-----Original Message-----
From: Eliot Lear [mailto:[EMAIL PROTECTED]
Sent: Friday, January 26, 2007 4:46 AM
To: Chris Lonvick
Cc: [EMAIL PROTECTED]
Subject: Re: [Syslog] 3195bis before syslog-sign
Chris & all,
As you mentioned, Darren, Marshall, and I will produce an
internet-draft
that revises RFC 3195 (rfc3195bis). As part of that effort
we envision
accomplishing the following:
* Obsoleting RAW and COOKED profiles. The RAW profile
has a length
limitation that we have been told is not appropriate for
syslog-signed. The COOKED profile has seen no uptake. This
dramatically simplifies the draft.
* A new profile that has taken on the name of TARTARE will
essentially be RAW rev 2. Messages sent with the
TARTARE profile
will conform to draft-ietf-syslog-protocol's syntax, and have no
length limitation.
* We will review existing security considerations. For instance,
RFC 3195 calls for use of 3DES for TLS. We propose that the new
draft take on a more modern approach with regard to algorithm
agility and which algorithm SHOULD be the low bar.
In our early drafty draft, we were unable to eliminate all
references to
RFC 3164, due to reference of security considerations seemingly not
covered in draft-ietf-syslog-protocol. However, those references that
remain are NOT normative. If a complete separation for 3164
is desired
we will need to incorporate a few of those remaining concerns, where
IMHO the existing text in 3164 is sufficient.
Finally, do people desire any other changes that would be considered
necessary either for draft-ietf-syslog-protocol or for the
forthcoming
syslog-signed work?
We predict this work to progress rapidly.
Thanks,
Eliot
Chris Lonvick wrote:
Hi Folks,
David Harrington and I had a talk about syslog-sign and its
dependencies upon 3195bis. As was noted in the email discussion it
would be messy to try to publish syslog-sign with dependencies upon
3195, then update 3195, then revise syslog-sign. We had a
talk with
Sam Hartman, our AD, who agreed that we should revise RFC 3195 to
eliminate unnecessary dependencies.
David and I are pleased to announce that Darren New,
Marshall Rose and
Eliot Lear have volunteered to produce a revision to RFC 3195. We
expect that this will be a transport for syslog-protocol so that
syslog-sign, and any other, future applications, can make use of
syslog-protocol without having to worry about transport
dependencies.
Other goals of 3195bis will be to deal with the length
limitation in a
manner consistent with the other transports, and to eliminate
references to RFC 3164.
We've have had an initial explanation of how the authors
will revise
3195 which sounds reasonable. I will let Darren, Marshall
and Eliot
propose the changes to the list. This should be a quick effort so
please pay attention and discuss this on the list so we can get it
moving.
Thanks,
Chris & David
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog