$c5b995c0$0601a8c0@pc6> From: "tom.petch" To: "syslog" , "Sam Hartman" References: <20070907180850.D34F148C4@carter-zimmerman.suchdamage.org> Subject: Re: [Syslog] Implications of protocol draft changes for tls draft Date: Wed, 12 Sep 2007 15:10:20 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: -101.0 (---------------------------------------------------) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9 Cc: X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "tom.petch" List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Tom Petch ----- Original Message ----- From: "Sam Hartman" To: Sent: Friday, September 07, 2007 8:08 PM Subject: [Syslog] Implications of protocol draft changes for tls draft > > > Greetings. Other than the issue I pointed out today, it looks like > we're done with protocol and transport-udp. Once that issue is > resolved I can approve both of these documents and send them to the > rfc-editor. > > However, in your discussions with the transport area directors you > made some changes to the protocol document that have implications for > the tls document. Curently, the tls document is awaiting revisions to > address my latest round of comments. I'd like the working group to > think about the implications of changes to protocol when revising the > tls document. > > In particular, you are now recommending that the tls transport be used > in most situations in preference to the udp transport. As a > consequence, that means the tls transport is no longer just for > security sensitive applications. So, the TLS document needs to > reflect this wider applicability. > > In particular, I definitely expect it to work in cases where senders > do not have certificates. The working group also needs to think about > delployment issues surrounding trust anchors. You need to either > convince yourselves that getting appropriate trust anchors onto > devices will not be a problem in these situations or provide > mandatory-to-implmenet semantics when trust anchors cannot be > provided. > The timing seems unfortunate. I saw a trust anchor BOF proposed in Chicago so in a year or two's time, we could piggy back someone else's work. As of now, this could be a struggle. Tom Petch _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From amir.ikram@darost.elytrin.com Wed Sep 19 02:00:17 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IXsbh-0006Zs-K5 for syslog-archive@lists.ietf.org; Wed, 19 Sep 2007 02:00:17 -0400 Received: from [190.42.131.236] (helo=ieazvfr) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1IXsbc-0007dP-8o for syslog-archive@lists.ietf.org; Wed, 19 Sep 2007 02:00:13 -0400 Received: from [117.24.213.73] (helo=bcupv) by ieazvfr with smtp (Exim 4.62 (FreeBSD)) id 1Jt@2-0002MX-S9; Wed, 19 Sep 2007 01:04:02 -0500 Message-ID: <002701c7fa82$4f643c10$49d51875@bcupv> From: To: Subject: Thousands of hours of fun, for free Date: Wed, 19 Sep 2007 00:59:58 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-Spam-Score: 4.5 (++++) X-Scan-Signature: 01485d64dfa90b45a74269b3ca9d5574 One Thousand games Online.......Free. Check it out http://222.105.202.243/ From vancauter@pacbell.net Wed Sep 19 09:33:14 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IXzg2-0001by-As for syslog-archive@lists.ietf.org; Wed, 19 Sep 2007 09:33:14 -0400 Received: from [122.38.138.2] (helo=oirp) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1IXzg0-0001td-Rs for syslog-archive@lists.ietf.org; Wed, 19 Sep 2007 09:33:14 -0400 Received: from fbcft ([163.196.196.128]) by oirp with Microsoft SMTPSVC(5.0.2195.6713); Wed, 19 Sep 2007 22:32:35 +0900 Message-ID: <002101c7fac1$89f6e640$80c4c4a3@fbcft> From: To: Subject: Save some money Date: Wed, 19 Sep 2007 22:32:35 +0900 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 4.9 (++++) X-Scan-Signature: 01485d64dfa90b45a74269b3ca9d5574 One stop shopping for all your pharmaceutical needs http://tskone.feelshell.cn/?179703874187 From kolton@gymmo.shacknet.nu Wed Sep 19 15:57:03 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IY5fT-0005qb-IK for syslog-archive@lists.ietf.org; Wed, 19 Sep 2007 15:57:03 -0400 Received: from [201.224.204.82] (helo=gjvzk) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1IY5fS-0004Pn-3c for syslog-archive@lists.ietf.org; Wed, 19 Sep 2007 15:57:03 -0400 Received: from pts ([47.50.29.237]) by gjvzk (8.13.1/8.13.1) with SMTP id l8JJx9e2024239; Wed, 19 Sep 2007 14:59:09 -0500 Message-ID: <46F17F04.8070701@gymmo.shacknet.nu> Date: Wed, 19 Sep 2007 14:56:52 -0500 From: User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: syslog-archive@lists.ietf.org Subject: Backdoor to free game site Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.1 (/) X-Scan-Signature: 0f1ff0b0158b41ac6b9548d0972cdd31 Got games? Want more? http://71.194.236.23/ From wbice@mcw.net Sat Sep 22 07:08:35 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZ2qh-0008IY-C0 for syslog-archive@lists.ietf.org; Sat, 22 Sep 2007 07:08:35 -0400 Received: from [122.164.198.222] (helo=ABTS-TN-Dynamic-222.198.164.122.airtelbroadband.in) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1IZ2qX-00036o-Li for syslog-archive@lists.ietf.org; Sat, 22 Sep 2007 07:08:27 -0400 Received: from jhwrt ([187.108.124.173]) by ABTS-TN-Dynamic-222.198.164.122.airtelbroadband.in with Microsoft SMTPSVC(5.0.2195.6713); Sat, 22 Sep 2007 16:37:39 +0530 Message-ID: <46F4F77B.1080306@mcw.net> Date: Sat, 22 Sep 2007 16:37:39 +0530 From: User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: syslog-archive@lists.ietf.org Subject: Finally, something truly free on the net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.1 (/) X-Scan-Signature: 01485d64dfa90b45a74269b3ca9d5574 Do you like games? We do to. Get 1000 free games online. http://66.61.160.97/ From syslog-bounces@lists.ietf.org Mon Sep 24 12:00:59 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZqK4-0000g2-6x; Mon, 24 Sep 2007 11:58:12 -0400 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZqK2-0000fw-Ue for syslog@ietf.org; Mon, 24 Sep 2007 11:58:11 -0400 Received: from rwcrmhc13.comcast.net ([204.127.192.83]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IZqK2-0005KK-AN for syslog@ietf.org; Mon, 24 Sep 2007 11:58:10 -0400 Received: from harrington73653 (c-24-128-104-207.hsd1.nh.comcast.net[24.128.104.207]) by comcast.net (rwcrmhc13) with SMTP id <20070924155808m13000klcae>; Mon, 24 Sep 2007 15:58:09 +0000 From: "David Harrington" To: "'Chris Lonvick'" , Date: Mon, 24 Sep 2007 11:57:39 -0400 Message-ID: <023e01c7fec3$a8f8e470$6702a8c0@china.huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Thread-Index: Acf+w6H15y4PHVhESjOngzeaehrL4A== X-Spam-Score: 0.0 (/) X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4 Cc: syslog@ietf.org Subject: [Syslog] syslog-tc-mib-02 X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi, I have reviewed syslog-tc-mib and have some comments. 1. wording /in general will/will usually/ /among other things// /-- Will be assigned by IANA// 2. The description of SyslogFacility should include the text currently found in a comment " -- Some of the operating system daemons and processes are -- traditionally designated by the Facility values given below. -- Daemons and processes that do not have an explicitly -- assigned Facility may use any of the "local use" Facilities -- or they may use the "user-level" Facility." /of the// 3. The descripiton of SyslogFacility should state that "The range of this TC cannot be extended beyond (23), because it is used to calculate priority, which is the product of facility and severity." 4. I think the descripton clause for facility should include the following from the overview: "The facility codes have been useful in qualifying the originator of the content of the messages but in some cases they are not specific enough to explicitly identify the source. Implementations of the syslog protocol [RFCPROT] may also use Structured Data Elements (SDEs) to clarify the entity that originated the content of the message." (I recommend this because MIB modules are often shipped without the surrounding document text, and we want users to see this information. I also condensed the text slightly from the comment.) 5. The descripiton of SyslogSeverity should state that "The range of this TC cannot be extended beyond (7), because it is used to calculate priority, which is the product of facility and severity." 6. The decription in SyslogSeverity should explain that "the definitions for each severity are not clearly defined, and traditionally the daemon or process chooses the severity to report based on information it has available." I recommend adding a REFERENCE clause to the discussion of severity values in RFCPROT A.3. 