From clonvick@cisco.com Thu Apr 1 14:19:11 2010 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F1DA93A6950 for ; Thu, 1 Apr 2010 14:19:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.519 X-Spam-Level: X-Spam-Status: No, score=-8.519 tagged_above=-999 required=5 tests=[AWL=0.350, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, J_CHICKENPOX_35=0.6, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 639T1uHBbwcD for ; Thu, 1 Apr 2010 14:19:10 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 309E83A67B1 for ; Thu, 1 Apr 2010 14:19:10 -0700 (PDT) Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAN6qtEurR7Ht/2dsb2JhbACbSnGdLJkJhQEEgyM X-IronPort-AV: E=Sophos;i="4.51,350,1267401600"; d="scan'208";a="507156400" Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-6.cisco.com with ESMTP; 01 Apr 2010 21:13:58 +0000 Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o31LDwZM014722; Thu, 1 Apr 2010 21:13:58 GMT Date: Thu, 1 Apr 2010 14:13:58 -0700 (PDT) From: Chris Lonvick To: "tom.petch" In-Reply-To: <000301cac08b$88e3d460$0601a8c0@allison> Message-ID: References: <007301ca9f74$d7dba800$0601a8c0@allison> <000301cac08b$88e3d460$0601a8c0@allison> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: syslog@ietf.org Subject: Re: [Syslog] Review comments on draft-gerhards-syslog-plain-tcp-01.txt X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Apr 2010 21:19:11 -0000 Hi Tom, On Wed, 10 Mar 2010, tom.petch wrote: > Extracting one of the two unresolved issues > "> > A.2 >>> %d10 is LF not NL; I do not know which you mean. >> >> CML> I've seen it called both. I'm trying to track down a normative >> reference. Do you have one? Till then, I'm going to leave it as NL >> (%d10). [Pending review by Rainer.] > " > RFC20/RFC020/RFC0020 says that LF is 0/10 and I do not think > that it has changed since:-) Got it. It's now changed throughout and a new draft submitted. Thanks, Chris From turners@ieca.com Thu Apr 8 14:06:21 2010 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7F4FB28C10E for ; Thu, 8 Apr 2010 14:06:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.3 X-Spam-Level: X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[AWL=1.298, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N0TLb3iuIYP9 for ; Thu, 8 Apr 2010 14:06:20 -0700 (PDT) Received: from smtp113.biz.mail.mud.yahoo.com (smtp113.biz.mail.mud.yahoo.com [209.191.68.78]) by core3.amsl.com (Postfix) with SMTP id B3A0A3A6A93 for ; Thu, 8 Apr 2010 14:06:20 -0700 (PDT) Received: (qmail 93041 invoked from network); 8 Apr 2010 21:06:12 -0000 Received: from thunderfish.local (turners@74.177.252.13 with plain) by smtp113.biz.mail.mud.yahoo.com with SMTP; 08 Apr 2010 14:06:12 -0700 PDT X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ X-YMail-OSG: wt0sUdUVM1lwLAeeRMrFiOkSWupicL81J6vvieFcrO0NZdd7kyvRPXCQYoS5cK0HjRATr.aAQ0UZHG2QBmrCslMlyfnOqduaB05WZt2MKh7Dksa9DLo0cNG4Z5y7e1hTrG95B31jzNUMdlv9rOES0_0Jvxf01EiUxwr8ppQMCkpKifTpjDAxwKXa_RibS.kxdQM4EJiazWCLjMiyHc12KQF7DeMwDe.mavoqkODxV_I5SZ3jWOTncz0EMlduwBkYloSn9z4SMoBOW2rAU_Z.IePHdsQMEyH3YEVtyAr_1ax8Gk61CuAFlN0- X-Yahoo-Newman-Property: ymail-3 Message-ID: <4BBE4541.9080200@ieca.com> Date: Thu, 08 Apr 2010 16:06:09 -0500 From: Sean Turner User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: syslog@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Syslog] AD review comments for draft-ietf-syslog-dtls X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2010 21:06:21 -0000 I have one major comment and it relates to DCCP: The DCCP chairs tell me that to specify the use of DCCP the ID needs to decide which CCID it will use (CCID 2 is AIMD and CCID 3 is TFRC). I was hoping that the DTLS over DCCP RFC addressed this, but that RFC doesn't pick one it leaves this choice to the "application". Can you also confirm that the Port # is used as the DCCP service