Replying to no-one specifically, I think one significant consideration is being
missed.
Basing security on a secure transport may already exist as an implementation but
not as an I-D. I expect it to take at least 6 months, more like 12, to produce
an IESG ready I-D. By that time, our
Truncation of UTF-8 is actually slightly worse than has been described.
It is possible to determine from the UTF-8 octets where one coded character ends
and another begins. But because Unicode contains combining characters, with no
limit on how many of these there can be, and these modify the
Another possible
threat to consider for a Syslog
environmentis:
Traffic Pattern
Analysis - It is sometimes used as a form of reconnaissance to further hone an
attack. The focus of attention is on how the network is being used as opposed to
the data content being moved. An analysis of
