Hi,
Rob has posted the presentation on his updated web page here:
http://njlug.rutgers.edu/projects/syslog/
and Emil Isberg has posted a copy here:
http://www.mds.mdh.se/~cel95eig/syslog/syslog_bof47.ppt
On Monday I'll take the collective silence as acceptance and
send the proposed Charter to the ADs. If there is anything
that you would like to discuss about this Charter, please do
so at this time.
Thanks,
Chris
At 10:29 AM 4/3/00 -0500, Chris Lonvick wrote:
>Hi Everyone,
>
>Below is the proposed Working Group Charter. I've asked Rob Cermak
>who is running the archive to post the Powerpoint presentation that
>I gave at the BoF. I'll be glad to email that directly to anyone
>that can't wait. It's 14 slides in about 25kB.
>
>Let's discuss this proposed Charter on the list. I'd like to get a
>consensus from this group and then get that back to Jeff and Marcus
>so they can take it to the IESG. Let's try to set a limit of one
>week for this discussion.
>
>I've also talked to Alex Brown about the mailing list here. Due to
>some circumstances beyond his control, he's suggested that we find a
>new home for it. I'm working on setting up Majordomo at employees.org
>for this. I'll re-subscribe everyone to the new list and digest when I
>get it going. Drop me a note if you don't want to be re-subscribed, or
>if you have a better home for it.
>
>Thanks,
>Chris
>
>---Proposed Charter---
>
>Security Issues in Network Event Logging (syslog)
>
>Chair(s):
>
>Chris M. Lonvick <[EMAIL PROTECTED]>
>
>Security Area Director(s):
>
>Jeffrey Schiller <[EMAIL PROTECTED]>
>Marcus Leech <[EMAIL PROTECTED]>
>
>Security Area Advisor:
>
>Jeffrey Schiller <[EMAIL PROTECTED]>
>Marcus Leech <[EMAIL PROTECTED]>
>
>Mailing Lists:
>General Discussion: [EMAIL PROTECTED]
>To Subscribe: [EMAIL PROTECTED]
>Archive: http://njlug.rutgers.edu/projects/syslog
>
>Description of Working Group:
>
>Syslog is a de-facto standard for logging system events. However, the
>protocol component of this event logging system has not been formerly
>documented. While the protocol has been very useful and scaleable, it
>has some known but undocumented security problems. For instance, the
>messages are unauthenticated and there is no mechanism to provide
>verified delivery and message integrity.
>
>The goal of this working group is to document and address the security
>and integrity problems of the existing Syslog mechanism. In order to
>accomplish this task we will document the existing protocol. The working
>group will also explore and develop a standard to address the security
>problems.
>
>Beyond documenting the syslog protocol and its problems, the working
>group will work on ways to secure the syslog protocol. At a minimum
>providing authenticity, integrity and confidentiality of syslog messages
>as they traverse the network. The belief being that we can provide
>mechanisms that can be utilized in existing programs with little or no
>modification while providing significant security enhancement.
>
>Goals and Milestones:
>
> May 2000 Post as an Internet Draft the observed behavior of the Syslog
> protocol for consideration as an Informational Document.
> Jun 2000 Publish Syslog protocol document as INFORMATIONAL RFC.
> Jul 2000 Post as an Internet Draft the specification for an
> authenticated Syslog for consideration as a Standards Track RFC.
> Aug 2000 Publish Syslog Authentication Protocol as PROPOSED STANDARD.
> Sep 2000 Post an Internet Draft describing enhancements to the syslog
> authentication protocol to add verification of delivery and
> other security services.
> Oct 2000 Publish Syslog Authentication Protocol Enhancement as PROPOSED
> STANDARD.
> Dec 2000 Revise drafts as necessary and advance these Internet Drafts to
> Standards Track RFCs.
>
>
