From nobody Thu Apr 7 03:13:00 2022 Return-Path: X-Original-To: syslog@ietfa.amsl.com Delivered-To: syslog@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6513E3A172B for ; Thu, 7 Apr 2022 03:12:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.658 X-Spam-Level: X-Spam-Status: No, score=-1.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5YD8lId29NwT for ; Thu, 7 Apr 2022 03:12:54 -0700 (PDT) Received: from rfcpa.amsl.com (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D175C3A172D for ; Thu, 7 Apr 2022 03:12:53 -0700 (PDT) Received: by rfcpa.amsl.com (Postfix, from userid 499) id 6A43E6AAD0; Thu, 7 Apr 2022 03:12:53 -0700 (PDT) To: rgerhards@adiscon.com, rdd@cert.org, kaduk@mit.edu, ietfdbh@comcast.net, clonvick@cisco.com From: RFC Errata System Cc: Ulrich.Windl@rz.uni-regensburg.de, syslog@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20220407101253.6A43E6AAD0@rfcpa.amsl.com> Date: Thu, 7 Apr 2022 03:12:53 -0700 (PDT) Archived-At: Subject: [Syslog] [Technical Errata Reported] RFC5424 (6927) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2022 10:12:59 -0000 The following errata report has been submitted for RFC5424, "The Syslog Protocol". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid6927 -------------------------------------- Type: Technical Reported by: Ulrich Windl Section: 6 Original Text ------------- SD-NAME = 1*32PRINTUSASCII ; except '=', SP, ']', %d34 (") ... PRINTUSASCII = %d33-126 Corrected Text -------------- SD-NAME = 1*32PRINTUSASCII ; except '=', SP, ']', %d34 (") ... PRINTUSASCII = %d32-126 Notes ----- When excluding SP %d32 from PRINTUSASCII, then it does not make sense to state "except ..SP .." There are more issues with the grammar: SD_NAME forbids ']', but it should also forbid '[' Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC5424 (draft-ietf-syslog-protocol-23) -------------------------------------- Title : The Syslog Protocol Publication Date : March 2009 Author(s) : R. Gerhards Category : PROPOSED STANDARD Source : Security Issues in Network Event Logging Area : Security Stream : IETF Verifying Party : IESG From nobody Sun Apr 10 12:10:46 2022 Return-Path: X-Original-To: syslog@ietfa.amsl.com Delivered-To: syslog@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C85CD3A0EE9 for ; Sun, 10 Apr 2022 12:10:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.109 X-Spam-Level: X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmIlJ5RVb68v for ; Sun, 10 Apr 2022 12:10:40 -0700 (PDT) Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E98BC3A0ED6 for ; Sun, 10 Apr 2022 12:10:39 -0700 (PDT) Received: by mail-ot1-x32a.google.com with SMTP id 88-20020a9d0ee1000000b005d0ae4e126fso9919386otj.5 for ; Sun, 10 Apr 2022 12:10:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=klgzizMS8RK0q3YcxSnNqnrPiHP4/8ulTqQR7jcZtu8=; b=NvHuxuEakfJx4nFoTDHNkTJb5myvCa1MzmMlQa9H9zrdVeHbAXQR1a/jSgAhWCduSq IpXL6J3XyLOWpMfgFFFliL/4IcT8+l+NWvJJ7pfmln/La5Cj/7QQAoKFi7mCsEjV+0LF wQu+6fv3Ft+btECFJhGCSHGqectuhF1pKhRAm26qOYg3r8xSZFpwbPys9zq3mky2KWXG caTaNacvex3N+HncR1UBaByfESdqL9u8mY9SUJfZi06AUOvcLQroZWzfljtzL/H0nM94 wvbO9EUv4Dl36R1JeyQinLKMs2rv32/NlldAunFynpiSdbYa7pqRjtV8vZiA8hwNsAN+ WbbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=klgzizMS8RK0q3YcxSnNqnrPiHP4/8ulTqQR7jcZtu8=; b=JR2LYRLIA5Nk5SQ9XlcZljqY5TyDeOOujVaqp95H+Wqn/jSekftzCAXId59JtfIuNM VA5/GhaurImSBL3R6lcNKuXGkynxZ+a/0bnHHqyUAv3U9F1cSl43kxBP/i3TcI5khPPb M2IwO+dKIMTJJ86dDtq0UrUoIui+IeOMukO2hIvAWo6OmtIvqj6jrlBpDJcBmtNfQdUp wY3PqKlpsUT/A8d/YjEaKMYQdKKx3W0y6DgB9VVyKp3BhfYxgFeaCMD2Tw5XbaVa8vv6 2PDey+d9upFGTyZcuDhi4wIKhJXUytAMrPJCJffIADNqWZclykj6SMOOZXKrCUUIbznI nfKA== X-Gm-Message-State: AOAM530hrzHR+25oL5n9MyMU+6KE61eTjmNRPXTrqs2xiz6scc5YRNFk xBcr35hnzyDoaQzyKDOy3kk= X-Google-Smtp-Source: ABdhPJwfKt6RZrZGn+bGIYFCJzFk+Aw6t+YatAP5pydDHyTZa2HH5FgXYYqz/x3w6TtnUWpvlnmfbw== X-Received: by 2002:a05:6830:33d0:b0:5cf:bb0a:6d4a with SMTP id q16-20020a05683033d000b005cfbb0a6d4amr9902279ott.28.1649617838710; Sun, 10 Apr 2022 12:10:38 -0700 (PDT) Received: from ?IPV6:2600:1700:12b0:adf0:18e5:7f29:1bbd:2aa9? ([2600:1700:12b0:adf0:18e5:7f29:1bbd:2aa9]) by smtp.googlemail.com with ESMTPSA id v15-20020a0568301bcf00b005cb214bef81sm9300716ota.43.2022.04.10.12.10.