Hi,
I'm interested in what folk think about the need for a general approach to
provide authenticated 'application' data - including Accounting records and
syslog logs.
The secure-syslog and aaa accounting seem to share a need for auditable
database records. Any other application that generates logging streams to a
'server' could use the same mechanism adopted for these.
The common requirements at the application level are at least:
1) to authenticate that an authorised 'client' delivered the record, and
when.
2) the authentication 'signature' can be checked any time after the record
was recieved
These requirements are similar to those used in EDI discussions
(S/MIME(CMS), PGP/MIME) where e-mail and other 'documents' are authenticated
after the fact.
IPSEC could be used to protect from network attacks, but does not help with
a verifiable audit on the application data.
Do folk thing there is any chance of re-using something to do this (EDI?) or
do we start from scratch?
Steve.