code? spt From clonvick@cisco.com Mon Apr 12 06:40:35 2010 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C5213A6A3E for ; Mon, 12 Apr 2010 06:40:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.669 X-Spam-Level: X-Spam-Status: No, score=-9.669 tagged_above=-999 required=5 tests=[AWL=-0.929, BAYES_20=-0.74, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C0wd9yAaARcM for ; Mon, 12 Apr 2010 06:40:33 -0700 (PDT) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id B60F33A6A3A for ; Mon, 12 Apr 2010 06:40:33 -0700 (PDT) Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AroFABe/wkurR7Hu/2dsb2JhbACPX4tTcaIymEuFDASDJQ X-IronPort-AV: E=Sophos;i="4.52,190,1270425600"; d="scan'208";a="113923446" Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-4.cisco.com with ESMTP; 12 Apr 2010 13:40:28 +0000 Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id o3CDeSXg002546 for ; Mon, 12 Apr 2010 13:40:28 GMT Date: Mon, 12 Apr 2010 06:40:28 -0700 (PDT) From: Chris Lonvick To: syslog@ietf.org In-Reply-To: <4BBE4541.9080200@ieca.com> Message-ID: References: <4BBE4541.9080200@ieca.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Apr 2010 13:40:35 -0000 Hi Folks, I'll suggest CCID 3 because that's my lucky number. ;-) Seriously, here is a relevant point from RFC 5238: ===vvv=== In addition to the retransmission issues, if the throughput needs of the actual application data differ from the needs of the DTLS handshake, it is possible that the handshake transference could leave the DCCP congestion control in a state that is not immediately suitable for the application data that will follow. For example, DCCP Congestion Control Identifier (CCID) 2 ([RFC4341]) congestion control uses an Additive Increase Multiplicative Decrease (AIMD) algorithm similar to TCP congestion control. If it is used, then it is possible that transference of a large handshake could cause a multiplicative decrease that would not have happened with the application data. The application might then be throttled while waiting for additive increase to return throughput to acceptable levels. Applications where this might be a problem should consider using DCCP CCID 3 ([RFC4342]). CCID 3 implements TCP-Friendly Rate Control (TFRC, [RFC3448])). TFRC varies the allowed throughput more slowly than AIMD and might avoid the discontinuities possible with CCID 2. ===^^^=== My reasoning for choosing CCID 3 is that when some devices start up they will queue up syslog messages until the network is up, and then they will start to deliver them. I don't want a large handshake to throttle that initial burst of messages. (Please challenge this assumption if you have a better understanding of the process.) I'll suggest that the specific wording will need to be: "MUST implement CCID 3 and SHOULD implement CCID 2 to ensure interoperability". Does that sound OK to everyone? Joe: can you look at Sean's second question and let us know about that? Thanks, Chris On Thu, 8 Apr 2010, Sean Turner wrote: > I have one major comment and it relates to DCCP: > > The DCCP chairs tell me that to specify the use of DCCP the ID needs to > decide which CCID it will use (CCID 2 is AIMD and CCID 3 is TFRC). I was > hoping that the DTLS over DCCP RFC addressed this, but that RFC doesn't pick > one it leaves this choice to the "application". > > Can you also confirm that the Port # is used as the DCCP service code? > > spt > > > > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog > From jsalowey@cisco.com Wed Apr 21 21:24:48 2010 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 800853A6993 for ; Wed, 21 Apr 2010 21:24:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.989 X-Spam-Level: X-Spam-Status: No, score=-9.989 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_50=0.001, GB_I_LETTER=-2, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RG5yenR-T1Mi