David Harrington wrote:
Hi Darren,
[posting as a contributor]
I don't know GSSAPI or SASL well enough to evaluate their
approriateness for securing syslog.
Are you willing to write one or two drafts proposing these as possible
solutions so the WG can evaluate them as alternatives?
[posting as
David Harrington
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 22, 2006 6:14 AM
> To: Miao Fuyou
> Cc: 'David Harrington'; 'Rainer Gerhards'; [EMAIL P
rington'; 'Rainer Gerhards'; [EMAIL PROTECTED]
> Subject: RE: [Syslog] Secure transport alternatives
>
>
> Hi,
>
> IMO, most current security protocols(TLS, DTLS, SSH, IPsec)
> provide similiar
> security service for application, such as confidentiality, i
TED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, June 22, 2006 6:14 AM
> > To: Miao Fuyou
> > Cc: 'David Harrington'; 'Rainer Gerhards&
rom: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 22, 2006 6:14 AM
> To: Miao Fuyou
> Cc: 'David Harrington'; 'Rainer Gerhards'; [EMAIL PROTECTED]
> Subject: Re: [Syslog] Secure transport alternatives
>
> Miao Fuyou wrote:
> > rea
[EMAIL PROTECTED]
> Subject: RE: [Syslog] Secure transport alternatives
>
> Tom,
>
> I have to admit I have overlooked this item. I agree that we
> (especially
> me) were very TLS-minded. My memories tell me we
> intentionally left the
> door open for other transports, but
; To: Rainer Gerhards; David Harrington; [EMAIL PROTECTED]
> Subject: Re: [Syslog] Secure transport alternatives
>
> Rainer
>
> Looking at the outstanding milestones, I see
>
> Nov 2006Submit Syslog UDP Transport Mapping to the IESG
> for consideration as
> a PROPOS
;[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, June 22, 2006 10:48 AM
Subject: RE: [Syslog] Secure transport alternatives
Tom,
> But, in all seriousness, changing from TLS to anything is a
> charter change that
> I think needs the approval of the IESG, and should require
&g
Miao Fuyou wrote:
real "general" security mechanisms(except IPsec, but it is not
application-friendly). So, IMHO the primary criteria for selection is: is it
convenient for the application to invoke the security service provided by
the security protocol?
That to me sounds like GSSAPI or SASL.
Tom,
> But, in all seriousness, changing from TLS to anything is a
> charter change that
> I think needs the approval of the IESG, and should require
> commitment, similar
> to that given at the turn of the year, to produce conformant products.
I do not agree here. We have deliberately not used
David
You will know, and the archives show, that I spent much time in 2005 arguing for
SSH as the transport for isms and, happily, the WG agreed. The archives also
show that my efforts in syslog were to no avail and the WG overwhelmingly chose
TLS. The argument in favour was the marketing one -
ursday, June 22, 2006 7:49 AM
> To: 'David Harrington'; Rainer Gerhards; [EMAIL PROTECTED]
> Subject: RE: [Syslog] Secure transport alternatives
>
>
> Hi,
>
> IMO, most current security protocols(TLS, DTLS, SSH, IPsec)
> provide similiar
> security service
Hi,
IMO, most current security protocols(TLS, DTLS, SSH, IPsec) provide similiar
security service for application, such as confidentiality, integrity,
anti-replay and peer identity authentication. In the same time, most of the
applications share similiar security threats, such as hijacking, MITM
13 matches
Mail list logo