Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog
draft-ietf-syslog-dtls-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the Yes position for Jari Arkko |
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Tim Polk |
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Adrian Farrel |
2010-07-09
|
06 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2010-07-09
|
06 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2010-07-09
|
06 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2010-07-08
|
06 | Cindy Morgan | State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan |
2010-07-08
|
06 | Tim Polk | [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Undefined by Tim Polk |
2010-07-08
|
06 | Tim Polk | Created "Approve" ballot |
2010-07-08
|
06 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2010-07-08
|
06 | (System) | IANA Action state changed to In Progress |
2010-07-08
|
06 | Cindy Morgan | IESG state changed to Approved-announcement sent |
2010-07-08
|
06 | Cindy Morgan | IESG has approved the document |
2010-07-08
|
06 | Cindy Morgan | Closed "Approve" ballot |
2010-07-08
|
06 | Tim Polk | [Ballot Position Update] Position for Tim Polk has been changed to Undefined from Discuss by Tim Polk |
2010-07-08
|
06 | Jari Arkko | [Ballot Position Update] Position for Jari Arkko has been changed to Yes from Discuss by Jari Arkko |
2010-07-07
|
06 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2010-07-07
|
06 | (System) | New version available: draft-ietf-syslog-dtls-06.txt |
2010-05-20
|
06 | Cindy Morgan | State Changes to IESG Evaluation::Revised ID Needed from Waiting for AD Go-Ahead by Cindy Morgan |
2010-05-20
|
06 | Adrian Farrel | [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss by Adrian Farrel |
2010-05-20
|
06 | Adrian Farrel | [Ballot discuss] I am not a security expert so I would like to discuss with the Security ADs whether this work shouldn't also discuss (automatic) … [Ballot discuss] I am not a security expert so I would like to discuss with the Security ADs whether this work shouldn't also discuss (automatic) key management in the context of RFC 4107. |
2010-05-20
|
06 | Adrian Farrel | [Ballot Position Update] New position, Discuss, has been recorded by Adrian Farrel |
2010-05-20
|
06 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2010-05-20
|
06 | Ralph Droms | [Ballot comment] Nit...in the following text from section 5.1: Transports, such as UDP or DCCP do not provide session multiplexing and session-demultiplexing. use … [Ballot comment] Nit...in the following text from section 5.1: Transports, such as UDP or DCCP do not provide session multiplexing and session-demultiplexing. use either 0 or 2 commas around "such as UDP or DCCP". |
2010-05-20
|
06 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms |
2010-05-20
|
06 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded by Gonzalo Camarillo |
2010-05-20
|
06 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2010-05-20
|
06 | Lars Eggert | [Ballot comment] I support Jari's and Tim's DISCUSSes. Section 8., paragraph 1: > IANA is requested to assign a registered UDP and DCCP port … [Ballot comment] I support Jari's and Tim's DISCUSSes. Section 8., paragraph 1: > IANA is requested to assign a registered UDP and DCCP port number for > syslog over DTLS. The same value as for syslog over TLS (6514) is > requested. Do you also want the same service name (i.e., syslog-tls) for 6514/udp and 6514/dccp? |
2010-05-20
|
06 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert |
2010-05-19
|
06 | Russ Housley | [Ballot comment] Please consider the proposed change in the Gen-ART Review by Miguel Garcia on 17-May-2010: In Section 5.3, the last sentence of … [Ballot comment] Please consider the proposed change in the Gen-ART Review by Miguel Garcia on 17-May-2010: In Section 5.3, the last sentence of the first paragraph reads: "When the DTLS handshake has finished, the transport sender MAY then send the first syslog message." I think what you really want to say is: "The transport sender MUST NOT send any syslog message before the DTLS handshake has successfully completed." |
2010-05-19
|
06 | Russ Housley | [Ballot comment] Please consider the minor issues raised in the Gen-ART Review by Pete McCann on 17 May 2010. Section 7: … [Ballot comment] Please consider the minor issues raised in the Gen-ART Review by Pete McCann on 17 May 2010. Section 7: The configured values for these four 6rd elements are identical for all CEs and BRs within a given 6rd domain. ... 6rdBRIPv4Address The IPv4 address of the 6rd Border Relay for a given 6rd domain. Taken together, these statements seem to imply that there can only be one BR for a given domain, or at least that all CEs must be configured to have the same set of BRs. I note that in section 7.1.1 it is possible to provision more than one BR address. Can this set be different for different CEs? I can imagine a situation where different CEs are homed on different BRs. Section 9.2: In order to prevent spoofing of IPv6 addresses, the 6rd BR and CE MUST validate the source address of the encapsulated IPv6 packet with the IPv4 source address it is encapsulated by according to the configured parameters of the 6rd domain. This seems to say that the CE should match the source IPv4 address of the BR to the source address of the encapsulated IPv6 packet, when receiving traffic from a BR. I assume that isn't what you meant. |
2010-05-19
|
06 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
2010-05-19
|
06 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Steve Hanna. |
2010-05-19
|
