Re: [Syslog] New syslog/tcp draft available

Find in this group all groups

Home Log In Sign Up FAQ

Unknown

more information…

s : syslog@ietf.org

1 February 2011 • 10:48AM -0500

Re: [Syslog] New syslog/tcp draft available
by Chris Lonvick

Google me that

REPLY TO AUTHOR

Google me that

REPLY TO GROUP

Hi Sean,

I've seen that but I don't want this document to sit idle for the next
couple of years while that matures and becomes a normative and
stable reference via becoming an RFC.

I'm really thinking that putting in definitive references for transport
layer vulnerabilities is going a bit beyond what is expected of an
INFORMATIONAL document.  That being said, I think it's a good idea and am
willing to pursue it within reason.

Gont's document does reference a paper by Steve Bellovin:
    Bellovin, S. M. 1989.  Security Problems in the TCP/IP Protocol
    Suite.  Computer Communication Review, Vol. 19, No. 2, pp. 32-48.
That may be found here:
   http://portal.acm.org/citation.cfm?id=378449

What would you think about referencing that document as an INFORMATIVE
reference in the third subsection of the Security Considerations section?

Thanks,
Chris

On Sun, 30 Jan 2011, Sean Turner wrote:

> Chris,
>
> Not sure if this is what you're looking for, but have you checked out:
> http://datatracker.ietf.org/doc/draft-ietf-tcpm-tcp-security/
>
> spt
>
>
> On 1/30/11 12:01 PM, Chris Lonvick wrote:
>>  Hi Folks,
>>
>>  We've finally gotten around to revising draft-gerhards-syslog-plain-tcp.
>> : -)
>>
>>  This addresses the issues that Tom raised about
>>  - the intro specifically stating what to expect in the body of the text
>>  - a note on the transport security.
>>
>>  For the first, we just sort'a straightened things out with a few edits.
>>  For the latter, I looked in many places for a list of TCP
>>  vulnerabilities but couldn't find anything substantial. The US-CERT had
>>  a few implementation things and there were a scattering of other things.
>>  In the end, I just added a subsection to warn impelemters to look
>>  closely before writing code. If anyone has any other suggestions, please
>>  let us know.
>>
>>  Thanks,
>>  Chris
>>  _______________________________________________
>>  Syslog mailing list
>>  Syslog@ietf...
>>  https://www.ietf.org/mailman/listinfo/syslog
>>
>
_______________________________________________
Syslog mailing list
Syslog@ietf...
https://www.ietf.org/mailman/listinfo/syslog

Bookmark with:

Delicious

Digg

Facebook

StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.