This is a good step. As one of the authors of the W3C log format, I think it would have been much better to have a discussion of the log features as part of the protocol design. There was no interest and which is why there isn't even a proper spec. Basically, this is like SNMP and MIBs, you want the MIBs to be developed by the groups developing the protocols.
I would however urge that this be presented as an effort to create a schema doe log file entries with bindings to JSON and NDJSON rather than a log file format itself. It is about time that we had a cryptographic log file format that supports modern features such as incremental encryption and authentication. The power of one way sequences has been established by BlockChain. That is not a framing mechanism I would want to use for a log file but it shows the principle. Separating out the protocol specific schema from the framing allows independent development of each. And yes, I do happen to have an implementation of a log file format with cryptographic enhancements. And it can do things like allow rapid location of a specific record range within the log file, etc. Why would you want to encrypt your logs? Well, it is a question of HIPPA and GDPR for some. But more generally, what a service can't read, a service can't breach. If Mallet gets into my cloud, she is going to find it a lot harder to sabotage my systems undetected if she can't read the log files and they are in any case protected using Merkle trees. At that point, all she can really do is to delete large chunks of log but that will leave traces. Given what happened this week, given the serious breaches that will be announced next month, demand for encrypted logs is going to come quickly when it comes. The other reason to encrypt your logs is it provides you with the basis for an encrypted persistence store with ACID properties. But that is all in the future. For the time being, the best plan is to develop one example of a decent log file using the JSON data model. If there is interest in doing a cryptographic format, that would obviously be a separate WG. That would focus on the format itself using HTTP/QUIC as the paradigm from which the general case is developed. On Wed, Dec 16, 2020 at 12:34 PM Martin Duke <[email protected]> wrote: > Hi Robin, > > Congrats on your defense! I hope to watch it soon. > > We had a chat about qlog at the IESG. The consensus there appears to be > that we should plan to move forward in quicwg with both drafts rather than > seek another venue. However, it would be valuable for you to request a > HotRFC slot to encourage the parallel development of qlog-based standards > in other working groups. > > If that's agreeable to you, feel free to proceed. > > Martin >
