Hi Folks,
We've been officially recognized as a Working Group. :-)
Thanks,
Chris
>From: The IESG <[EMAIL PROTECTED]>
>To: IETF-Announce:;
>Subject: WG ACTION: Security Issues in Network Event Logging (syslog)
>Date: Wed, 31 May 2000 07:05:06 -0400
>Sender: [EMAIL PROTECTED]
>X-SPAM: Yes
>X-SPAM-REASON: Suspicious TO Address
>X-SPAM-INFO: http://wwwin.cisco.com/CustAdv/InfoSys/spam
>X-SMTP-HELO: loki.ietf.org
>X-SMTP-MAIL-FROM: [EMAIL PROTECTED]
>X-SMAP-Received-From: outside
>X-SMTP-PEER-INFO: loki.ietf.org [132.151.1.177]
>
>A new working group has been formed in the Security Area of the IETF.
>For additional information, contact the Area Directors
>or the WG Chair.
>
>
>Security Issues in Network Event Logging (syslog)
>-------------------------------------------------
>
> Current Status: Active Working Group
>
> Chair(s):
> Chris Lonvick <[EMAIL PROTECTED]>
>
> Security Area Director(s):
> Jeffrey Schiller <[EMAIL PROTECTED]>
> Marcus Leech <[EMAIL PROTECTED]>
>
> Security Area Advisor:
> Jeffrey Schiller <[EMAIL PROTECTED]>
>
> Mailing Lists:
> General Discussion:[EMAIL PROTECTED]
> To Subscribe: [EMAIL PROTECTED]
> In Body: subscribe syslog-sec your_email_address
> Archive: http://www.mail-archive.com/[email protected]/
>
>Description of Working Group:
>
>Syslog is a de-facto standard for logging system events. However, the
>protocol component of this event logging system has not been formally
>documented. While the protocol has been very useful and scalable, it
>has some known but undocumented security problems. For instance, the
>messages are unauthenticated and there is no mechanism to provide
>verified delivery and message integrity.
>
>The goal of this working group is to document and address the security
>and integrity problems of the existing Syslog mechanism. In order to
>accomplish this task we will document the existing protocol. The
>working
>group will also explore and develop a standard to address the security
>problems.
>
>Beyond documenting the Syslog protocol and its problems, the working
>group will work on ways to secure the Syslog protocol. At a minimum
>this group will address providing authenticity, integrity and
>confidentiality of Syslog messages as they traverse the network. The
>belief being that we can provide mechanisms that can be utilized in
>existing programs with few modifications to the protocol while
>providing significant security enhancements.
>
> Goals and Milestones:
>
> May 00 Post as an Internet Draft the observed behavior of the Syslog
> protocol for consideration as an Informational Document.
>
> Jun 00 Submit Syslog protocol document to IESG for consideration as an
> INFORMATIONAL RFC.
>
> Jul 00 Post as an Internet Draft the specification for an
> authenticated Syslog for consideration as a Standards Track
> RFC.
>
> Aug 00 Submit Syslog Authentication Protocol to IESG for consideration
> as a PROPOSED STANDARD.
>
> Sep 00 Post an Internet Draft describing enhancements to the Syslog
> authentication protocol to add verification of delivery and
> other security services.
>
> Oct 00 Submit Syslog Authentication Protocol Enhancement to IESG for
> consideration as a PROPOSED STANDARD.
>
> Dec 00 Revise drafts as necessary to advance these Internet-Drafts to
> Standards Track RFCs.
