Hi Balazs,
Thanks for your input, however you're getting a bit ahead of the plan. :-)
The first thing to do is to document the existing syslog protocol and any
security vulnerabilities that may be in it. This was fairly well pounded
out at the Adelaide BoF and in making the Charter.
I've put together part of that ID and sent it around a few weeks ago.
I have passed the writing token to the other author and hope to have
a more complete draft soon. The other author is understandably
overwhelmed with some other tasks. I would appreciate everyone's
comments on the parts that I have completed which includes a review of
the security vulnerabilities. You may take a look at that here:
http://www.employees.org/~lonvick/draft.txt
For those of you who have recently joined the list, I have put together
a web page for the Working Group. It can be found here:
http://www.employees.org/~lonvick/index.shtml
After we get that first ID nailed down with a list of security issues
that need to be addressed, then we can move on to the next two projects.
Alex Brown has been thinking about the first of these, which is to add
authentication, since before he chaired the DC BoF. I believe that he
has something to submit for this, but again we shouldn't start discussing
that until we can get consensus on the perceived deficiencies of the
current syslog implementation.
Your ideas do look to meet some of the requirements for the last
deliverable - authenticated messages with verifiable delivery. We were
asked by the Chairs of the Intrusion Detection Working Group (IDWG) to
first see if their proposal for an IDS alarm transport would work for
an event message transport. I have not looked over their most recent
proposal since we have not reached agreement on the first ID. If you
and the other people on the mailing list would care to look that over,
it may save us some time as we reach that point. The Chairs of the
IDWG said that they will take input from this WG if there are some
modifications that may be needed so that this protocol can work for
both of our efforts. You can see their proposals here:
http://www.ietf.org/html.charters/idwg-charter.html
and their archive here:
http://www.semper.org/idwg-public/
Since I see that many people have joined the mailing list since I sent
out the last note, I would ask again that people look over the parts of
the draft that I have completed. If we feel that we have reached
enough consensus on the "Security Considerations" section, then I will
encourage discussions on the next two parts of our charter. (..and I
think that's what people really want to get to.) I cannot derive
approval from silence on that first draft so please send your comments
in to the list.
Many thanks,
Chris
At 08:10 PM 6/8/00 +0200, Balazs Scheidler wrote:
>Hi,
>
>I've got some random thoughts about the secured syslog protocol, and to
>start the discussion I include it below:
---remainder deleted for brevity---
