David, WG, > -----Original Message----- > From: David Harrington [mailto:[EMAIL PROTECTED]
[snip] > It is important that we make progress and not just discuss the > alternatives, ad infinitum, however. We need volunteers who are > willing to put in the work to write viable internet-drafts and drive > them to completion, or the discussions are largely useless. > > So, I will make these requests to help focus the discussions: > 1) please indicate which secure transports you consider to be > feasible, -transport-ssh, rfc3195bis, [-transport-tls] > 2) please indicate which secure transports address which syslog > threats (they're listed in syslog/tls), section 2 of -transport-tls, IMHO, applies to all three > 3) please indicate which secure transport you volunteer to write a > draft for, and I have acutally "written" (copy&paste plus a few sentences) something that could be a starting point for -transport-ssh: http://www.syslog.cc/ietf/drafts/draft-ietf-syslog-transport-ssh-00pre.t xt If it is WG consensus, I can submit this as an WG document. The current version describes the overall picture plus a weak idea of framing and transmission (sections 4, 5, and 6). This idea was taken from the current discussion on -transport-tls. However, I consider it to be very insufficient and have made no attempt to specify it in depth. If we adopt this document, I would further investigate how a proper framing would look like. I have on my mind to borrough some ideas from netconf, but use them in the simple spirit of syslog (e.g. we might use the same opening with a syslog-reserved URI, if the netconf-WG does not object against this, but it is too early to discuss such issues). I would also volunteer to update 3195 to 3195bis, if their original authors are not available for that. I expect to need some help on the XML schema when doing so. As I have already written, I expect this to be an extremely easy and quick task. My summary in the other mail was concluding. There is no need for any additional edits. > 4) please indicate which secure transport you would commit to > implement in your products (and do you have the decision-making > authority to commit what gets implemented in shipping products?). With a very high probability, we would implement -transport-ssh and with a somewhat lower probability we would change our rfc 3195 implementation to support 3195bis. I would expect this to happen in our products as well as in liblogging/rsyslog (open source projects). I have sufficent decision-making authority to make this commitment (not thinking about major market or overall company policy changes). I would deeply appreciate feedback if I should submit the -transport-ssh draft as a WG document. Rainer > > Disclaimer: products do not need to be commercial products; they can > be freely available implementations, such as open source libraries. > > Thanks, > David Harrington > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > co-chair, Syslog WG > > > > -----Original Message----- > > From: Chris Lonvick [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, June 20, 2006 10:05 AM > > To: Rainer Gerhards > > Cc: [EMAIL PROTECTED] > > Subject: Re: [Syslog] IESG secure transport requirement can > > be quicklysolved... > > > > Hi Everyone, > > > > > > On Tue, 20 Jun 2006, Rainer Gerhards wrote: > > > > > > I would appreciate if the chairs could try to reach consensus on > my > > > proposal. > > > > > > Comments are appreciated. > > > Thanks, > > > Rainer > > > > I'll apologize up front for not paricipating in some recent > > dicussions. > > I'm on a business trip and rather busy with the day job right now. > > > > I am willing to listen to a discussion of this proposal. As > > Rainer says, > > please provide some input and comments. > > > > Thanks, > > Chris > > > > _______________________________________________ > > Syslog mailing list > > Syslog@lists.ietf.org > > https://www1.ietf.org/mailman/listinfo/syslog > > > > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