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 10 Apr 2022 12:10:38 -0700 (PDT) Message-ID: <610cdd1b-92e6-e8c4-5e3b-448adc78a660@gmail.com> Date: Sun, 10 Apr 2022 14:10:37 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Content-Language: en-US To: RFC Errata System , rgerhards@adiscon.com, rdd@cert.org, kaduk@mit.edu, ietfdbh@comcast.net, clonvick@cisco.com Cc: Ulrich.Windl@rz.uni-regensburg.de, syslog@ietf.org References: <20220407101253.6A43E6AAD0@rfcpa.amsl.com> From: Chris Lonvick In-Reply-To: <20220407101253.6A43E6AAD0@rfcpa.amsl.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Syslog] [Technical Errata Reported] RFC5424 (6927) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Apr 2022 19:10:45 -0000 Hi Ulrich, I suggest rejecting this errata. First, changing PRINTASCII to %d32-126 would allow SP characters in HOSTNAME, APP-NAME, PROCID, and MSGID, which goes against conventions. That can be corrected in the aBNF, but it would then get messy to "except SP" from each of those. Second, iirc it was discussed in the WG and we wanted to keep it there for emphasis. This is depicted several times in the examples. While this discussion occurred after the RFC was published, I believe it reflects the consensus of the WG while the document was an ID under discussion: https://mailarchive.ietf.org/arch/msg/syslog/_CeLGoDEivIPfsH5on9SbUioU3Y/ Regards, Chris On 4/7/22 5:12 AM, RFC Errata System wrote: > The following errata report has been submitted for RFC5424, > "The Syslog Protocol". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid6927 > > -------------------------------------- > Type: Technical > Reported by: Ulrich Windl > > Section: 6 > > Original Text > ------------- > SD-NAME = 1*32PRINTUSASCII > ; except '=', SP, ']', %d34 (") > ... > > PRINTUSASCII = %d33-126 > > Corrected Text > -------------- > SD-NAME = 1*32PRINTUSASCII > ; except '=', SP, ']', %d34 (") > ... > PRINTUSASCII = %d32-126 > > Notes > ----- > When excluding SP %d32 from PRINTUSASCII, then it does not make sense to state "except ..SP .." > There are more issues with the grammar: > SD_NAME forbids ']', but it should also forbid '[' > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5424 (draft-ietf-syslog-protocol-23) > -------------------------------------- > Title : The Syslog Protocol > Publication Date : March 2009 > Author(s) : R. Gerhards > Category : PROPOSED STANDARD > Source : Security Issues in Network Event Logging > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > Syslog mailing list > Syslog@ietf.org > https://www.ietf.org/mailman/listinfo/syslog From nobody Sun Apr 10 23:41:57 2022 Return-Path: X-Original-To: syslog@ietfa.amsl.com Delivered-To: syslog@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEAB93A1C49 for ; Sun, 10 Apr 2022 23:41:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 87NzNIwhsotC for ; Sun, 10 Apr 2022 23:41:50 -0700 (PDT) Received: from mx2.uni-regensburg.de (mx2.uni-regensburg.de [194.94.157.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5EDC3A1C45 for ; Sun, 10 Apr 2022 23:41:49 -0700 (PDT) Received: from mx2.