Miao Fuyou
Wed, 03 Oct 2007 11:09:45 -0700
Hi all, Sorry for not dicussion syslog/tls document for some time. This is to trying to start the discusion to progress the draft. Basically the open issue is still about certificate and authentication. It is also closely relevant to trust anchor, cipher suite and deployability. I try to classify the different security environment and give a simple analysis with the information from AD, chairs and Joe. Security sensitive environment: The server and the client are both configured with certiifcates. The trust anchors must be configured for both server and client, so the client and server can validate the certificate to a common trust anchor. It is not easy to deploy because there are a lot of work for certificate and trust anchor configuration. This configuration could defense all the threats identifed. Environment where active attack is concern: The server is configured with certificate, but the client is not to be required to be configured with a certificate. The client can generate a selt-signed certificate by itself. However, the client must be configured with trust anchor, so it can validate the server certificate is trustable. This configuration is still difficult for deployment because there are a lot of configuration work to be done. This confguration could defense active attack, but is vulnerable to client spoof. Security insensitive environment: Both the client and server are not required to be configured with certificate and trust anchor. They generate self-signed certificates. It is very easy for deployment because almost there is no configuration required. Note this configuration is vulnerable to active attack. Which configuration should be mandatory? I seems we need not a mandatory configuration from the PoV of implementation, right? However, we do need to mandate the implementation (both client and server) to support certificate configuration, trust anchor configuration, and self-signed certificate. We will need to specify a cipher suite (probably RSA-AES-CBC) for inter-operatability, but probably we don't need to specify different cipher suites for 3 various ssenarios because all the scenarios above requires certificate for key pair generation. Regards, Miao _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog