At 8:40 AM -0500 9/19/01, Chris Lonvick wrote:
>Hi Jon and All,
>
>Overall, this looks good. Below are some items that I think need
>to be addressed in the ID. These are almost exclusively items of
>harmonization with RFC 3164. The content of this looks very good.
>
>Thanks,
>Chris
>
>=====
>
>1. Introduction
>- The term "CONTEXT" was replaced with "CONTENT" in RFC 3164.
>- There is no Section 4.2.2 in RFC 3164. Change that to Section 4.
>
Done.
>2. Signature Block Format and Fields
>- Change "MSG part" to "HEADER part".
>- Generalize "Section 4.1" to "Section 4".
>
Done.
>2.1 syslog Packets Containing a Signature Block
>- Change "PRI part and a MSG part" to "PRI, HEADER and MSG parts".
>- At the top of page 5, change "MSG" to "HEADER", and "CONTEXT" to
> "CONTENT".
Done.
>- Would it be better to turn the list of fields into a table?
> Perhaps rows of "term", "shorthand notation" and length; e.g.:
> Cookie CKI 9 octets
I don't know, would it? :-)
I know that's a smartass answer, but I'm not sure what to say. I can give
terms shorthand as you mentioned, but I'd just as soon keep the longer
term. That's clearer to me. The things I'm fixing below are overloading
shorthands.
I edited it up into columnar format with name and size and it indeed looks
better to me, and I'm not particularly visual.
Also just as a note, as I was editing up the previous draft, I noticed that
John used "byte" rather than "octet." I didn't change this. I'm personally
of the opinion that "byte" means an 8-bit number. Yes, yes, I know why
there's the word octet. I'm old enough to remember when "byte" wasn't
settled. I think it is now, and that "byte" and "octet" are merely
synonyms. If you have a six-bit byte, then you should call it out.
>- There is a perception conflict between the use of "PRI" here and
> the "PRI" field of the syslog message. This is changed to "priority
> field" in section 2.2 and again in 4.3.
It appears to already be that way. I missing something, what is it? Should
I change the PRI name (section 2.1, item a) to "Priority"?
>- You say, "Recall that ... binary values are base-64 encoded." however,
> that has not been referenced before that point. ;-)
>
Reworded.
>4.3 Building the Certificate Block
>- Would it be clearer to add a block diagram? I'm not sure how that
> would look with the "priority" field being variable of 1, 2 or 3
> octets.
>
I've edited the table to have columns. I think that works all right. A
block diagram works well when there are regular, aligned fields. (In fact,
I think a feature of making block diagrams is that it encourages regular,
aligned fields.) However here we have odd lengths (12 and 48 bits) and lots
of them integers encoded into base-64. We also have a variable length
payload. A block diagram may make things more confusing. Let me finish with
editing it into columns and polishing the language and if that still
confuses, we'll try something else.
>Would it be more clear if an example were added of a group of syslog
>messages followed by a syslog-sign message?
Sample messages are always a good idea, in my opinion. You don't need many,
just one or two. Would someone like to code them up for me? I would like to
see one as a blob, and then dissected.
I'm going to send you privately my update so you can compare it to your
comments before everyone gets it.
Jon