06 | Jari Arkko | [Ballot discuss] This is an excellent document and I was ready to post a Yes vote on the ballot. However, there is one detail. The … [Ballot discuss] This is an excellent document and I was ready to post a Yes vote on the ballot. However, there is one detail. The document says: When mapping onto different transports, DTLS has different record size limitations. The application implementer SHOULD determine the maximum record size allowed by DTLS protocol running over the transport in use. The message size SHOULD NOT exceed the DTLS maximum record size limitation of 2^14 bytes. To be consistent with RFC 5425, in establishing a baseline for interoperability, this specification requires that a transport receiver MUST be able to process messages with a length up to and including 2048 octets. Transport receivers SHOULD be able to process messages with lengths up to and including 8192 octets. This guidance seems quite weak in terms of avoiding excessive fragmentation. Or am I misunderstanding how DTLS records map to UDP packets? I am assuming its a 1-1 mapping, but maybe I'm mistaken. In any case, the document should say something about tuning applications and configurations to avoid excessively long packets due to inefficiencies and other problems that fragmentation may cause. |
2010-05-19
|
06 | Jari Arkko | [Ballot Position Update] New position, Discuss, has been recorded by Jari Arkko |
2010-05-18
|
06 | David Harrington | [Ballot Position Update] New position, Recuse, has been recorded by David Harrington |
2010-05-18
|
06 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2010-05-17
|
06 | Tim Polk | [Ballot comment] Given that disclosure is one of the primary threats described in Section 4, shouldn't the security considerations prohibit the use of cipher suites … [Ballot comment] Given that disclosure is one of the primary threats described in Section 4, shouldn't the security considerations prohibit the use of cipher suites with NULL encryption? |
2010-05-17
|
06 | Tim Polk | [Ballot discuss] There seems to be an essential disconnect between the conformance rquirements and the deployment guidance in this specification The second paragraph of Section … [Ballot discuss] There seems to be an essential disconnect between the conformance rquirements and the deployment guidance in this specification The second paragraph of Section 6 Congestion Control states: DCCP has congestion control. For this reason the syslog over DTLS over DCCP option is recommended in preference to the syslog over the DTLS over UDP option. However, in Section 5.1, Transport DTLS can run over multiple transports. Implementations of this specification MUST support DTLS over UDP and SHOULD support DTLS over DCCP [RFC5238]. For alignment with Section 6, it would seem that "MUST support DTLS over DCCP" would be more appropriate. |
2010-05-17
|
06 | Tim Polk | [Ballot comment] Given that disclosure is one of the primary threats described in Section 4, shouldn't the security considerations prohibit the use of cipher suites … [Ballot comment] Given that disclosure is one of the primary threats described in Section 4, shouldn't the security considerations prohibit the use of cipher suites with NULL encryption? |
2010-05-17
|
06 | Tim Polk | [Ballot discuss] Theer seems to be an essential disconnect between the conformance rquirements and the deployment guidance in this specification The second paragraph of Section … [Ballot discuss] Theer seems to be an essential disconnect between the conformance rquirements and the deployment guidance in this specification The second paragraph of Section 6 Congestion Control states: DCCP has congestion control. For this reason the syslog over DTLS over DCCP option is recommended in preference to the syslog over the DTLS over UDP option. However, in Section 5.1, Transport DTLS can run over multiple transports. Implementations of this specification MUST support DTLS over UDP and SHOULD support DTLS over DCCP [RFC5238]. For alignment with Section 6, it would seem that "MUST support DTLS over DCCP" would be more appropriate. |
2010-05-17
|
06 | Tim Polk | [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk |
2010-05-11
|
06 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Steve Hanna |
2010-05-11
|
06 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Steve Hanna |
2010-05-11
|
06 | Amanda Baber | IANA comments: ACTION 1: Upon approval of this document, IANA will make the following assignments in the "PORT NUMBERS" registry at http://www.iana.org/assignments/port-numbers Keyword Decimal Description … IANA comments: ACTION 1: Upon approval of this document, IANA will make the following assignments in the "PORT NUMBERS" registry at http://www.iana.org/assignments/port-numbers Keyword Decimal Description References ------- ------- ----------- ---------- syslog-dtls 6514/udp Syslog over DTLS [RFC-syslog-dtls-05] syslog-dtls 6514/dccp Syslog over DTLS [RFC-syslog-dtls-05] Action 2: Upon approval of this document, IANA will make the following assignment in the "Service Codes" registry at http://www.iana.org/assignments/service-codes/service-codes.xhtml Service Code ASCII Description Reference ------------ ----- ----------- --------- 1398361159 SYLG Syslog Protocol [RFC-syslog-dtls-05] We understand the above to be the only IANA Actions for this document. |
2010-05-09
|
06 | Sean Turner | [Ballot Position Update] New position, Yes, has been recorded for Sean Turner |
2010-05-09
|
06 | Sean Turner | Ballot has been issued by Sean Turner |
2010-05-09
|
06 | Alexey Melnikov | [Ballot comment] 5.4.1. Message Size There is no upper limit for a message length per se. As stated in [RFC4347], each … [Ballot comment] 5.4.1. Message Size There is no upper limit for a message length per se. As stated in [RFC4347], each DTLS record MUST fit within a single DTLS datagram. When mapping onto different transports, DTLS has different record size limitations. The application implementer SHOULD determine the maximum record size allowed by DTLS protocol running over the transport in use. The message size SHOULD NOT exceed the DTLS maximum record size limitation of 2^14 bytes. Why is this "SHOULD NOT" and not a "MUST NOT"? The quoted requirement from [RFC4347] doesn't seem to give any excuses. |
