Hi Folks,
As many of you are seeing, you've been subscribed to [EMAIL PROTECTED]
This will be the new mailing list for this Working Group. Alex mentioned
that his server would be staying around for a while, but I'd prefer to move it
now rather than after the Charter has been accepted. Along the same lines,
Rob Cermak indicated that his web pages and email archive may no longer be
supported after he graduates. :-)
You should receive this email twice since everyone should be subscribed to
both the 3Com-NE.COM and Employees.ORG mailing lists. If you don't get
this twice, then something is wrong so please contact me and we'll find out
what. I'll check the diffs between the Majordomo's over the next few weeks
to make sure that no one subscribes to the old one as well.
At this time, let's all start using the new mailing list. If you reply to
this, please only send it to the [EMAIL PROTECTED] list so we don't
inundate everyone with dual messages.
I'd like to thank both Alex and Rob for hosting what they have done. Rob
has kept his pages updated here:
http://njlug.rutgers.edu/projects/syslog/
I have a link from my page and I'll move the other things over to the new
site later. The new pages will be here:
http://www.employees.org/~lonvick/index.shtml
(I've got a space holder for some snazzy logo if anyone wants to draw one.
Otherwise, I'll put in the IETF logo.)
At this time, I'm using The Mail Archive
http://www.mail-archive.com/syslog-sec%40employees.org/
This looks pretty good. :-) They won't attach or send out spam or marketing
junk and it is very nicely web-based archived. I've pre-loaded the archive
with the prior emails that I had kept. (Apologies for the headers but that's
the only way that I could find to 'bounce' them through Eudora.)
I've received some comments that the grammar could be corrected in the
originally posted description of the Charter. There was a sentence fragment
in the 3rd paragraph. The new description now reads:
Syslog is a de-facto standard for logging system events. However, the
protocol component of this event logging system has not been formerly
documented. While the protocol has been very useful and scaleable, it
has some known but undocumented security problems. For instance, the
messages are unauthenticated and there is no mechanism to provide
verified delivery and message integrity.
The goal of this working group is to document and address the security
and integrity problems of the existing Syslog mechanism. In order to
accomplish this task we will document the existing protocol. The working
group will also explore and develop a standard to address the security
problems.
Beyond documenting the Syslog protocol and its problems, the working
group will work on ways to secure the Syslog protocol. At a minimum
this group will address providing authenticity, integrity and
confidentiality of Syslog messages as they traverse the network. The
belief being that we can provide mechanisms that can be utilized in
existing programs with few modifications to the protocol while
providing significant security enhancements.
I've also changed the last sentence from the prior proposal to be more
descriptive. Please review this and send in your comments.
Thanks,
Chris