for ; Wed, 21 Apr 2010 21:24:46 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id E93693A68CE for ; Wed, 21 Apr 2010 21:24:45 -0700 (PDT) Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEABNsz0urRN+K/2dsb2JhbACcHnGjbZpGhQ4EgzQ X-IronPort-AV: E=Sophos;i="4.52,253,1270425600"; d="scan'208";a="518757076" Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-6.cisco.com with ESMTP; 22 Apr 2010 04:24:36 +0000 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-4.cisco.com (8.13.8/8.14.3) with ESMTP id o3M4Oa1q013090 for ; Thu, 22 Apr 2010 04:24:36 GMT Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 21 Apr 2010 21:24:36 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 21 Apr 2010 21:24:35 -0700 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Syslog] AD review comments for draft-ietf-syslog-dtls Thread-Index: AcraRblCvX5Tccu3QC6pop2XzeeEwQHivzXg References: <4BBE4541.9080200@ieca.com> From: "Joseph Salowey (jsalowey)" To: "Chris Lonvick (clonvick)" , X-OriginalArrivalTime: 22 Apr 2010 04:24:36.0539 (UTC) FILETIME=[B76FD8B0:01CAE1D3] Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Apr 2010 04:24:48 -0000 Hi Chris, CCID 3 looks good to me, I'm OK with the text.=20 We could just use the port number, 6514, as the service code. Since the service identifier applies to more than DCCP, it probably makes more sense the follow the scheme defined in RFC4340 where a 4 letter string is used as the service identifier, such as the following: SC:SYLG SC=3Dx53594C47 SC=3D1398361159 Cheers, Joe > -----Original Message----- > From: syslog-bounces@ietf.org [mailto:syslog-bounces@ietf.org] On Behalf > Of Chris Lonvick (clonvick) > Sent: Monday, April 12, 2010 6:40 AM > To: syslog@ietf.org > Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls >=20 > Hi Folks, >=20 > I'll suggest CCID 3 because that's my lucky number. ;-) >=20 > Seriously, here is a relevant point from RFC 5238: > =3D=3D=3Dvvv=3D=3D=3D > In addition to the retransmission issues, if the throughput needs of > the actual application data differ from the needs of the DTLS > handshake, it is possible that the handshake transference could leave > the DCCP congestion control in a state that is not immediately > suitable for the application data that will follow. For example, > DCCP Congestion Control Identifier (CCID) 2 ([RFC4341]) congestion > control uses an Additive Increase Multiplicative Decrease (AIMD) > algorithm similar to TCP congestion control. If it is used, then it > is possible that transference of a large handshake could cause a > multiplicative decrease that would not have happened with the > application data. The application might then be throttled while > waiting for additive increase to return throughput to acceptable > levels. >=20 > Applications where this might be a problem should consider using DCCP > CCID 3 ([RFC4342]). CCID 3 implements TCP-Friendly Rate Control > (TFRC, [RFC3448])). TFRC varies the allowed throughput more slowly > than AIMD and might avoid the discontinuities possible with CCID 2. > =3D=3D=3D^^^=3D=3D=3D >=20 > My reasoning for choosing CCID 3 is that when some devices start up they > will queue up syslog messages until the network is up, and then they will > start to deliver them. I don't want a large handshake to throttle that > initial burst of messages. (Please challenge this assumption if you have > a better understanding of the process.) >=20 > I'll suggest that the specific wording will need to be: "MUST implement > CCID 3 and SHOULD implement CCID 2 to ensure interoperability". Does that > sound OK to everyone? >=20 >=20 > Joe: can you look at Sean's second question and let us know about that? >=20 > Thanks, > Chris >=20 > On Thu, 8 Apr 2010, Sean Turner wrote: >=20 > > I have one major comment and it relates to DCCP: > > > > The DCCP chairs tell me that to