Hi, (chair hat ON)
The WG under this charter will standardize a DTLS transport for syslog, providing a secure transport for syslog messages in cases where a connection-less transport is desired. The threats that this WG will primarily address are modification, disclosure, and masquerade. A secondary threat is message stream modification. These are consistent with those addressed in RFC 5425. Our job is to define a DTLS transport for syslog. I don't interpret the charter as saying we need to show why TCP is inadequate. syslog/tls is mandatory-to-implement. syslog/dtls is not. Syslog/dtls is being designed for cases where a connection-less transport is desired. We provide the specification of how to do so in a standardized manner. (chair hat OFF) Applicability is an operational/deployment decision. It might be good to state that in the document. I would be fine with a statement that says syslog/dtls SHOULD be used when the operational environment demands a secure connection-less transport, but syslog/tls SHOULD be used in normal operating environments for purposes of interoperability. dbh > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Juergen Schoenwaelder > Sent: Wednesday, February 24, 2010 5:46 PM > To: tom.petch > Cc: [email protected] > Subject: Re: [Syslog] Please review draft-ietf-syslog-dtls-01 > > On Wed, Feb 24, 2010 at 08:19:31PM +0100, tom.petch wrote: > > > > You do not have to 'criticize' SYSLOG over TLS/TCP - there will be > > > situations where there simply is no TCP, see 6lowpan et > al. The best > > > thing is to concentrate on defining how SYSLOG over DTLS > works and to > > > leave out any discussion about 'shortcomings' of TLS/TCP or how to > > > choose the best SYSLOG transport for a given network for future > > > documents. > > > > I see many I-Ds criticised for failing to say why they should exist. > > The limitations of TCP and the attractions of UDP justify this I-D > > so I regard those preliminary paragraphs as a necessary part of this > > I-D. Ir might be called an applicability statement. > > Good luck with spelling out the "limitations of TCP" in a way that > does not look hand waving and passes the reviews without triggering > nasty questions. Leave the discussion which transport to choose in > which situation to a future SYSLOG applicability statement document. > > /js > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
