Hi,
Chris asked me as well to review draft-ietf-syslog-dtls. I agree with the overall sentiment that this draft is in good shape. Here are my comments: 1.Editorial: "Syslog" or "SYSLOG" - should use consistent (non-)capitalization throughout. 2. Introduction, last paragraph: This could use a little editorial wordsmithing: For one, "SYSLOG over DTLS over DCCP [RFC5238 <http://tools.ietf.org/html/rfc5238> ]" - is it clear where the parantheses are set? Might consider putting the reference into the previous paragraph ("DTLS has been mapped onto different transports"). Actually to that last sentence in the second-to-last-paragraph, is it true that DTLS was mapped onto different transports specifically just to secure syslog? This is what it sounds like. 3. In addition, the Introduction also states: "For systems where DCCP is either not available or not usable (such as the aforementioned situation), DTLS over UDP is also defined. " At the same time, section 5.1 states: "Implementations of this specification MUST support DTLS over UDP" So, the statement in the Introduction seems to be a bit misleading as it appears to imply that DTLS over UDP is optional, specifically as it seems to make the decision whether or not to implement it dependent just on what is suppoted on the system (and not end-to-end considerations). 4. I am not sure about the purpose of the Introduction's last sentence. ("Syslog over TLS does not provide application layer acknowledgements and therefore is not a fully reliable solution.") If anything, this seems to belong into the second paragraph, where it talks about performance as an issue that is part of the motivation for a different transport. 5. Section 5.1: the term "session" should be introduced. This is the first time the term occurs in the document. What is the relevance of a session in the context here? 6. Section 5.1: Last paragraph, first sentence can use wordsmithing ("When TCP is used syslog over DTLS MUST NOT be used.") When TCP is used for what? Might better state that syslog over DTLS must only be used when DTLS does not use TCP. Actually, why is this prohibition there in the first place - is it simply not a good idea, or must it really be prohibited? 7. Section 5.1, 2nd sentence: needs wordsmithing - for one, has-->have; is this really a single port? 8. Section 5.4.1: I think there is a little potential for confusion regarding message length. I am assuming that message length refers to the length of the syslog message, per section 5.4. 5.4 also states that syslog messages do not have to align with DTLS records - allowing application data presumably to be fragmented across frames (as a syslog message is always contained as a whole within a syslog frame). However, in 5.4.1, it is also stated that "The message size SHOULD NOT exceed the DTLS maximum record size limitation". Why is that? (And, is "message size" the same as "(syslog) message length". Kind regards --- Alex
_______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