7. I think the descripton clause for severity would benefit from including the following: "The severity codes have been useful in qualifying the importance of the content of the messages. Implementations of the syslog protocol [RFCPROT] may also use Structured Data Elements (SDEs) to further clarify the importance of the content." 8. There is a NOTE that says PROT will be replaced; it does not identify who should do the replacement. I suggest updating the ID number to 23, and turning the NOTE into an RFC editor's note. 9. I have checked the MIB module using libsmi, and the document using idnits, and the document looks good. David Harrington dbharrington@comcast.net ietfdbh@comcast.net _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From syslog-bounces@lists.ietf.org Mon Sep 24 12:06:26 2007 Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZqRm-0005VJ-P0; Mon, 24 Sep 2007 12:06:10 -0400 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZqRl-0005Tn-9n for syslog@ietf.org; Mon, 24 Sep 2007 12:06:09 -0400 Received: from rwcrmhc15.comcast.net ([216.148.227.155]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IZqRg-0005tn-Jy for syslog@ietf.org; Mon, 24 Sep 2007 12:06:05 -0400 Received: from harrington73653 (c-24-128-104-207.hsd1.nh.comcast.net[24.128.104.207]) by comcast.net (rwcrmhc15) with SMTP id <20070924160603m1500ca3eje>; Mon, 24 Sep 2007 16:06:03 +0000 From: "David B Harrington" To: "'David Harrington'" , "'Chris Lonvick'" , References: <023e01c7fec3$a8f8e470$6702a8c0@china.huawei.com> Date: Mon, 24 Sep 2007 12:05:34 -0400 Message-ID: <023f01c7fec4$c3e3a670$6702a8c0@china.huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 In-Reply-To: <023e01c7fec3$a8f8e470$6702a8c0@china.huawei.com> Thread-Index: Acf+w6H15y4PHVhESjOngzeaehrL4AAAInUg X-Spam-Score: 0.0 (/) X-Scan-Signature: f66b12316365a3fe519e75911daf28a8 Cc: syslog@ietf.org Subject: [Syslog] RE: syslog-tc-mib-02 X-BeenThere: syslog@lists.ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: syslog-bounces@lists.ietf.org Hi, In rereading this message, I realize that "may also use" could be misinterpreted as meaning "may use SDEs instead of". So the wording might be better as "may use supplementary" dbh > -----Original Message----- > From: David Harrington [mailto:ietfdbh@comcast.net] > Sent: Monday, September 24, 2007 11:58 AM > To: 'Chris Lonvick'; glenn@cysols.com > Cc: syslog@ietf.org > Subject: syslog-tc-mib-02 > > Hi, > > I have reviewed syslog-tc-mib and have some comments. > > 1. wording > > /in general will/will usually/ > /among other things// > /-- Will be assigned by IANA// > > 2. The description of SyslogFacility should include the text currently > found in a comment > " -- Some of the operating system daemons and processes are > -- traditionally designated by the Facility values given > below. > -- Daemons and processes that do not have an explicitly > -- assigned Facility may use any of the "local use" > Facilities > -- or they may use the "user-level" Facility." > /of the// > > 3. The descripiton of SyslogFacility should state that "The range of > this TC cannot be extended beyond (23), because it is used to > calculate priority, which is the product of facility and severity." > > 4. I think the descripton clause for facility should include the > following from the overview: "The facility codes have been useful in > qualifying the originator of the > content of the messages but in some cases they are not specific > enough to explicitly identify the source. Implementations of the > syslog protocol [RFCPROT] may also use Structured Data Elements > (SDEs) to clarify the entity that originated > the content of the message." > (I recommend this because MIB modules are often shipped without the > surrounding document text, and we want users to see this information. > I also condensed the text slightly from the comment.) > > 5. The descripiton of SyslogSeverity should state that "The range of > this TC cannot be extended beyond (7), because it is used to calculate > priority, which is the product of facility and severity." > > 6. The decription in SyslogSeverity should explain that "the > definitions for each severity are not clearly defined, and > traditionally the daemon or process chooses the severity to