[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-opsec-logging-caps-03
----- Original Message -----
From: "Ron Bonica" <rbonica@juniper.net>
To: <opsec@ops.ietf.org>
Sent: Thursday, June 28, 2007 10:55 PM
Subject: draft-ietf-opsec-logging-caps-03
> Folks,
>
> The following are a few comments from AD review:
>
> - In Section 2.16, all sensitive configuration information needs to be
> protected. This includes thinks like cryptographic keys as well as
> passwords.
>
> - Do we need another requirement that says that it should be difficult,
> if not impossible, to alter the local copy of a log?
>
> - How should the system behave if some components spews 1,000,000
> instances of the same log message in a 5 second period?
>
> - How should the system behave if some component spews 1,000,000
> different messages in a 5 second period.
>
> - How should the system behave when all of the space for local logging
> is exhausted. Drop oldest messages? Tail drop?
>
> - We will probably have to decide if this doc is BCP or INFO.
>
I think that anything that references RFC3164 and RFC3195 should be no more than
INFO.
syslog-protocol has been last called and is being tweaked before being
resubmitted; syslog-tls is not far behind. These are based on a better
understanding of what is out there (not BSDsyslog as in RFC3164, TLS for
security not BEEP) - as opposed to proposing a revolution - and so should be the
basis for any BCP.
Tom Petch
Ron
>