This is Update A of our issues with syslog-sign-13. http://www.employees.org/~lonvick/issues-13-a.txt Open Issues (editing needs to be done in -13 as we resolve these) Issue 13-1 : Examples (Deferred) Issue 13-2 : TAG Field Definition Issue 13-3 : Calculating Hashes and Signatures Issue 13-4 : Non-US-ASCII Characters in MSG - RESOLVED Resolved Issues from -12 Issue 3: IANA Considerations for undefined PRI values Issue 4: Index into Payload in Cert Block Issue 5: First Message Number Issue 6: Fragment Length Issue 7: TPBL Length Issue 8: Length of syslog messages Issue 9: Missing Text in Section 7.5 --vv----previously----vv-- Issues from syslog-sign-12 http://www.employees.org/~lonvick/issues-c.txt ======================================================================= Issue 13-1 : Examples http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.html#Examples From Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01221.html Albert has an example available. I'll suggest that we resolve each of the other issues and then make sure that the example given is consistent with the consensus of the group at that time. STATUS: To be resolved after the other issues. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 13-2 : TAG Field Definition http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.html#HEADER From Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01315.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01316.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01317.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01318.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01319.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01320.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01321.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01322.html Albert has proposed the following text (with modifications by Rainer): """ The TAG is a string of visible (printing) characters excluding SP, that MUST NOT exceed 64 characters in length. The first occurrence of a SP (space) will terminate the TAG field, but is not part of it. It is RECOMMENDED to terminate the TAG with a colon (':'), which if used, is part of the TAG. The TAG is used to denote the sender of the message. And is RECOMMENDED to have the following syntax: TAG = full-stat-id [full-dyn-id] (':' / SP) full-stat-id = [path] progname full-dyn-id = '[' proc-id [thread-part] ']' path = path-part 1*(path-sep [path]) path-part = 1*VISUAL path-sep = '/' / '\' progname = 1*VISUAL proc-id = 1*ALFANUM ; recommended: number thread-part = thread-sep thread-id thread-sep = VISUAL ; recommended: ",", or ':', or '.' thread-id = 1*ALFANUM ; recommended: number VISUAL = ([a-zA-Z0-9...], excusing '[' SP = %d32 The PROGNAME part is special, as it is frequently used by relays to determine the routing of a message. As a note to implementors: it can be found by getting the visual part before the first occurrence of '[', and after the last '\' or '/' part of that segment. An example of a TAG is: (without the quotes) "/path/to/PROGNAME[123,456]:" Systems that use both process-ID's and thead-IDs, SHOULD fill both the proc-id and the thread-part. For other systems it is RECOMMENDED to use the proc-id only. Receivers SHOULD, to be consistent with the format described in RFC3164, accept TAGs that terminate with a single colon, without a space following it. Then the colon is both the last character of that TAG, and the field separator with the next field (MSG). """ STATUS: This proposal has been received and is being considered. Previously from the Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01269.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01270.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01224.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01234.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01222.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 13-3 : Calculating Hashes and Signatures Albert has raised some concerns about the clarity of the language used to describe the way hashes and signatures are calculated. From the Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01314.html Alberts' proposal: """ Calculating Hashes and Signatures Before a Signature or Certificate Block can be send, some cryptographic calculations needs to be done. Elsewhere in this document is specified which algorithms need to be used, and where to place the result. This section specifies the data used as input for those calculations For each device-message (not for relayed messages), a hash SHOULD be calculated. It is REQUIRED to use the complete message including PRI, HEADER and MSG parts as input for the hashing. Those hashes are transited, later, in a Signature Block. Both, the Signature Block and the Certificate Block contain a digital signature. Those signatures SHOULD be calculated over the HASH of the partially composed message. It is REQUIRED to calculate the HASH of all parts and all fields of the composing message, but the signature-field. Also, the separating space(s) direct before the signature-field NOT SHOULD be part of this calculation. After calculating the HASH and the SIGNATURE, a space and the SIGNATURE should appemded to the message. It is RECOMMENDED to send this message directly, as the timestamp will age. """ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 13-4 : Non-US-ASCII Characters in MSG - RESOLVED Rainer has pointed out the RFC 3164 states that non-US-ASCII characters have been seen in syslog messages but that is inconsistent with the current draft of syslog-sign. From the Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01258.html Rainer has looked at a lot of existing code and found that many implementations will accept non-US-ASCII characters so we should modify syslog-sign to agree with that fact. Are there any objections to this? =======================================================================