Hi Everyone, This is the first message to the new archive. Pasted below is the proposed charter for this IETF Working Group. I'm going to bounce the messages that I've acquired over to this new archive. Thanks, Chris =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Security Issues in Network Event Logging (syslog) Chair(s): Chris M. Lonvick <[EMAIL PROTECTED]> Security Area Director(s): Jeffrey Schiller <[EMAIL PROTECTED]> Marcus Leech <[EMAIL PROTECTED]> Security Area Advisor: Jeffrey Schiller <[EMAIL PROTECTED]> Marcus Leech <[EMAIL PROTECTED]> Mailing Lists: General Discussion: [EMAIL PROTECTED] Moving to: [EMAIL PROTECTED] To Subscribe: [EMAIL PROTECTED] Moving to: [EMAIL PROTECTED] Archive: http://njlug.rutgers.edu/projects/syslog Moving to: http://www.mail-archive.com/syslog-sec%40employees.org Description of Working Group: Syslog is a de-facto standard for logging system events. However, the protocol component of this event logging system has not been formerly documented. While the protocol has been very useful and scaleable, it has some known but undocumented security problems. For instance, the messages are unauthenticated and there is no mechanism to provide verified delivery and message integrity. The goal of this working group is to document and address the security and integrity problems of the existing Syslog mechanism. In order to accomplish this task we will document the existing protocol. The working group will also explore and develop a standard to address the security problems. Beyond documenting the syslog protocol and its problems, the working group will work on ways to secure the syslog protocol. At a minimum providing authenticity, integrity and confidentiality of syslog messages as they traverse the network. The belief being that we can provide mechanisms that can be utilized in existing programs with little or no modification while providing significant security enhancement. Goals and Milestones: May 2000 Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as an Informational Document. Jun 2000 Publish Syslog protocol document as INFORMATIONAL RFC. Jul 2000 Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC. Aug 2000 Publish Syslog Authentication Protocol as PROPOSED STANDARD. Sep 2000 Post an Internet Draft describing enhancements to the syslog authentication protocol to add verification of delivery and other security services. Oct 2000 Publish Syslog Authentication Protocol Enhancement as PROPOSED STANDARD. Dec 2000 Revise drafts as necessary and advance these Internet Drafts to Standards Track RFCs.
