Hi Sam,
I also have a concern that we may try to craft an answer that provides
good security but that won't actually be deployed. As an analogy, snmp
has similar characteristics to syslog. usm has good security properties
but has not been widely deployed. isms is trying to redress that and is
also getting bogged down in transport issues.
RFC 3562 (Key Management Considerations for the TCP MD5 Signature Option)
indicates that shared secrets don't get deployed unless there is a real
threat. Even then, it takes a lot of effort to maintain those credentials
across a very large network. Utilizing X.509 credentials has much better
security properties but are the operations groups of large networks going
to be willing to implement that?
I would like to hear more discussion from developers, operators and
network managers before we draw conclusions.
Thanks,
Chris
On Wed, 11 Jan 2006, Sam Hartman wrote:
I'm concerned that your analysis seems to be based on what is easy to
implement.
We also need to do the analysis of what security is actually required
by syslog deployments.
If the ansers are different, we'll have to deal with that.
But e are in a different situation if we decide to do something
because we don't know how to do better than if we meet what we believe
the security requirements are.
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog