Re: [netmod] Eric Rescorla's No Objection on draft-ietf-netmod-syslog-model-23: (with COMMENT)

Thu, 08 Mar 2018 00:42:13 -0800 

Eric,

Eric Rescorla has entered the following ballot position for
draft-ietf-netmod-syslog-model-23: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-netmod-syslog-model/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

https://mozphab-ietf.devsvcdev.mozaws.net/D4614

It's not a problem with this document, but I took a quick look at
draft-ietf-netconf-tls-client-server and I've got some concerns. Here are a few
examples:

- You can set the cipher suite but not key sizes and groups You can
- say sort of incoherent things in TLS like "I support TLS 1.0 and TLS
  1.2 but not TLS 1.1" (there is no way to negotiate this in TLS 1.2)

I'll try to get a chance to give this a real review, but I wanted to mention it
before I forgot.

    We are using definitions of syslog protocol from [RFC5424] in this
    RFC.
Not a big deal, but this introduction feels like it ought to say what the
document is about, not just about syslog.

    The severity is one of type syslog-severity, all severities, or none.
    None is a special case that can be used to disable a filter.  When
    filtering severity, the default comparison is that messages of the
This seems to be the first use of the term filter to mean this entity

I'm not sure I understand the call for action here.
In the YANG module, we called this facility-filter:

       container facility-filter {
         description
           "This container describes the syslog filter parameters.";
         list facility-list {
           ...



          subtree, implementations MUST NOT specify a private key that is
          used for any other purpose.
It seems like the data that syslog writes is sensitive, so the ability to write
a destination reflects a high degree of risk.

Again, what is the call for action here?

Regards, B.



.




_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Reply via email to