On Mon, 2006-01-09 at 09:08 +0100, Rainer Gerhards wrote:
Of course, a threat model should also be developed, but please keep in
mind that anything other than signatures breaks what this WG has fought
for since Vancouver.
syslog-protocol should be finished (I hope we are there soon) as well
I agree with Balazs suggestion and his reasoning.
Rainer
-Original Message-
From: Balazs Scheidler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 10, 2006 10:52 AM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] Charter comments from IESG Review
On Mon,
On Tue, 2006-01-10 at 22:02 +1100, Darren Reed wrote:
On Mon, 2006-01-09 at 09:08 +0100, Rainer Gerhards wrote:
I would say that addressing the security concerns at the transport level
is way easier management and implementation wise than implementing
syslog-sign.
I disagree with the
Hi.
Can you explain what actions on a part of an attacker are prevented in
terms of attacks on message integrity without authenticating the
source of the message?
In general, the security community is very suspicious of mechanisms
that provide integrity without authentication. If you are going
Hi Working Group,
I'll pass this along to those people who have already implemented
syslog/TLS(SSL). Please be specific about why you did this.
Thanks,
Chris
On Tue, 10 Jan 2006, Sam Hartman wrote:
Hi.
Can you explain what actions on a part of an attacker are prevented in
terms of