specify the use of DCCP the ID needs to > > decide which CCID it will use (CCID 2 is AIMD and CCID 3 is TFRC). I > was > > hoping that the DTLS over DCCP RFC addressed this, but that RFC doesn't > pick > > one it leaves this choice to the "application". > > > > Can you also confirm that the Port # is used as the DCCP service code? > > > > spt > > > > > > > > _______________________________________________ > > Syslog mailing list > > Syslog@ietf.org > > https://www.ietf.org/mailman/listinfo/syslog > > > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog From turners@ieca.com Thu Apr 22 15:55:07 2010 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB1EE3A6853 for ; Thu, 22 Apr 2010 15:55:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.848 X-Spam-Level: X-Spam-Status: No, score=-2.848 tagged_above=-999 required=5 tests=[AWL=1.150, BAYES_00=-2.599, GB_I_LETTER=-2, J_CHICKENPOX_24=0.6, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lErEL1dxS2yI for ; Thu, 22 Apr 2010 15:55:06 -0700 (PDT) Received: from smtp113.biz.mail.re2.yahoo.com (smtp113.biz.mail.re2.yahoo.com [66.196.116.98]) by core3.amsl.com (Postfix) with SMTP id 9ABEA3A68B9 for ; Thu, 22 Apr 2010 15:55:06 -0700 (PDT) Received: (qmail 45331 invoked from network); 22 Apr 2010 22:54:53 -0000 Received: from thunderfish.local (turners@96.231.127.240 with plain) by smtp113.biz.mail.re2.yahoo.com with SMTP; 22 Apr 2010 15:54:53 -0700 PDT X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ X-YMail-OSG: HaDMQXwVM1nLod7hBBGGzFkSjYMI4NhXV3ZSFJWRfqp4r7i_Ql_HGEWOlSXdaEMqeVbqgZadz0FL2wfwPNgBX_gM35aIUAM..PlWDf1z0m2SuhRyxd.zfyCI5yVdToC3EAPv6N7ulo2ka3mw1GxAf_mTQdENpHLhGgK5oQjX3USnvZo0giWBUZoACpHoBLfVVQ9DifUoe0U5MTGtytpKGJMz.AJLJ_3k_OXTwBMJ4bGSQFA5iaWCiMpzUzTMalEevNMrbE8s8rTvSNy0TvZ3GxS1E5wxtoQM0aA2kk3ogJX4S2YeWZjbuWNL24QOPM.qAo4PeQXKkga2c7tWZhcqs0OrwoqV7KMcidjwTYZI.Y.xsDMV27vvw1PBLcs8pzdrmL3yRi43htAQfcunO6Txd1XgZCRFIFDBw_F8nIvm7yT0wCZylZ4k0UzL.QZHQpV9r7Y0qVtuh2mcM4lFI7s- X-Yahoo-Newman-Property: ymail-3 Message-ID: <4BD0D3BB.8040404@ieca.com> Date: Thu, 22 Apr 2010 18:54:51 -0400 From: Sean Turner User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) MIME-Version: 1.0 To: "Joseph Salowey \(jsalowey\)" , "Chris Lonvick \(clonvick\)" References: <4BBE4541.9080200@ieca.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: syslog@ietf.org Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Apr 2010 22:55:08 -0000 I'm fine with either. Regardless, the IANA considerations section needs to be updated to register the service code - unless some other document that I don't know about already did. Notes for the registration can be found here: http://www.iana.org/assignments/service-codes/service-codes.xhtml But, all that I think is needed is some text asking IANA to register the following DCCP service code: 1398361159 SYLG SYSLOG Protocol [TBD] spt Joseph Salowey (jsalowey) wrote: > Hi Chris, > > CCID 3 looks good to me, I'm OK with the text. > > We could just use the port number, 6514, as the service code. Since the > service identifier applies to more than DCCP, it probably makes more > sense the follow the scheme defined in RFC4340 where a 4 letter string > is used as the service identifier, such as the following: > > SC:SYLG > SC=x53594C47 > SC=1398361159 > > Cheers, > > Joe >> -----Original Message----- >> From: syslog-bounces@ietf.org [mailto:syslog-bounces@ietf.org] On > Behalf >> Of Chris Lonvick (clonvick) >> Sent: Monday, April 12, 2010 6:40 AM >> To: syslog@ietf.org >> Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls >> >> Hi Folks, >> >> I'll suggest CCID 3 because that's my lucky number. ;-) >> >> Seriously, here is a relevant point from RFC 5238: >> ===vvv=== >> In addition to the retransmission issues, if the throughput needs > of >> the actual application data differ from the needs of the DTLS >> handshake, it is