This is Update B of our issues. http://www.employees.org/~lonvick/issues-b.txt --vv----previously----vv-- This is Update A of our issues. http://www.employees.org/~lonvick/issues-a.txt --vv----previously----vv-- Hi Folks, We've had some issues raised in the past few weeks about syslog-sign-12. I believe that I've cataloged them here: http://www.employees.org/~lonvick/issues.txt but please send a note to the mailing list if I've missed any, or if there are any additional ones. Let's get some consensus on these so that John and Jon may update the ID and we can move it along. :-) I've moved the syslog-sign ID into html via the xml2rfc program. http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.html and I'm going to put each of these issues into a separate email - with appropriate Subject line. Please respond to these emails with your thoughts. Thanks, Chris ======================================================================= Issue 1: Examples http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.html#Examples From Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01221.html Albert has an example available. I'll suggest that we resolve each of the other issues and then make sure that the example given is consistent with the consensus of the group at that time. STATUS: To be resolved after the other issues. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 2: TAG Field Definition http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.html#HEADER From Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01315.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01316.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01317.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01318.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01319.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01320.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01321.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01322.html Albert has proposed the following text (with modifications by Rainer): """ The TAG is a string of visible (printing) characters excluding SP, that MUST NOT exceed 64 characters in length. The first occurrence of a SP (space) will terminate the TAG field, but is not part of it. It is RECOMMENDED to terminate the TAG with a colon (':'), which if used, is part of the TAG. The TAG is used to denote the sender of the message. And is RECOMMENDED to have the following syntax: TAG = full-stat-id [full-dyn-id] (':' / SP) full-stat-id = [path] progname full-dyn-id = '[' proc-id [thread-part] ']' path = path-part 1*(path-sep [path]) path-part = 1*VISUAL path-sep = '/' / '\' progname = 1*VISUAL proc-id = 1*ALFANUM ; recommended: number thread-part = thread-sep thread-id thread-sep = VISUAL ; recommended: ",", or ':', or '.' thread-id = 1*ALFANUM ; recommended: number VISUAL = ([a-zA-Z0-9...], excusing '[' SP = %d32 The PROGNAME part is special, as it is frequently used by relays to determine the routing of a message. As a note to implementors: it can be found by getting the visual part before the first occurrence of '[', and after the last '\' or '/' part of that segment. An example of a TAG is: (without the quotes) "/path/to/PROGNAME[123,456]:" Systems that use both process-ID's and thead-IDs, SHOULD fill both the proc-id and the thread-part. For other systems it is RECOMMENDED to use the proc-id only. Receivers SHOULD, to be consistent with the format described in RFC3164, accept TAGs that terminate with a single colon, without a space following it. Then the colon is both the last character of that TAG, and the field separator with the next field (MSG). """ STATUS: This proposal has been received and is being considered. Previously from the Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01269.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01270.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01224.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01234.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01222.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 3: IANA Considerations for undefined PRI values - RESOLVED http://www.mail-archive.com/syslog-sec%40employees.org/msg01241.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 4: Index into Payload in Cert Block - RESOLVED http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.html#index From Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01228.html Some people agreed to use the ordinal value of "1" as the first counter. This is in agreement with Issue 5. http://www.mail-archive.com/syslog-sec%40employees.org/msg01228.html STATUS: Re-Resolved. We will use "1" as the starting value. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 5: First Message Number - RESOLVED http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.html#firstmsg From Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01228.html From the Archive (see point 4) http://www.mail-archive.com/syslog-sec%40employees.org/msg01265.html More from the Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01280.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01283.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01287.html STATUS: Resolved. We will use "1" as the starting value. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 6: Fragment Length http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.html#fraglen From Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01229.html Albert suggests changing the value from "1-4 characters" to "1-3" since the payload of a syslog Certificate Block will be less than 999 characters -taking out the length of the PRI, TIMESTAMP and HOSTNAME. Anyone have any problems with this? STATUS: Deferred until we resolve Issue 8 From the Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01246.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 7: TPBL Length - RESOLVED http://www.mail-archive.com/syslog-sec%40employees.org/msg01273.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 8: Length of syslog messages - RESOLVED http://www.mail-archive.com/syslog-sec%40employees.org/msg01275.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01279.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01284.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 9: Missing Text in Section 7.5 - RESOLVED http://www.mail-archive.com/syslog-sec%40employees.org/msg01296.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01302.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01304.html http://www.mail-archive.com/syslog-sec%40employees.org/msg01305.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Issue 10: Calculating Hashes and Signatures Albert has raised some concerns about the clarity of the language used to describe the way hashes and signatures are calculated. From the Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01314.html Alberts' proposal: """ Calculating Hashes and Signatures Before a Signature or Certificate Block can be send, some cryptographic calculations needs to be done. Elsewhere in this document is specified which algorithms need to be used, and where to place the result. This section specifies the data used as input for those calculations For each device-message (not for relayed messages), a hash SHOULD be calculated. It is REQUIRED to use the complete message including PRI, HEADER and MSG parts as input for the hashing. Those hashes are transited, later, in a Signature Block. Both, the Signature Block and the Certificate Block contain a digital signature. Those signatures SHOULD be calculated over the HASH of the partially composed message. It is REQUIRED to calculate the HASH of all parts and all fields of the composing message, but the signature-field. Also, the separating space(s) direct before the signature-field NOT SHOULD be part of this calculation. After calculating the HASH and the SIGNATURE, a space and the SIGNATURE should appemded to the message. It is RECOMMENDED to send this message directly, as the timestamp will age. """ =======================================================================