2010-05-09
|
06 | Alexey Melnikov | [Ballot Position Update] New position, Yes, has been recorded by Alexey Melnikov |
2010-05-09
|
06 | Alexey Melnikov | Created "Approve" ballot |
2010-05-04
|
06 | Cindy Morgan | Last call sent |
2010-05-04
|
06 | Cindy Morgan | State Changes to In Last Call from Last Call Requested by Cindy Morgan |
2010-05-04
|
06 | Sean Turner | Last Call was requested by Sean Turner |
2010-05-04
|
06 | (System) | Ballot writeup text was added |
2010-05-04
|
06 | (System) | Last call text was added |
2010-05-04
|
06 | (System) | Ballot approval text was added |
2010-05-04
|
06 | Sean Turner | (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the … (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? Chris Lonvick I have personally reviewed this version of the document. I believe that this version is ready for publication. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document has been reviewed by the Working Group and by people outside of the Working Group. The notable reviewers are listed in the Acknowledgements section (Section 10) of the ID. Special mention should be given to Juergen Schoenwaelder, Anton Okmianski and Richard Graveman. The authors were very proactive in addressing the issues raised, especially Joe Salowy, Tom Petch and Rainer Gerhards. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? I recommend this document be reviewed by the OPS area directorate, especially for consistency with other NM protocols over DTLS, such as snmp/dtls. I recommend this document be reviewed by the security directorate, especially for consistency with other certificate and fingerprint processing approaches, and mandatory-to-implement ciphersuites. Several issues were brought up when the WG was producing RFCs 5425 and 5426 [syslog/tls and syslog/udp respectively]. Text was inserted in those documents to address those issues. Since many of the same issues are present in this specification, notably security and transport issues, text was often copied from those documents into this one, or references to specific sections of those documents is noted. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. An IPR declaration has been filed against this ID. Since it is by the same company that filed a disclose against the syslog/tls ID [now RFC5425], it may be the same idea. The Working Group held lengthy discussions around the disclosure filed against RFC5425 when it was an ID. The Working Group was notified about this filing but no discussion ensued on the mailing list. I expect that the Working Group gained an understanding of the process during the prior discussion and no longer needs to discuss it. Here is the pointer to the IPR declaration: https://datatracker.ietf.org/ipr/1271/ (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? This work is an additional transport for syslog, to supplement UDP and TLS. The Working Group as a whole has been quiet. The most active members of the WG understand the need for the additional transport and support moving this document forward. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) No appeals have been threatened. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See the Internet-Drafts Checklist and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? Yes. The document was generated using xml2rfc, has passed automated checking using idnits, and passed a manual check by the shepherd. The document does not define a MIB module, media type, or URI. The RFC Editor needs to update the Section 6b Trust Provisions License Notice which is a current common xml2rfc problem. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The references are split and all referenced documents are RFCs in good standing. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? The IANA section exists, and appropriately requests a port number. It requests the reuse of the syslog/tls port number. It does not create a new registry or extend any registry. This document does not define a new VERSION or any SDEs, so does not require expert review for syslog parameters. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? The ABNF was validated using "Bill's ABNF Parser". bap suggests using other values for some elements but I suggest that these remain as they are to be consistent with the other RFCs in this series: RFCs 5424, 5425 and 5426. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction. This document describes the transport of syslog messages over DTLS (Datagram Transport Level Security). It provides a secure transport for syslog messages in cases where a connection-less transport is desired. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? No. This document is the synthesis of two proposals made to the WG. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? There are no known implementations of this protocol at this time. |
2010-05-04
|
06 | Sean Turner | Draft Added by Sean Turner in state Last Call Requested |
2010-05-04
|
06 | Sean Turner | [Note]: 'Chris Lonvick (clonvick@cisco.com) is the document shepherd.' added by Sean Turner |
2010-05-04
|
05 | (System) | New version available: draft-ietf-syslog-dtls-05.txt |
2010-03-23
|
04 | (System) | New version available: draft-ietf-syslog-dtls-04.txt |
2010-03-08
|
03 | (System) | New version available: draft-ietf-syslog-dtls-03.txt |
2010-03-05
|
02 | (System) | New version available: draft-ietf-syslog-dtls-02.txt |
2010-02-27
|
(System) | Posted related IPR disclosure: HUAWEI TECHNOLOGIES CO.,LTD's Statement about IPR related to RFC 5425 and draft-ietf-syslog-dtls-01 | |
2010-02-04
|
01 | (System) | New version available: draft-ietf-syslog-dtls-01.txt |
2009-10-14
|
00 | (System) | New version available: draft-ietf-syslog-dtls-00.txt |