FYI -- Re: XML Digital Signatures (xmldsig) for securing network event logging?

by way of "Chris M. Lonvick" <[EMAIL PROTECTED]> Mon, 10 Apr 2000 11:25:28 -0700



For your info - Correspondence with chair of "XML Digital Signature
(xmldsig)" IETF working group.  XML standardization work on encoding of
security wrappers seems to be directed at financial transaction
applications, primarily for authentication of data with public-key
signatures.   A simple MAC based authentication tag, using a private key
(shared secret) might be a reasonable outgrowth or alternative that's
usable in any log client device.

However, there's no progress so far on standard tagging for encryption,
e.g. the "<CRYPT ...>ciphertext</CRYPT>" suggested by Chris Calabrese,
although using the xmldsig work "one may be able to provide confidentiality
with minimal to no changes."

Alex Brown <[EMAIL PROTECTED]> +1 508 323 2283



Sent by:  Alex Brown <[EMAIL PROTECTED]>



To:   "J. Reagle" <reagle @w3.org>, Donald Eastlake 3rd <dee3
       @torque.pothole.com>
cc:   Jeffrey Schiller <jis @mit.edu> (Alex Brown/US/3Com)
Subject:  XML Digital Signatures (xmldsig) for securing network event
       logging?




Re:  http://www.ietf.org/html.charters/xmldsig-charter.html
Hello -
I'm chair of the BOF on security issues in network event logging
(syslog) to be held at IETF-46 next month.   An email list for
preparation of the BOF agenda ([EMAIL PROTECTED]) has drawn a lot
of interesting contributions, including a suggestion that a replacement
facility use XML encoding in its transport protocol (over various
networks or links, some insecure).   I'm interested in this approach
because it might seem to permit applying security envelopes over data
elements within a message, rather than over whole messages or the full
channel.   I have not been following XML security activity, however,
other than noting a few trade press articles over the past year.  The
xmldsig activity seems to answer the need for a common approach to
authentication, but I wonder if there has also been work on privacy
tagging for encryption.
(1)  Comments?  Do you know of related work?
(2)  Are there drafts of the RFCs identified in the "Deliverables"
section of the xmldsig charter page?  Can I obtain them?
(3)  Would you be interested in providing liason at the syslog BOF
meeting?
Thanks.

--
Alex Brown  +1 508 323 2283
Consulting engineer - 3Com Modular Systems Divison
Three 3Com Drive - Marlborough MA 01752 USA
---------------------- Forwarded by Alex Brown/US/3Com on 10/27/99 02:21 PM
---------------------------


"Joseph M. Reagle Jr." <[EMAIL PROTECTED]> on 10/27/99 12:08:30 PM

Sent by:  "Joseph M. Reagle Jr." <[EMAIL PROTECTED]>


To:   Alex Brown <abrown @3com-ne.com>
cc:   Donald Eastlake 3rd <dee3 @torque.pothole.com>, Jeffrey Schiller <jis
       @mit.edu> (Alex Brown/US/3Com)
Subject:  Re: XML Digital Signatures (xmldsig) for securing network  event
       logging?
FYI -- Re: XML Digital Signatures (xmldsig) for securing network event logging?

Reply via email to