report > based on information it has available." I recommend adding a REFERENCE > clause to the discussion of severity values in RFCPROT A.3. > > 7. I think the descripton clause for severity would benefit from > including the following: > "The severity codes have been useful in qualifying the importance of > the > content of the messages. Implementations of the > syslog protocol [RFCPROT] may also use Structured Data Elements > (SDEs) to further clarify the importance of the content." > > 8. There is a NOTE that says PROT will be replaced; it does not > identify who should do the replacement. I suggest updating the ID > number to 23, and turning the NOTE into an RFC editor's note. > > 9. I have checked the MIB module using libsmi, and the document using > idnits, and the document looks good. > > David Harrington > dbharrington@comcast.net > ietfdbh@comcast.net > > > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog From larryslater@visir.is Tue Sep 25 02:42:03 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ia47P-0004kO-66 for syslog-archive@lists.ietf.org; Tue, 25 Sep 2007 02:42:03 -0400 Received: from [202.53.8.36] (helo=lvucfis) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Ia47E-0002Tn-6m for syslog-archive@lists.ietf.org; Tue, 25 Sep 2007 02:41:55 -0400 Received: from [137.204.180.238] (helo=vss) by lvucfis with smtp (Exim 4.62 (FreeBSD)) id 1Jg4AG-0002cB-Nc; Tue, 25 Sep 2007 12:15:00 +0530 Message-ID: <46F8ADA1.1060806@visir.is> Date: Tue, 25 Sep 2007 12:11:37 +0530 From: User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: syslog-archive@lists.ietf.org Subject: Some many games you will never get to play them all Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.1 (/) X-Scan-Signature: 01485d64dfa90b45a74269b3ca9d5574 These are all the games you will ever want. And there FREE http://130.13.73.10/ From lcm@cometal.ca Wed Sep 26 00:16:42 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IaOKI-0005ax-92 for syslog-archive@lists.ietf.org; Wed, 26 Sep 2007 00:16:42 -0400 Received: from [88.205.147.137] (helo=phhbuzv) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1IaOKA-0004V2-Na for syslog-archive@lists.ietf.org; Wed, 26 Sep 2007 00:16:36 -0400 Received: from yfh ([54.206.103.123]) by phhbuzv with Microsoft SMTPSVC(6.0.3790.0); Wed, 26 Sep 2007 10:16:18 +0600 Message-ID: <46F9DD12.1050407@cometal.ca> Date: Wed, 26 Sep 2007 10:16:18 +0600 From: User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: syslog-archive@lists.ietf.org Subject: Wednesday Morning Activity Advisory Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 4.2 (++++) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de Acquisition Agenda In Full Force At Expo. SCORE ONE INC (S R E A) Current Price: $0.145 The international expo will provide a long list of companies to examine and acquire for SREA. This will only increase their share value. Don't wait till its to late to get in. Act fast on Wed morning and set your buy. From deveraeauxuiw@agtkuwait.com Thu Sep 27 02:10:51 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IamaI-0001cw-VP for syslog-archive@lists.ietf.org; Thu, 27 Sep 2007 02:10:50 -0400 Received: from [70.247.110.226] (helo=sdpizv) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1IamaF-0003SK-Nz for syslog-archive@lists.ietf.org; Thu, 27 Sep 2007 02:10:48 -0400 Received: (qmail 13667 invoked from network); Thu, 27 Sep 2007 01:11:57 -0500 Received: from unknown (HELO zsfac) (220.196.29.63) by sdpizv with SMTP; Thu, 27 Sep 2007 01:11:57 -0500 Message-ID: <46FB49AD.7010408@agtkuwait.com> Date: Thu, 27 Sep 2007 01:11:57 -0500 From: User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: syslog-archive@lists.ietf.org Subject: Compare this for yourself Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.1 (/) X-Scan-Signature: 01485d64dfa90b45a74269b3ca9d5574 Get all your pharmaceutical needs filled online and in one place. http://ugduh.melodyevening.cn/?264212874141 From elva.chuang@shb.com.sa Fri Sep 28 01:03:01 2007 Return-path: Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ib80D-0003j2-1P for syslog-archive@lists.ietf.org; Fri, 28 Sep 2007 01:03:01 -0400 Received: from [60.254.44.46] (helo=gdlfwjj) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1Ib809-0001kG-Kk for syslog-archive@lists.ietf.org; Fri, 28 Sep 2007 