possible that the handshake transference could > leave >> the DCCP congestion control in a state that is not immediately >> suitable for the application data that will follow. For example, >> DCCP Congestion Control Identifier (CCID) 2 ([RFC4341]) congestion >> control uses an Additive Increase Multiplicative Decrease (AIMD) >> algorithm similar to TCP congestion control. If it is used, then > it >> is possible that transference of a large handshake could cause a >> multiplicative decrease that would not have happened with the >> application data. The application might then be throttled while >> waiting for additive increase to return throughput to acceptable >> levels. >> >> Applications where this might be a problem should consider using > DCCP >> CCID 3 ([RFC4342]). CCID 3 implements TCP-Friendly Rate Control >> (TFRC, [RFC3448])). TFRC varies the allowed throughput more > slowly >> than AIMD and might avoid the discontinuities possible with CCID > 2. >> ===^^^=== >> >> My reasoning for choosing CCID 3 is that when some devices start up > they >> will queue up syslog messages until the network is up, and then they > will >> start to deliver them. I don't want a large handshake to throttle > that >> initial burst of messages. (Please challenge this assumption if you > have >> a better understanding of the process.) >> >> I'll suggest that the specific wording will need to be: "MUST > implement >> CCID 3 and SHOULD implement CCID 2 to ensure interoperability". Does > that >> sound OK to everyone? >> >> >> Joe: can you look at Sean's second question and let us know about > that? >> Thanks, >> Chris >> >> On Thu, 8 Apr 2010, Sean Turner wrote: >> >>> I have one major comment and it relates to DCCP: >>> >>> The DCCP chairs tell me that to specify the use of DCCP the ID needs > to >>> decide which CCID it will use (CCID 2 is AIMD and CCID 3 is TFRC). > I >> was >>> hoping that the DTLS over DCCP RFC addressed this, but that RFC > doesn't >> pick >>> one it leaves this choice to the "application". >>> >>> Can you also confirm that the Port # is used as the DCCP service > code? >>> spt >>> >>> >>> >>> _______________________________________________ >>> Syslog mailing list >>> Syslog@ietf.org >>> https://www.ietf.org/mailman/listinfo/syslog >>> >> _______________________________________________ >> Syslog mailing list >> Syslog@ietf.org >> https://www.ietf.org/mailman/listinfo/syslog > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog > From jsalowey@cisco.com Fri Apr 23 08:03:17 2010 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1E07F3A69FF for ; Fri, 23 Apr 2010 08:03:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.992 X-Spam-Level: X-Spam-Status: No, score=-10.992 tagged_above=-999 required=5 tests=[AWL=1.007, BAYES_00=-2.599, GB_I_LETTER=-2, J_CHICKENPOX_24=0.6, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2V-ECBSYGclh for ; Fri, 23 Apr 2010 08:03:15 -0700 (PDT) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id BB9C23A6A2C for ; Fri, 23 Apr 2010 08:02:53 -0700 (PDT) Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAIhT0UurRN+K/2dsb2JhbACcKnGjY5oqhQsEgzc X-IronPort-AV: E=Sophos;i="4.52,262,1270425600"; d="scan'208";a="519559505" Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-6.cisco.com with ESMTP; 23 Apr 2010 15:02:43 +0000 Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-4.cisco.com (8.13.8/8.14.3) with ESMTP id o3NF2hYm010635; Fri, 23 Apr 2010 15:02:43 GMT Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 23 Apr 2010 08:02:43 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Fri, 23 Apr 2010 08:02:41 -0700 Message-ID: In-Reply-To: <4BD0D3BB.8040404@ieca.