Hi! Chris asked me to review this draft. Comments below.
Section 1 "DTLS has been mapped onto different transports (i.e. UDP [RFC0768] and DCCP [RFC4340] ), to secure syslog in more situations." AO: Remove " to secure syslog in more situation". This paragraph is giving a general overview of DTLS and it is independent of syslog. Otherwise, reader is confused into thinking that DTLS was mapped as described for the benefit of syslog. "For systems where DCCP is either not available or not usable (such as the aforementioned situation)," AO: Don't see any "aforementioned situation" in text or don't get the reference. "In those circumstances where reliability or ordering is important, SYSLOG over TLS is appropriate." AO: This would be best moved to end of first paragraph where Syslog over TLS is introduced. "Syslog over TLS does not provide application layer acknowledgements and therefore is not a fully reliable solution." AP: Same comment as above. This criticism leaves a question as to whether the newly defined mapping solves this problem. If not, it should be pointed out as a drawback of both mappings, not just TLS. Possibly, best addressed elsewhere in a Reliability section. Section 2 "A "DTLS client" is an application that can initiate a DTLS Client Hello to a server." AO: Further in the document we have... " The transport sender initiates a DTLS connection by sending a DTLS Client Hello to the transport receiver. "A SYSLOG transport sender is always a DTLS client and a transport receiver is always a DTLS server." AO: Why do we need 4 terms then? If they are equivalent, may be best to just add further description to transport sender/receiver and stick them? Section 3 " The security requirements for Syslog are discussed in [RFC5425]." AO: Suggest changing to: " The security requirements for Syslog are discussed in Section 2 of [RFC5425] and apply to this transport mapping." Section 5.3.1 " The transport receiver and transport sender SHOULD provide mechanisms to record the end-entity certificate for the purpose of correlating it with the sent or received data." AO: Which exact fields of the certificate? Surely not entire certificate. Maybe full DN + SubjectAltName + AuthorityKeyIdentifier? Section 5.4.1 The message size SHOULD NOT exceed the DTLS maximum record size limitation of 2^14 bytes. AO: SHOULD NOT or MUST NOT? When mapping onto different transports, DTLS has different record size limitations. AO: Can we mention limitations with UDP and DCCP here, so people don't have to dig and do the math on extra size header overhead? Anton. _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
