A good start, thanks.
-Jeff
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 11/11/99, 3:22:09 PM, Alex S Brown <[EMAIL PROTECTED]> wrote
regarding BOF agenda and report; draft working group charter:
> Snapshot report from IETF
> The Syslog BOF took place yesterday 1530-1730 10 Nov 99 as scheduled,
> with agenda below. Complete minutes will be made available by Chris
> Lonvick <[EMAIL PROTECTED]>, who served as BOF secretary. Discussion
> on expanding scope beyond description of UNIX syslog and BCP
> recommendations was generally negative, although it was recognized as
> an open problem area. Outcome of BOF (WG status question) is TBD by
> IESG.
> The rough drafts, agenda, and proposed charter were not properly
> linked into the IETF46 web pages for some unknown reason and as a
> result were temporarily placed at the following location until this
> problem can be resolved:
> ftp://msg.ne.mediaone.net/pub
> This will remain open until the email list and its web gateway are
> hosted more permanently.
> Alex Brown <[EMAIL PROTECTED]>
> BOF Chair
> --agenda text follows this line--
> Security Issues in Network Event Logging BOF (syslog)
> CHAIR: Alex Brown <abrown @3com-ne.com>
> SEC: Chris Lonvik <[EMAIL PROTECTED]>
> Presenting:
> Wednesday, November 10 1530-1730
> (5 min)
> Brown: Introductions, process, scope, and background of discussion
> Logging process and threat model overview
> (15 min)
> Lonvik: Existing syslog: security and other problems, history
> Experience with custom replacement
> Replacement protocol requirements
> (30 min)
> Darren Reed <[EMAIL PROTECTED]>
> Schneier and Kelsey papers on secure audit logs
> Implementing secure audit logs: nsyslog
> Other approaches to secure logging
> (10 min)
> Brown: Requirements for embedded device security
> Migration path from existing syslog
> Strategies for securing syslog:
> - improved practice
> - basic enhancements to syslogd
> - cryptographic enhancements to clients and syslogd
> (15 min)
> Report on discussion to date:
> - Distinction between network transport encoding and logfile
> presentation encoding
> - XML transport encoding (cf. unalog)
> - XML digital signature as a potential authentication wrapper
> - Alternative transport encodings (draft-abela-ulm-05.txt, TLV)
> (10 min)
> Ed Simon, XML Digital Signature WG:
> Presentation and demonstration of XML Digital Signature encoding
> Open discussion
> Resolution of BOF outcome: TBD
> --charter text follows this line--
> Draft Working Group Charter
> Working Group Name:
> Network event log security (syslog)
> IETF Area:
> Security
> Chair(s):
> Chris Lonvick <[EMAIL PROTECTED]>
> Alex Brown <[EMAIL PROTECTED]>
> Security Area Director(s):
> Jeffrey Schiller
> Marcus Leech
> Responsible Area Director:
> Jeffrey Schiller
> Mailing Lists:
> General Discussion: [EMAIL PROTECTED]
> To Subscribe: [EMAIL PROTECTED]
> Archive: http://ftp.3com-ne.com/pub/syslog-sec,
> http://njlug.rutgers.edu/projects/syslog
> Description of Working Group:
> Syslog is a defacto standard for network logging of system and
> network events, but it has never been treated as such by IETF.
> This WG would briefly describe existing BSD UNIX syslog in an
> informational RFC, and in a separate Best Common Practice RFC
> recommend several levels of security mechanisms that could be
> applied to syslog daemon and client operation to meet various
> kinds and levels of threat.
> Goals and Milestones:
> Nov 99 Issue first informational Internet-Draft on syslog
> Dec 99 Issue first Best Common Practice Internet-Draft on
syslog
> May 00 Submit IDs to IESG for publication as RFCs
