LAST CALL for BOF agenda timeslots

[by way of "Chris M. Lonvick" <[EMAIL PROTECTED]>]

By the end of today (Wed. Nov. 3) I must have all requests for timeslots at
the IETF Birds-Of-a-Feather (BOF) meeting to take place at the 46th IETF
conference, at the Omni Shoreham Hotel in Washington, DC, 7-12 November
1999.    The published agenda is below -- note some small modifications
from the published agenda.   We may modify details further -- please
contact me with concerns and suggestions.


All interested participants can contribute comments and proposals to this
list, which will remain active through the BOF and until any continuing
working group provides a replacement.  Results of the BOF will be posted
here as available.

Thanks again for your interest and participation --

Alex Brown <[EMAIL PROTECTED]> +1 508 323 2283


SYSLOG - Security Issues in Network Event Logging BOF


Security Issues in Network Event Logging BOF (syslog)

Wednesday, November 10 at 1530-1730
===================================

CHAIR: Alex Brown <[EMAIL PROTECTED]>
SECRETARY:  "Chris M. Lonvick" <[EMAIL PROTECTED]>


DESCRIPTION:

Syslog is a defacto standard for network logging of system and network
events, but it has never been treated as such by IETF. This WG would
briefly describe existing BSD syslog in an informational RFC and
proceed to recommend several levels of security mechanisms that could
be applied to syslog daemon and client operation to meet various kinds
and levels of threat. The WG would also discuss replacement of syslog
with network logging systems that are (a) designed, and (b) designed
to meet specific security threats with cryptographically strong
protocols.

AGENDA:

UNIX syslog as de facto network event logging standard
UNIX syslog origin as BSD local system event logging mechanism
Extension to network logging by assignment of UDP port 514
Lack of recorded standard style documentation of syslog
History of security defects in design and implementation
Security analysis: local vs network threat model; low, medium, high
risk environments

  Proposals and related work
    TCP/IP based syslog replacements
    "Universal Logging Messages (ULM)" <draft-abela-ulm-05.txt>
    Schneier (http://www.counterpane.com/secure-logs.html)
    Reed and Assange (http://cheops.anu.edu.au/~avalon/nsyslog.html)
    Arce (http://www.core-sdi.com/ssyslog)
    3Com: simple filtering and authentication methods
    Calabrese:  XML transport encoding of ULM data model
    XML digital signatures (xmldsig)
    Alternatives to XML transport encoding
  Needed work
    Syslog description RFC (finally)
    Security recommendations for existing syslog
    Secure replacement for syslog
  Discuss IETF approach: New WG? Activity within existing WG?
  BOF outcome:
    WG formation?
    BOF records published?