<inline> Tom Petch ----- Original Message ----- From: "Harald Tveit Alvestrand" <harald@xxxxxxxxxxxxx> To: "David W. Hankins" <David_Hankins@xxxxxxx>; <ietf@xxxxxxxx> Sent: Sunday, February 04, 2007 9:43 PM Subject: Re: draft-ietf-syslog-protocol: "Reliable delivery considered harmful." > Daring to rush in without having read the documents.... > > it seems to me that somewhere one needs a NOTE, something along the lines > of: > > NOTE: In some situations, for instance when a destination disk is full or > damaged, a syslog facility may be unable to process all messages, despite > the message transport being reliable. In such a case, it is reasonable for > the logger of a message to have the option of either not logging more > messages or ceasing its own operation. This document does not specify which > option to take. > > Or words to that effect. > > Harald > Harald It might be worth reading the I-D:-) I am not clear which piece of text in the I-D provoked the original comment. I do not see the I-D recommending reliable transport, with all the problems that have been identified with that. Rather, under security, the I-D points out that with an unreliable transport, losing critical messages may adversely impact operation. It then goes on to say " It may be desirable to use a transport with guaranteed delivery to mitigate congestion. It may also be desirable to include rate-limiting features in syslog senders. This can reduce potential congestion problems when message bursts happen." I find it hard to square this with the original statement that 'draft-ietf-syslog-protocol-19.txt recommends using a reliable protocol' If we were to put in a comment about reliable transports introducing problems with blocking, then I think that that should be in an I-D which specifies a reliable transport, eg the soon to be completed one on TLS (there are no plans for one with TCP). Tom Petch > > --On 2. februar 2007 09:59 -0800 "David W. Hankins" <David_Hankins@xxxxxxx> > wrote: > > > On Fri, Feb 02, 2007 at 08:31:49AM +0100, Stephane Bortzmeyer wrote: > >> Wether it is a bug or a feature depends on your requirments. On some > >> high-security environments, people prefer to suspend the service > >> rather than not being able to log it. (Otherwise, an attacker could > >> easily attempt many attacks, fill in the hard disk and then perform > >> the real attack unlogged). > > > > I'd just like to point out that you're choosing one bug over > > another. A DOS in preference to lack of observance of events. > > > > In my opinion, that's a bad selection, but it's your selection to > > make. > > > > That kind of preference, that kind of choice, is a good thing to > > have, but it would be unwise to apply to the general case a > > systematic selection of DOS over observation. > > > > -- > > David W. Hankins "If you don't do it right the first time, > > Software Engineer you'll just have to do it again." > > Internet Systems Consortium, Inc. -- Jack T. Hankins > > > > > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf