On Tue, 19 Oct 1999 13:17:51 -0400, Chris Calabrese wrote:
[snip]
>(SSL/TLS and the security stuff in IPv6 come to mind), etc.
definately
>Log Authenticity, Reliability, Immutability, Privacy, and other meaty
>security issues:
>
[snip]
[reorder]
> * Logs have reliable timestamps. This implies either that machines
> must keep their times synchronized (NTP, etc.), or that the logs
> record the time differences between machines in some way
> (explicitly or by having a local timestamp for each machine each
> log entry passes through).
Time stamps are a function of the host. In a single machine
environment reliable is a function that increments continuiously
and rythmically. Synchronization is only relivant in a networked
environment and even then, the network may not be the best source
of synchronization data.
> * In machine-to-machine log transfers, both the source and
> destination logging processes (not just the machines) must be
> authenticated to each other using mechanisms such as digital
> signatures or challenge-response. Additionally, the recipient will
> only accept logs from authorized systems and will identify the
> source machine in the logs.
> * The system must be able to guarantee that logs are never "lost in
> the ether" (but it should optionally be able to drop the guarantee
> based on facility/level).
[snip]
> * The protocols must be simple enough to build support into
> firewalls. For example, simple one-port TCP connections in one
> direction only.
I don't think a one way protocol will be compatable with the previous two criteria.
[EMAIL PROTECTED]
