On Wed, Nov 22, 2006 at 09:12:38AM +0800, Miao Fuyou wrote:
> There are two major changes since last update.
> 1, Section 3 is removed. It is an introductory text on TLS, and is neccesary
> because TLS is already a normative reference.
> 2, Updated the section 4.3.2 (original 5.3.2), removed the text about TLS
> layer alert to signal a syslog-transport event
I questioned the need for a version number for the TLS transport in
private conversation and now I bring this up again here. I believe we
should agree on a single solution scheme and not introduce any options
here since signalling of a version mismatch is difficult in a fire and
forget situation. The current text says:
> If a receiver does not support the version in the messages it
> received, it MAY just save the APPLICATION-DATA in local storage or
> send a close_notify to signal the closure of the connection. If a
> sender/relay finds connections are closed just after successful TLS
> handshake for three times with same transport mapping version, it
> SHOULD not connect the receiver again with the same transport mapping
> version.
This does not at all sound very convincing to me (and I assume what
the author wanted to say is not well said because I believe the
trigger for not trying again would be a close after sending the first
syslog message and not after the successful TLS handshake). Is there
not a potential attack possible here by successfully "killing" a TCP
connection three times in a row?
/js
--
Juergen Schoenwaelder {International|Jacobs} University Bremen
<http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany
_______________________________________________
Syslog mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/syslog
