Snapshot report from IETF
The Syslog BOF took place yesterday 1530-1730 10 Nov 99 as scheduled,
with agenda below. Complete minutes will be made available by Chris
Lonvick <[EMAIL PROTECTED]>, who served as BOF secretary. Discussion
on expanding scope beyond description of UNIX syslog and BCP
recommendations was generally negative, although it was recognized as
an open problem area. Outcome of BOF (WG status question) is TBD by
IESG.
The rough drafts, agenda, and proposed charter were not properly
linked into the IETF46 web pages for some unknown reason and as a
result were temporarily placed at the following location until this
problem can be resolved:
ftp://msg.ne.mediaone.net/pub
This will remain open until the email list and its web gateway are
hosted more permanently.
Alex Brown <[EMAIL PROTECTED]>
BOF Chair
--agenda text follows this line--
Security Issues in Network Event Logging BOF (syslog)
CHAIR: Alex Brown <abrown @3com-ne.com>
SEC: Chris Lonvik <[EMAIL PROTECTED]>
Presenting:
Wednesday, November 10 1530-1730
(5 min)
Brown: Introductions, process, scope, and background of discussion
Logging process and threat model overview
(15 min)
Lonvik: Existing syslog: security and other problems, history
Experience with custom replacement
Replacement protocol requirements
(30 min)
Darren Reed <[EMAIL PROTECTED]>
Schneier and Kelsey papers on secure audit logs
Implementing secure audit logs: nsyslog
Other approaches to secure logging
(10 min)
Brown: Requirements for embedded device security
Migration path from existing syslog
Strategies for securing syslog:
- improved practice
- basic enhancements to syslogd
- cryptographic enhancements to clients and syslogd
(15 min)
Report on discussion to date:
- Distinction between network transport encoding and logfile
presentation encoding
- XML transport encoding (cf. unalog)
- XML digital signature as a potential authentication wrapper
- Alternative transport encodings (draft-abela-ulm-05.txt, TLV)
(10 min)
Ed Simon, XML Digital Signature WG:
Presentation and demonstration of XML Digital Signature encoding
Open discussion
Resolution of BOF outcome: TBD
--charter text follows this line--
Draft Working Group Charter
Working Group Name:
Network event log security (syslog)
IETF Area:
Security
Chair(s):
Chris Lonvick <[EMAIL PROTECTED]>
Alex Brown <[EMAIL PROTECTED]>
Security Area Director(s):
Jeffrey Schiller
Marcus Leech
Responsible Area Director:
Jeffrey Schiller
Mailing Lists:
General Discussion: [EMAIL PROTECTED]
To Subscribe: [EMAIL PROTECTED]
Archive: http://ftp.3com-ne.com/pub/syslog-sec,
http://njlug.rutgers.edu/projects/syslog
Description of Working Group:
Syslog is a defacto standard for network logging of system and
network events, but it has never been treated as such by IETF.
This WG would briefly describe existing BSD UNIX syslog in an
informational RFC, and in a separate Best Common Practice RFC
recommend several levels of security mechanisms that could be
applied to syslog daemon and client operation to meet various
kinds and levels of threat.
Goals and Milestones:
Nov 99 Issue first informational Internet-Draft on syslog
Dec 99 Issue first Best Common Practice Internet-Draft on syslog
May 00 Submit IDs to IESG for publication as RFCs
