--On Wednesday, November 01, 2000 8:29 PM -0500 John Kelsey
<[EMAIL PROTECTED]> wrote:
> I think the goal here is to be able to place messages that
> were sent to different servers in sequence, during offline
> analysis. This might be really important, for example, if
> the same event wound up causing messages to be sent to two
> different servers, and you were trying to reconstruct the
> precise sequence of events. Why would we care whether an
> attacker knew how many messages were sent to other systems?
> I mean, how worried can we be about an attacker gaining this
> kind of subtle information from eavesdropped syslog
> messages, when we're sending the whole messages over the
> network in the clear?
If I want to know message sequencing, I'll log them all to the same box. I
suppose someone might want to know message sequencing between boxen, but
that forces 2 counters, and I don't know that the incremental benefit is
worth it. I'm not violently against it, but I see no reason to provide a
solution to what is inherantly a "Doctor it hurts when I do this! Then
don't do it!" kind of problem.
--
Carson Gaspar - [EMAIL PROTECTED]
Queen trapped in a butch body