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Syslog] AD review comments for draft-ietf-syslog-dtls Thread-Index: AcribtPCpN2rSYRUSdWjLn/THcSh+gAhvsBQ References: <4BBE4541.9080200@ieca.com> <4BD0D3BB.8040404@ieca.com> From: "Joseph Salowey (jsalowey)" To: "Sean Turner" , "Chris Lonvick (clonvick)" X-OriginalArrivalTime: 23 Apr 2010 15:02:43.0674 (UTC) FILETIME=[06C2C3A0:01CAE2F6] Cc: syslog@ietf.org Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Apr 2010 15:03:17 -0000 Anybody on the list have objection to adding the Chris' suggested text and the DCCP service code SYLG? Thanks, Joe > -----Original Message----- > From: Sean Turner [mailto:turners@ieca.com] > Sent: Thursday, April 22, 2010 3:55 PM > To: Joseph Salowey (jsalowey); Chris Lonvick (clonvick) > Cc: syslog@ietf.org > Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls >=20 > I'm fine with either. Regardless, the IANA considerations section needs > to be updated to register the service code - unless some other document > that I don't know about already did. Notes for the registration can be > found here: > http://www.iana.org/assignments/service-codes/service-codes.xhtml >=20 > But, all that I think is needed is some text asking IANA to register the > following DCCP service code: >=20 > 1398361159 SYLG SYSLOG Protocol [TBD] >=20 > spt >=20 > Joseph Salowey (jsalowey) wrote: > > Hi Chris, > > > > CCID 3 looks good to me, I'm OK with the text. > > > > We could just use the port number, 6514, as the service code. Since the > > service identifier applies to more than DCCP, it probably makes more > > sense the follow the scheme defined in RFC4340 where a 4 letter string > > is used as the service identifier, such as the following: > > > > SC:SYLG > > SC=3Dx53594C47 > > SC=3D1398361159 > > > > Cheers, > > > > Joe > >> -----Original Message----- > >> From: syslog-bounces@ietf.org [mailto:syslog-bounces@ietf.org] On > > Behalf > >> Of Chris Lonvick (clonvick) > >> Sent: Monday, April 12, 2010 6:40 AM > >> To: syslog@ietf.org > >> Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls > >> > >> Hi Folks, > >> > >> I'll suggest CCID 3 because that's my lucky number. ;-) > >> > >> Seriously, here is a relevant point from RFC 5238: > >> =3D=3D=3Dvvv=3D=3D=3D > >> In addition to the retransmission issues, if the throughput needs > > of > >> the actual application data differ from the needs of the DTLS > >> handshake, it is possible that the handshake transference could > > leave > >> the DCCP congestion control in a state that is not immediately > >> suitable for the application data that will follow. For example, > >> DCCP Congestion Control Identifier (CCID) 2 ([RFC4341]) congestion > >> control uses an Additive Increase Multiplicative Decrease (AIMD) > >> algorithm similar to TCP congestion control. If it is used, then > > it > >> is possible that transference of a large handshake could cause a > >> multiplicative decrease that would not have happened with the > >> application data. The application might then be throttled while > >> waiting for additive increase to return throughput to acceptable > >> levels. > >> > >> Applications where this might be a problem should consider using > > DCCP > >> CCID 3 ([RFC4342]). CCID 3 implements TCP-Friendly Rate Control > >> (TFRC, [RFC3448])). TFRC varies the allowed throughput more > > slowly > >> than AIMD and might avoid the discontinuities possible with CCID > > 2. > >> =3D=3D=3D^^^=3D=3D=3D > >> > >> My reasoning for choosing CCID 3 is that when some devices start up > > they > >> will queue up syslog messages until the network is up, and then they > > will > >> start to deliver them. I don't want a large handshake to throttle > > that > >> initial burst of messages. (Please challenge this assumption if you > > have > >> a better understanding of the process.) > >> > >> I'll suggest that the specific wording will need to be: "MUST > > implement > >> CCID 3 and SHOULD implement CCID 2 to ensure interoperability". Does > > that > >> sound OK to everyone? > >> > >> > >> Joe: