Picking up on the point of commonality between DTLS for IPFIX, ISMS and syslog:
- having a common statement of how to check certificates would save work here and elsewhere ie get draft-hodges-server-ident-check-00.txt to include as a minimum the cases covered in syslog-tls and get that I-D progressing onto standards track so as to use it as a normative reference (can we steal it from apps into security:-). - syslog has tls as RECOMMENDED transport at the insistence of the IESG because it has flow control and the others do not. DTLS over UDP has no flow control and so, by analogy, I would expect it to be unacceptable to the IESG ie it will have to be DTLS over SCTP that will have to be there as well or instead (something I did not think of in 2006). - having written a DTLS I-D (and looked at many more), I am inclined to agree with Wes that there will not be much in common (apart from certificate checking - see above) Tom Petch ----- Original Message ----- From: "Chris Lonvick" <[email protected]> To: <[email protected]> Cc: <[email protected]> Sent: Thursday, July 30, 2009 4:50 PM Subject: [Syslog] syslog WG meeting minutes (proposed) > Hi Folks, > > Here are the meeting minutes that I took. Please send back edits if you > want anything changed. > > === > Meeting was started, blue sheets passed around, no one in jabber room > other than the people in the room. > > Chairs went through the slides. > > Q about syslog/BEEP on slide 10: We're not proposing to standardize this; > it's already RFC 3195. Since the uptake on implementation (of this RFC, > and of BEEP overall) is low, then the WG should consider moving the RFC to > HISTORIC. > > Jurgen S. gave a review of his thoughts on the proposed new charter items: > Slide 8, > MIB, OK > DHCP, has some operational value > don't need an architectural reference to be done in the IETF > Slide 9 > might be interesting to have a guideline but not sure who would commit > the time to do that > DTLS, should be done and aligned with RFC 5425 (syslog/tls) > syslog/tcp, should be very straightforward and easy to do > syslog/BEEP, declare HISTORIC > > Dan R. - Since syslog WG is proposing to do syslog/DTLS is there enough > commonality so that ISMS/DTLS and IPFIX/DTLS can re-use? > - Consensus was that this was likely. David also noted that the others > are also doing SCTP. > > Pasi E. - syslog/DTLS should be easy since it will draw directly from > syslog/TLS. > - IPFIX also working on Dead Peer Detection (DTLS Heartbeet), we should > likely support this as well. > - There were problems with the previous IPFIX/DTLS but that was because > of bad libraries in OpenSSL which have since been fixed. > > Wes H. - there is not that much commonality between the schemes because of > a lot of useage details. > > Chris and David have asked Joe Saloway to act as WG editor for the DTLS > work. > > Meeting adjurned at 10am. > > === > > Thanks, > Chris > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
