Miao, all, I've already sent a message on similar discussion in the netconf wg. Please read this too. In this mail, I try to provide argument why (and how) we should use a dedicated port and that port should be in the range < 1024. I try to word my arguments so that they can also be used in negotiations with the IESG/IANA.
There are a number of arguments: #1 We expect syslog-tls to become widespread adopted (if we would not expect this, we could simply drop the effort - the IESG poll has shown sufficient interest, and this is why this WG has been rechartered). #2 syslog traditionally has been assigned a dedicated port in the system range (514 and 601). #3 syslog was considered important enough to assign a dedicated port in the past (601 with RFC 3195) - the same, IMHO, applies to this effort (but see note below) #4 the syslog daemon is considered an essential system service and part of many important operating systems #5 I think operators expect a dedicated port for an essential protocol #6 a dedicated port greatly reduces the likelyhood of syslogd startup errors due to port being used by another process #7 a dedicated port greatly reduces ambiguity, which is especially important as a number of SOHO decives/applications is expected to implement the protocol. For low-knowledge, "nearly plug-and-play" scenarios, senders and receivers need a universal understanding of the port number to use. #8 (derived argument) If I combine argument #1 and #4, there will be a very large number of systems utilizing that port, thus justifying assigning a scarce ressource. SO I think the importance of the protocol, user expectations and potential deployment justify the assignment of a port in the range < 1024. HOWEVER, the next question is if we actually need a *new* port. IANA has registered port 601 for "reliable syslog". This is an excerpt from the IANA table (http://www.iana.org/assignments/port-numbers): syslog-conn 601/tcp Reliable Syslog Service syslog-conn 601/udp Reliable Syslog Service # RFC 3195 Obviously, this is assigned for RFC 3195. As it currently looks, RFC 3195 does not live up to the expectation of widespread deployment (though it might be too early to judge this). If I look at syslog-tls and RFC 3195, both of them address the same need. Thus, a listener will probably listen to either of them, but not to both of them (IMHO at least in the majority of cases). It must be noted, however, that there may be cases where a single listener listens to both protocols. Even with the later, I would recommend to use already-assigned port 601 for syslog-tls in addition to RFC 3195. That would enable us to enjoy all the benefits of a dedicated port while we have only a slight chance of potential conflict with a very-seldomly-deployed other syslog protocol. I think the TLS negotiation phase will be totally different from RFC 3195 negotiation, so a receiver might be able to detect which syslog protocol is trying to connect and handle it accordingly. However, this must be seen in the light of real-world implementations (and most importantly openssl), because we should not rely on something that implementors can not implement with existing technology. Maybe it would pay to have an optional app-level negotiation phase (BEEP GREETINGS could be used for that! - so we could essentially change RFC 3195bis to allow the fallback to syslog-tls, removing any ambiguity). I hope this argument is convincing. Rainer > -----Original Message----- > From: Miao Fuyou [mailto:[EMAIL PROTECTED] > Sent: Monday, March 20, 2006 3:34 AM > To: 'Chris Lonvick'; [EMAIL PROTECTED] > Subject: [Syslog] Other syslog-tls Issues---Issue0 > > > I will update the document based on mailing list discussion > if there is no > strong objection. > > Let's also disscuss other issues: > > [Issue 0]: Do we need a Syslog TCP port for TLS transport? The > security community had debates about whether using special ports is > desirable. > > > > -----Original Message----- > > From: Chris Lonvick [mailto:[EMAIL PROTECTED] > > Sent: Monday, March 20, 2006 8:36 AM > > To: [EMAIL PROTECTED] > > Subject: RE: Framing in syslog messages - > > RE:[Syslog]Preliminarysyslog-transport-tls document - issue 3 > > > > > > Hi All, > > > > This sounds good and I believe that we have had a reasonable > > discussion of > > all of the options. Unless there are strong objections, I'll > > ask Fuyou > > and Yuzhi to incorporate this into their document. > > > > Thanks, > > Chris > > > > On Sat, 18 Mar 2006, Balazs Scheidler wrote: > > > > > _______________________________________________ > Syslog mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