can you look at Sean's second question and let us know about > > that? > >> Thanks, > >> Chris > >> > >> On Thu, 8 Apr 2010, Sean Turner wrote: > >> > >>> I have one major comment and it relates to DCCP: > >>> > >>> The DCCP chairs tell me that to specify the use of DCCP the ID needs > > to > >>> decide which CCID it will use (CCID 2 is AIMD and CCID 3 is TFRC). > > I > >> was > >>> hoping that the DTLS over DCCP RFC addressed this, but that RFC > > doesn't > >> pick > >>> one it leaves this choice to the "application". > >>> > >>> Can you also confirm that the Port # is used as the DCCP service > > code? > >>> spt > >>> > >>> > >>> > >>> _______________________________________________ > >>> Syslog mailing list > >>> Syslog@ietf.org > >>> https://www.ietf.org/mailman/listinfo/syslog > >>> > >> _______________________________________________ > >> Syslog mailing list > >> Syslog@ietf.org > >> https://www.ietf.org/mailman/listinfo/syslog > > _______________________________________________ > > Syslog mailing list > > Syslog@ietf.org > > https://www.ietf.org/mailman/listinfo/syslog > > From cfinss@dial.pipex.com Tue Apr 27 08:49:25 2010 Return-Path: X-Original-To: syslog@core3.amsl.com Delivered-To: syslog@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45E6C28C24A for ; Tue, 27 Apr 2010 08:49:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[AWL=-0.600, BAYES_50=0.001, GB_I_LETTER=-2, J_CHICKENPOX_24=0.6] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3HNUs+mr0tj for ; Tue, 27 Apr 2010 08:49:23 -0700 (PDT) Received: from mk-outboundfilter-5.mail.uk.tiscali.com (mk-outboundfilter-5.mail.uk.tiscali.com [212.74.114.1]) by core3.amsl.com (Postfix) with ESMTP id DEB6D3A6BC7 for ; Tue, 27 Apr 2010 08:44:28 -0700 (PDT) X-Trace: 259834695/mk-outboundfilter-5.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-customers/62.188.100.238/None/cfinss@dial.pipex.com X-SBRS: None X-RemoteIP: 62.188.100.238 X-IP-MAIL-FROM: cfinss@dial.pipex.com X-SMTP-AUTH: X-MUA: Microsoft Outlook Express 6.00.2800.1106Produced By Microsoft MimeOLE V6.00.2800.1106 X-IP-BHB: Once X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtEIAB6j1ks+vGTu/2dsb2JhbACBeB0chSyJcItywH4NhQEE X-IronPort-AV: E=Sophos;i="4.52,280,1270422000"; d="scan'208";a="259834695" X-IP-Direction: IN Received: from 1cust238.tnt1.lnd9.gbr.da.uu.net (HELO allison) ([62.188.100.238]) by smtp.pipex.tiscali.co.uk with SMTP; 27 Apr 2010 16:44:13 +0100 Message-ID: <000401cae617$c56ef520$0601a8c0@allison> From: "tom.petch" To: "Joseph Salowey \(jsalowey\)" , "Sean Turner" , "Chris Lonvick \(clonvick\)" References: <4BBE4541.9080200@ieca.com> <4BD0D3BB.8040404@ieca.com> Date: Tue, 27 Apr 2010 16:34:50 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Cc: syslog@ietf.org Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "tom.petch" List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Apr 2010 15:49:25 -0000 ----- Original Message ----- From: "Joseph Salowey (jsalowey)" To: "Sean Turner" ; "Chris Lonvick (clonvick)" Cc: Sent: Friday, April 23, 2010 5:02 PM > Anybody on the list have objection to adding the Chris' suggested text > and the DCCP service code SYLG? I see SYSL used as a four character code for syslog in other settings and would prefer that. Else, following the principle of dropping vowels, SSLG, but I think that not as good. Tom Petch > Thanks, > > Joe > > > -----Original Message----- > > From: Sean Turner [mailto:turners@ieca.com] > > Sent: Thursday, April 22, 2010 3:55 PM > > To: Joseph Salowey (jsalowey); Chris Lonvick (clonvick) > > Cc: syslog@ietf.org > > Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls > > > > I'm fine with either. Regardless, the IANA considerations section > needs > > to be updated to register the service code - unless some other > document > > that I don't know about already