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 15EFC6000051 for ; Mon, 11 Apr 2022 08:41:46 +0200 (CEST) Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx2.uni-regensburg.de (Postfix) with ESMTP id E8DCE600004D for ; Mon, 11 Apr 2022 08:41:45 +0200 (CEST) Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Mon, 11 Apr 2022 08:41:44 +0200 Message-Id: <6253CDA7020000A100049466@gwsmtp.uni-regensburg.de> X-Mailer: Novell GroupWise Internet Agent 18.4.0 Date: Mon, 11 Apr 2022 08:41:43 +0200 From: "Ulrich Windl" To: ,, , , , , Cc: References: <20220407101253.6A43E6AAD0@rfcpa.amsl.com> <610cdd1b-92e6-e8c4-5e3b-448adc78a660@gmail.com> In-Reply-To: <610cdd1b-92e6-e8c4-5e3b-448adc78a660@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-Disposition: inline Archived-At: Subject: [Syslog] Antw: [EXT] Re: [Technical Errata Reported] RFC5424 (6927) X-BeenThere: syslog@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Issues in Network Event Logging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Apr 2022 06:41:56 -0000 >>> Chris Lonvick schrieb am 10.04.2022 um 21:10 in Nachricht <610cdd1b-92e6-e8c4-5e3b-448adc78a660@gmail.com>: > Hi Ulrich, > > I suggest rejecting this errata. > > First, changing PRINTASCII to %d32-126 would allow SP characters in > HOSTNAME, APP-NAME, PROCID, and MSGID, which goes against conventions. Hi! at least it's quite confusing as "isprint()" in C is defines as "checks for any printable character including space." The PRINTASCII in the RFC is rather C's isgraph() (checks for any printable character except space). So why when PRINTASCII does NOT include SP is the RFC saying:? SD-NAME = 1*32PRINTUSASCII ; except ’=’, SP, ’]’, %d34 (") To be fair the errata should fix the definition of PRINTASCII and say "except SP" in the cases where it's not allowed. For the implementers it does not mean a real change, but it makes the specification less confusing. As an alternative GRAPHASCII corresponding to isgraph() could be added and used where needed. > That can be corrected in the aBNF, but it would then get messy to > "except SP" from each of those. While taling on the grammar: I also think that PARAM-VALUE = UTF-8-STRING ; characters ’"’, ’\’ and ; ’]’ MUST be escaped. is rather vage, because it's not saying that any unescaped character ’"’, ’\’, or ’]’ terminates PRAM-VALUE. Not saying so makes the value parsed depend on the context where PARAM-VALUE is being used (which is a bad idea) > > Second, iirc it was discussed in the WG and we wanted to keep it there > for emphasis. This is depicted several times in the examples. While this > discussion occurred after the RFC was published, I believe it reflects > the consensus of the WG while the document was an ID under discussion: > > https://mailarchive.ietf.org/arch/msg/syslog/_CeLGoDEivIPfsH5on9SbUioU3Y/ Thanks, Regards Ulrich Windl > > Regards, > > Chris > > On 4/7/22 5:12 AM, RFC Errata System wrote: >> The following errata report has been submitted for RFC5424, >> "The Syslog Protocol". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid6927 >> >> -------------------------------------- >> Type: Technical >> Reported by: Ulrich Windl >> >> Section: 6 >> >> Original Text >> ------------- >> SD-NAME = 1*32PRINTUSASCII >> ; except '=', SP, ']', %d34 (") >> ... >> >> PRINTUSASCII = %d33-126 >> >> Corrected Text >> -------------- >> SD-NAME = 1*32PRINTUSASCII >> ; except '=', SP, ']', %d34 (") >> ... >> PRINTUSASCII = %d32-126 >> >> Notes >> ----- >> When excluding SP %d32 from PRINTUSASCII, then it does not make sense to > state "except ..SP .." >> There are more issues with the grammar: >> SD_NAME forbids ']', but it should also forbid '[' >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC5424 (draft-ietf-syslog-protocol-23) >> -------------------------------------- >> Title : The Syslog Protocol >> Publication Date : March 2009 >> Author(s) : R. Gerhards >> Category : PROPOSED STANDARD >> Source : Security Issues in Network Event Logging >> Area : Security >> Stream : IETF >> Verifying Party : IESG >> >> _______________________________________________ >> Syslog mailing list >> Syslog@ietf.org >> https://www.ietf.org/mailman/listinfo/syslog