Transport Layer Security (TLS) Transport Mapping for Syslog
RFC 5425

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    syslog mailing list <syslog@ietf.org>, 
    syslog chair <syslog-chairs@tools.ietf.org>
Subject: Protocol Action: 'TLS Transport Mapping for Syslog' to 
         Proposed Standard 

The IESG has approved the following document:

- 'TLS Transport Mapping for Syslog '
   <draft-ietf-syslog-transport-tls-14.txt> as a Proposed Standard

This document is the product of the Security Issues in Network Event 
Logging Working Group. 

The IESG contact persons are Pasi Eronen and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-14.txt

Technical Summary

   This document describes the use of Transport Layer Security (TLS)
   to provide a secure connection for the transport of syslog
   messages.  This document describes the security threats to Syslog
   and how TLS can be used to counter such threats.

Working Group Summary

   There was controversy around the IPR statement from Huawei from
   this document. The Working Group examined the issue and came to
   consensus that the statement would be accepted.

   There was some controversy around the use of a special character to
   denote the end of the payload, or a counter at the start of the
   payload to indicate the length of the payload. The Working Group
   has consent that a counter is the best mechanism.

   There was also some controversy about the use of a dedicated port
   for this initial version of syslog over TLS. The consensus was that
   a dedicated port should be requested and that there should be no
   indication of version. The consequence of this is that any future
   change to the mapping of syslog over TLS, which is considered very
   unlikely, might require a different port number. This lack of a
   version number in the mapping of the application protocol to a
   transport is consistent in how syslog is mapped to UDP, and is also
   consistent with similar mappings of ISMS and netconf.

   Support for certificate fingerprint matching was added to address
   concerns from the ADs (Sam and Pasi) about deployability in small
   environments without a PKI. Other alternatives for providing "good
   enough" level of security without a PKI were discussed as well.
   
Document Quality

   This protocol has very similar characteristics to implementations
   of syslog over SSL that are available at this time. Members of the
   Working Group have noted that it should be a very small change to
   bring those implementations in line with this specification.

   No vendors have announced that they will utilize this
   protocol. Some vendors have indicated interest in supporting this
   document. A group of university researchers have implemented this
   protocol and found that it is practicable. Another member of the WG
   has indicated that he is currently implementing the protocol as
   well.

Personnel

   Chris Lonvick is the Document Shepherd; Pasi Eronen is the
   Responsible AD.