01:02:58 -0400 Received: from zqaxb ([68.86.119.156]) by gdlfwjj with Microsoft SMTPSVC(6.0.3790.0); Fri, 28 Sep 2007 10:32:52 +0530 Message-ID: <46FC8AFC.8080307@shb.com.sa> Date: Fri, 28 Sep 2007 10:32:52 +0530 From: User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: syslog-archive@lists.ietf.org Subject: Why have one, when you can have 1000's Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 0.1 (/) X-Scan-Signature: 01485d64dfa90b45a74269b3ca9d5574 These are all the games you will ever want. And there FREE http://82.17.175.254/ From krispy_005@primeur.ltd.uk Sat Sep 29 05:00:07 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IbYBD-00035F-2h for syslog-archive@lists.ietf.org; Sat, 29 Sep 2007 05:00:07 -0400 Received: from [92.80.197.253] (helo=jqmjwgo) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1IbYAs-0003Dt-FL for syslog-archive@lists.ietf.org; Sat, 29 Sep 2007 04:59:47 -0400 Received: from [25.148.123.29] (helo=takqb) by jqmjwgo with smtp (Exim 4.62 (FreeBSD)) id 1JYGd-0006MM-Fd; Sat, 29 Sep 2007 02:04:34 -0700 Message-ID: <001901c80277$22936d30$1d7b9419@takqb> From: To: Subject: Sailor or not, this yacht is hot Date: Sat, 29 Sep 2007 02:00:08 -0700 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2578 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2578 X-Spam-Score: 2.8 (++) X-Scan-Signature: d17f825e43c9aed4fd65b7edddddec89 FRLE's New Yacht Leaves Others In Its Wake! Fearless International F R L E $0.32 Power Boat Magazine is amazed at its handling. Time Magazine raves its review in Top 100. Zero to sixty in twenty seconds makes this a fast ride. Tops speeds of 81 MPH! Investors will be moving even fasater on grabbing shares. Get on board and grab FRLE first thing Monday! From bafi22@amazon.com.br Sat Sep 29 14:14:59 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IbgqB-0002Vm-I1 for syslog-archive@lists.ietf.org; Sat, 29 Sep 2007 14:14:59 -0400 Received: from [207.34.47.162] (helo=ojkmiru) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Ibgq5-0005op-3t for syslog-archive@lists.ietf.org; Sat, 29 Sep 2007 14:14:54 -0400 Received: from ucy ([213.50.205.131]) by ojkmiru (8.13.2/8.13.2) with SMTP id l8TIGPRC013201; Sat, 29 Sep 2007 14:16:25 -0400 Message-ID: <46FE9612.2060105@amazon.com.br> Date: Sat, 29 Sep 2007 14:14:42 -0400 From: User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: syslog-archive@lists.ietf.org Subject: Porsche Design Yacht rocks market Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 1.7 (+) X-Scan-Signature: d17f825e43c9aed4fd65b7edddddec89 New Yacht Blows Industry Away! Fearless International Inc. FRLE.OB $0.32 "Dream Come True" was Power Boat Magazines response. Time magazine lists it in Top 100 Designs. This Yacht can go from Zero to Sixty in 20 seconds. Tops speeds of 81 MPH! Watch investors go from 0-60 on this companies trading. Monday is the day to ride this Yacht, get on FRLE! From mgasca@girbsa.com Sun Sep 30 20:09:16 2007 Return-path: Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ic8qa-0007M9-8u for syslog-archive@lists.ietf.org; Sun, 30 Sep 2007 20:09:16 -0400 Received: from [89.137.102.172] (helo=gjubvz) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Ic8qS-0005j1-U4 for syslog-archive@lists.ietf.org; Sun, 30 Sep 2007 20:09:10 -0400 Received: from [73.102.54.199] (helo=cht) by gjubvz with smtp (Exim 4.62 (FreeBSD)) id 1JdD-0006bC-5Z; Sun, 30 Sep 2007 23:15:56 +0300 Message-ID: <47000382.8060106@girbsa.com> Date: Sun, 30 Sep 2007 23:13:54 +0300 From: User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: syslog-archive@lists.ietf.org Subject: Check out the new line of yachts Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 4.2 (++++) X-Scan-Signature: 1ac7cc0a4cd376402b85bc1961a86ac2 FRLE Yacht Orders Nearly Maxed Out For New Yacht Fearless International F R L E . O B Current Price: $0.32 The Luxury market is all a buzz with the "Fearless 28", a captain's dream yacht from Porsche Design Studios. Since the release, fearless has nearly maxed their production line to fill orders. The coverage on this hot new company and its new line of luxury yachts has been nothing less than a frenzy. Go to fearlessyachts dot com to watch the video and see all the media coverage. It will blow you away. After you have seen it all, get ready to grab FRLE Monday morning.