Hi, We have been proposed to the IESG. Thanks, Chris >From: The IESG <[EMAIL PROTECTED]> >To: IETF-Announce:; >cc: [EMAIL PROTECTED] >Subject: WG Review: Security Issues in Network Event Logging (syslog) >Date: Fri, 05 May 2000 08:02:29 -0400 >Sender: [EMAIL PROTECTED] >X-SPAM: Yes >X-SPAM-REASON: Suspicious TO Address >X-SPAM-INFO: http://wwwin.cisco.com/CustAdv/InfoSys/spam >X-SMTP-HELO: loki.ietf.org >X-SMTP-MAIL-FROM: [EMAIL PROTECTED] >X-SMAP-Received-From: outside >X-SMTP-PEER-INFO: loki.ietf.org [132.151.1.177] > > >A new IETF working group has been proposed in the Security Area. >The IESG has not made any determination as yet. > >The following Description was submitted, and is provided for >informational purposes only: > >Security Issues in Network Event Logging (syslog) >------------------------------------------------- > Current Status: Proposed Working Group > > Mailing Lists: > General Discussion:[EMAIL PROTECTED] > To Subscribe: [EMAIL PROTECTED] > In Body: subscribe <your email address> syslog-sec > Archive: http://www.mail-archive.com/[email protected]/ > > >Description of Working Group: > >Syslog is a de-facto standard for logging system events. However, the >protocol component of this event logging system has not been formally >documented. While the protocol has been very useful and scalable, it >has some known but undocumented security problems. For instance, the >messages are unauthenticated and there is no mechanism to provide >verified delivery and message integrity. > >The goal of this working group is to document and address the security >and integrity problems of the existing Syslog mechanism. In order to >accomplish this task we will document the existing protocol. The working >group will also explore and develop a standard to address the security >problems. > >Beyond documenting the Syslog protocol and its problems, the working >group will work on ways to secure the Syslog protocol. At a minimum >this group will address providing authenticity, integrity and >confidentiality of Syslog messages as they traverse the network. The >belief being that we can provide mechanisms that can be utilized in >existing programs with few modifications to the protocol while >providing significant security enhancements. > >