did. Notes for the registration can > be > > found here: > > http://www.iana.org/assignments/service-codes/service-codes.xhtml > > > > But, all that I think is needed is some text asking IANA to register > the > > following DCCP service code: > > > > 1398361159 SYLG SYSLOG Protocol [TBD] > > > > spt > > > > Joseph Salowey (jsalowey) wrote: > > > Hi Chris, > > > > > > CCID 3 looks good to me, I'm OK with the text. > > > > > > We could just use the port number, 6514, as the service code. Since > the > > > service identifier applies to more than DCCP, it probably makes more > > > sense the follow the scheme defined in RFC4340 where a 4 letter > string > > > is used as the service identifier, such as the following: > > > > > > SC:SYLG > > > SC=x53594C47 > > > SC=1398361159 > > > > > > Cheers, > > > > > > Joe > > >> -----Original Message----- > > >> From: syslog-bounces@ietf.org [mailto:syslog-bounces@ietf.org] On > > > Behalf > > >> Of Chris Lonvick (clonvick) > > >> Sent: Monday, April 12, 2010 6:40 AM > > >> To: syslog@ietf.org > > >> Subject: Re: [Syslog] AD review comments for draft-ietf-syslog-dtls > > >> > > >> Hi Folks, > > >> > > >> I'll suggest CCID 3 because that's my lucky number. ;-) > > >> > > >> Seriously, here is a relevant point from RFC 5238: > > >> ===vvv=== > > >> In addition to the retransmission issues, if the throughput > needs > > > of > > >> the actual application data differ from the needs of the DTLS > > >> handshake, it is possible that the handshake transference could > > > leave > > >> the DCCP congestion control in a state that is not immediately > > >> suitable for the application data that will follow. For > example, > > >> DCCP Congestion Control Identifier (CCID) 2 ([RFC4341]) > congestion > > >> control uses an Additive Increase Multiplicative Decrease > (AIMD) > > >> algorithm similar to TCP congestion control. If it is used, > then > > > it > > >> is possible that transference of a large handshake could cause > a > > >> multiplicative decrease that would not have happened with the > > >> application data. The application might then be throttled > while > > >> waiting for additive increase to return throughput to > acceptable > > >> levels. > > >> > > >> Applications where this might be a problem should consider > using > > > DCCP > > >> CCID 3 ([RFC4342]). CCID 3 implements TCP-Friendly Rate > Control > > >> (TFRC, [RFC3448])). TFRC varies the allowed throughput more > > > slowly > > >> than AIMD and might avoid the discontinuities possible with > CCID > > > 2. > > >> ===^^^=== > > >> > > >> My reasoning for choosing CCID 3 is that when some devices start up > > > they > > >> will queue up syslog messages until the network is up, and then > they > > > will > > >> start to deliver them. I don't want a large handshake to throttle > > > that > > >> initial burst of messages. (Please challenge this assumption if > you > > > have > > >> a better understanding of the process.) > > >> > > >> I'll suggest that the specific wording will need to be: "MUST > > > implement > > >> CCID 3 and SHOULD implement CCID 2 to ensure interoperability". > Does > > > that > > >> sound OK to everyone? > > >> > > >> > > >> Joe: can you look at Sean's second question and let us know about > > > that? > > >> Thanks, > > >> Chris > > >> > > >> On Thu, 8 Apr 2010, Sean Turner wrote: > > >> > > >>> I have one major comment and it relates to DCCP: > > >>> > > >>> The DCCP chairs tell me that to specify the use of DCCP the ID > needs > > > to > > >>> decide which CCID it will use (CCID 2 is AIMD and CCID 3 is TFRC). > > > I > > >> was > > >>> hoping that the DTLS over DCCP RFC addressed this, but that RFC > > > doesn't > > >> pick > > >>> one it leaves this choice to the "application". > > >>> > > >>> Can you also confirm that the Port # is used as the DCCP service > > > code? > > >>> spt >