Hi Everyone,
Below is the proposed Working Group Charter. I've asked Rob Cermak
who is running the archive to post the Powerpoint presentation that
I gave at the BoF. I'll be glad to email that directly to anyone
that can't wait. It's 14 slides in about 25kB.
Let's discuss this proposed Charter on the list. I'd like to get a
consensus from this group and then get that back to Jeff and Marcus
so they can take it to the IESG. Let's try to set a limit of one
week for this discussion.
I've also talked to Alex Brown about the mailing list here. Due to
some circumstances beyond his control, he's suggested that we find a
new home for it. I'm working on setting up Majordomo at employees.org
for this. I'll re-subscribe everyone to the new list and digest when I
get it going. Drop me a note if you don't want to be re-subscribed, or
if you have a better home for it.
Thanks,
Chris
---Proposed Charter---
Security Issues in Network Event Logging (syslog)
Chair(s):
Chris M. Lonvick <[EMAIL PROTECTED]>
Security Area Director(s):
Jeffrey Schiller <[EMAIL PROTECTED]>
Marcus Leech <[EMAIL PROTECTED]>
Security Area Advisor:
Jeffrey Schiller <[EMAIL PROTECTED]>
Marcus Leech <[EMAIL PROTECTED]>
Mailing Lists:
General Discussion: [EMAIL PROTECTED]
To Subscribe: [EMAIL PROTECTED]
Archive: http://njlug.rutgers.edu/projects/syslog
Description of Working Group:
Syslog is a de-facto standard for logging system events. However, the
protocol component of this event logging system has not been formerly
documented. While the protocol has been very useful and scaleable, it
has some known but undocumented security problems. For instance, the
messages are unauthenticated and there is no mechanism to provide
verified delivery and message integrity.
The goal of this working group is to document and address the security
and integrity problems of the existing Syslog mechanism. In order to
accomplish this task we will document the existing protocol. The working
group will also explore and develop a standard to address the security
problems.
Beyond documenting the syslog protocol and its problems, the working
group will work on ways to secure the syslog protocol. At a minimum
providing authenticity, integrity and confidentiality of syslog messages
as they traverse the network. The belief being that we can provide
mechanisms that can be utilized in existing programs with little or no
modification while providing significant security enhancement.
Goals and Milestones:
May 2000 Post as an Internet Draft the observed behavior of the Syslog
protocol for consideration as an Informational Document.
Jun 2000 Publish Syslog protocol document as INFORMATIONAL RFC.
Jul 2000 Post as an Internet Draft the specification for an
authenticated Syslog for consideration as a Standards Track RFC.
Aug 2000 Publish Syslog Authentication Protocol as PROPOSED STANDARD.
Sep 2000 Post an Internet Draft describing enhancements to the syslog
authentication protocol to add verification of delivery and
other security services.
Oct 2000 Publish Syslog Authentication Protocol Enhancement as PROPOSED
STANDARD.
Dec 2000 Revise drafts as necessary and advance these Internet Drafts to
Standards Track RFCs.
