________________________________________
From: Syslog <[email protected]> on behalf of Chris Lonvick
<[email protected]>
Sent: 10 December 2021 23:27
To: [email protected]; [email protected]; Joe Salowey; Arijit Bose
Subject: [Syslog] Fwd: I-D Action: draft-ciphersuites-in-sec-syslog-00.txt
Hi Folks,
As Tom and Jurgen noted, Arijit Kumar Bose did send some notes to the Syslog
mailing list. By the time I had snapped to, the system had timed most of them
out. I finally got that last one approved and forwarded to the mailing list.
Arijit (and the IEC WG15) rightly notes that the RFCs are using deprecated
cipher suits and the DTLS RFC is using a deprecated version.
<tp>
Chris et al
This is flawed. The use of DTLS1.0 was noted by a security AD a long time ago
and is now deprecated and the syslog RFC have been updated accordingly so
anyone saying that syslog uses a deprecated version is wrong; they need to
understand the IETF process.
I tracked the work on the TLS list and even posted to that list the fact that
the syslog RFC were missing. I was ignored so I tried again at IETF Last Call
and this time got them included (Ignoring me does not make me give up:-)
So your I-D needs to reflect the existing update. Reinventing the wheel will
likely cause confusion amongst subsequent ADs.
Tom Petch
Sean, Joe, and I worked out a -00 draft to address these issues. Like all -00
IDs, it's open to comments. :-) We know that there are some larger efforts
underway to address TLS, DTLS and cipher suites. We're not going to try to do
that here. Rather, we'd like to update RFCs 5425 and 6012 to get them compliant
with current standards with a minimal impact to current implementations.
Sean is going to run this by the secdispatch group to see if they can make a
recommendation on where this may be best addressed and discussed. I'm sure that
we'll get some good input from the group here on the Syslog mail list, so
please send in your comments and let's get these two RFCs updated to using
current best practices.
Best regards and have a great weekend,
Chris
-------- Forwarded Message --------
Subject: I-D Action: draft-ciphersuites-in-sec-syslog-00.txt
Date: Fri, 10 Dec 2021 14:57:44 -0800
From: [email protected]<mailto:[email protected]>
Reply-To: [email protected]<mailto:[email protected]>
To: [email protected]<mailto:[email protected]>
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Updates to the Cipher Suites in Secure Syslog
Authors : Chris Lonvick
Sean Turner
Joe Salowey
Filename : draft-ciphersuites-in-sec-syslog-00.txt
Pages : 8
Date : 2021-12-10
Abstract:
This document updates the cipher suites in RFC 5425, Transport Layer
Security (TLS) Transport Mapping for Syslog, and RFC 6012, Datagram
Transport Layer Security (DTLS) Transport Mapping for Syslog. It
also updates the transport protocol in RFC 6012.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ciphersuites-in-sec-syslog/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ciphersuites-in-sec-syslog-00.html
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
_______________________________________________
I-D-Announce mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
_______________________________________________
Syslog mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/syslog
