Hi Folks, My review comments of draft-ietf-syslog-transport-udp-04.txt. I'll ask Anton to address them and submit a new ID. Once that's in we can move into WG Last Call.
Thanks, Chris === The dates need updating. Copyright should be dated 2005. Spaces are needed before the reference bracket. The informational RFC 3164[7] originally described the syslog should be The informational RFC 3164 [7] originally described the syslog The following paragraph is part of the Introduction but should be in a separate section "Conventions Used in This Document". The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119[5]. The words 'byte' and 'octet' are used interchangeably in this specification. The last sentence should be a separate paragraph. Section 2 "One Message Per Datagram" contains: Each syslog UDP datagram MUST contain one and only one syslog message. The message MUST be formatted according to the RFC- protocol[2]. Additional data MUST NOT be present in the datagram payload. Doesn't this go against the rules of fragmentation where a single udp datagram may contain less than one syslog message? (I know what Anton is trying to say here but I don't think it's coming out exactly right.) Section 7 "UDP Checksums" needs to have the cases of keywords changed. Use of UDP checksums was defined as optional in RFC 768[1]. IPv6 has subsequently made UDP checksums required in RFC 2460[4]. Should be Use of UDP checksums was defined as OPTIONAL in RFC 768 [1]. IPv6 has subsequently made UDP checksums REQUIRED in RFC 2460 [4]. Also, there seems to be a problem with this. It seems to state that sending IPv4 hosts don't have to send accurate udp checksums but that recieveing IPv4 hosts must discard datagrams with inaccurate udp checksums. Use of UDP checksums was defined as optional in RFC 768[1]. and Syslog senders SHOULD use UDP checksums when sending messages over IPv4. but then Syslog receivers MUST check the checksums whenever they are present and discard messages with incorrect checksums. Can we get this addressed? (Probably the section should say that it is RECOMMENDED that both senders and receivers use the checksums. It's probably worth a comment in the Security Considerations section as well.) Grammar in Section 8.2 "Message Corruption" implementation itself. For example, several earlier UDP implementations defaulted to a buffer size of less than 65536 bytes and truncated larger payloads upon reception [9]. By following the The last sentece should be: and truncated larger payloads upon receipt [9]. By following the === _______________________________________________ Syslog-sec mailing list Syslog-sec@www.employees.org http://www.employees.org/mailman/listinfo/syslog-sec
