Some quotes of several messages (reformated)
> Look at e.g. Albert's implementation of -sign. As suggested, he is
> using the actual timestamp to generate the reboot session ID. I
> intend to do it in a similar way in my code.
> In the context of -sign, this is NO issue at all,[...] However, in
> the light of -international, things are quite different.
This line is important.
It means (to me:)
-sign is about security
-international is about functionality, NOT about security!
> -international should run over all transports, we must assume plain
> UDP when it comes to security issues (an attacker would always use
> the easiest target).
That is wrong. -international isn't (about) security. When security is
needed, -international should be used over a secure transport
"layer". Like -sign, -reliable, of even a non-standard transport.
All -international should do about security is:
a) make sure it can be used over a "secure syslog transport"
b) make sure no (new) insecure features are introduced.
So, a "counter to increase security", but not needed is useless, and
can be counter productive.
As I understand -international it needs a kind of "super messages
(longer that fit in a transport syslog message). I'm not aware of
details, but ...
Please just specify how to fit "long messages" in serveral transport
packages. (That is done before: "fragmenting", maybe reuse that
knowledge:-) And asume the tarnsport layer works (most of the time).
Then, it will be simple and working. even for UDP-syslog. Make sure
the algorithm doens't break when a UDP message is lost, but live with
the lost-data! If a system(admin) can't live with it, he will use
syslog-reliable as transport anyhow!
When the system/network is small, and logging not top-priority UDP
syslog will be fine.
For small networks, UDP is fine: Just set-up a centrall (UDP)
collector, and add host (physically) at will. As long they use a UDP
syslog (traditional, rfc3164, -sign, -international, -fragmented, ...)
all log can be read. And "complex" fragmented messages are still
reasble, without tools!
(<<See this as ... (1/2)>> <<... an example(2/2)>>)
> The important thing is that I think the reboot ID - as you describe it -
> works for -sign. I was arguing that it does NOT provide reply attack for
> -international
You correct, it will NEVER work for -international, I think. And It
should!
> So these are the two issues:
There are a lot more, if -international doesn't use -sign or -reliable
as "transport" Just don't fix them:-)
Note:
Maybe we should make a syslog-fragment (or syslog-long) RFC, which
describes how to send "long (MSG/CONTENT)", by fragmenting. And
provides ("to above") the functionality to send unlimmited long
messages over another syslog-transport.
Then -international can use that one to add localization, i18n, or
whatever.
However, then it shoud be possible to use those long messages for
other features to?
Just an idea.
--ALbert Mietus
Send prive mail to: [EMAIL PROTECTED]
Send business mail to: [EMAIL PROTECTED]
Don't send spam mail!
