Hi, Many of the changes were made at my request. I believe the document as written would not have made it through IESG approval.
1) the IETF has defined a standard syslog; how to make your legacy proprietary version work is not an IETF problem. 2) the syslog WG was created to develop a secure syslog solution with secure transport and signing capability. How to make your legacy proprietary version work over non-secure transport is not an IETF problem. 3) Publishing this as a proposed standard seems to violate BCP 61. syslog/tls already provides "strong security" over tcp, so syslog/tcp is not needed to meet IETF goals. Under what circumstances is it **desirable** to use this specification (with no strong security available) in the Internet? Why not use the syslog/TLS specification, with the security features administratively turned off within secure environments? You cannot justify implementing this by saying things like "syslog/TLS is required and this is optional", and not explain WHY this additional non-bcp61-compliant specification is needed. 4) The aim of this IETF specification should be to document "how TCP MAY be used as a transport for standardized syslog", when the standard secure transport may not apply. (But I expect serious pushback from the IESG on this; see #3) Because this might have to work with legacy deployments, we also include as an appendix "how to correlate the legacy and standard usages." 5) RFC3164 is just a survey, not a specification. 6) RFC2119 language needed to be cleaned up. David Harrington Director, IETF Transport Area [email protected] (preferred for ietf) [email protected] +1 603 828 1401 (cell) > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of t.petch > Sent: Tuesday, November 02, 2010 1:02 AM > To: Chris Lonvick; [email protected] > Subject: Re: [Syslog] New Version Notification > fordraft-gerhards-syslog-plain-tcp-05 (fwd) > > Chris > > I had not noticed before but this seems to have changed > direction during the > summer; Informational not Standards Track, and stressing > byte-counting more, > byte-stuffing less. > > I do find it less clear. I think that the Introduction needs > more work in the > light of the changes to the rest of the document. I read > "This specification includes descriptions of both > format options in an attempt to ensure that standardized syslog > transport receivers can receive and properly interpret > messages sent > from legacy syslog senders." > got to the end of the document and thought 'oh no it does > not!' and then > realised that this is now an Appendix whereas before it was > in the main body. > Of course, if you never knew it was in the body, you might > not be as confused as > I. > > But really, the emphasis on standardised and legacy syslog > seems misplaced. The > carriage over TCP is the same whether the carried is > SYSLOG-3164 or SYSLOG-MSG > so the distinction seems spurious. And SYSLOG-3164 does not > appear in any RFC > or I-D I can find. > > Rather, you have two forms of adaptation to carry a message, > and what that > message is is mostly academic. > > Separately, I think that more is needed on Security. It is > easier to sabotage > TCP than it is UDP; spurious FIN, RST etc. > > And I think more is needed on closing the session. The > transport receiver > detects a format error (well, the transport sender is not > going to) sends FIN, > gets FIN-ACK and .... the transport sender carries merrily > on. I think that > there should be a recommendation that the transport sender > closes the connection > and reopens it if it wants to. > > Tom Petch > ----- Original Message ----- > From: "Chris Lonvick" <[email protected]> > To: <[email protected]> > Sent: Friday, October 01, 2010 9:16 PM > Subject: [Syslog] New Version Notification for > draft-gerhards-syslog-plain-tcp-05 (fwd) > > > > Hi Folks, > > > > While this is a non-WG item, there are some people interested. I've > > updated the syslog/tcp draft and I'll invite reviews and comments. > > > > Thanks, > > Chris > > > > ---------- Forwarded message ---------- > > Date: Thu, 30 Sep 2010 09:04:15 -0700 (PDT) > > From: IETF I-D Submission Tool <[email protected]> > > To: [email protected] > > Cc: [email protected] > > Subject: New Version Notification for > draft-gerhards-syslog-plain-tcp-05 > > > > > > A new version of I-D, > draft-gerhards-syslog-plain-tcp-05.txt has been > successfully submitted by Chris Lonvick and posted to the > IETF repository. > > > > Filename: draft-gerhards-syslog-plain-tcp > > Revision: 05 > > Title: Transmission of Syslog Messages over TCP > > Creation_date: 2010-09-30 > > WG ID: Independent Submission > > Number_of_pages: 14 > > > > Abstract: > > There have been many implementations and deployments of > legacy syslog > > over TCP for many years. That protocol has evolved without being > > standardized and has proven to be quite interoperable in practice. > > > > The aim of this specification is to document three things: how to > > transmit standardized syslog over TCP, how TCP has been used as a > > transport for legacy syslog, and how to correlate these usages. > > > > > > > > The IETF Secretariat. > > > > > > _______________________________________________ > > Syslog mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/syslog > > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
