Re: Simple authentication of syslog messages for embedded network devices

Mon, 30 Oct 2000 06:46:38 -0800 

At 05:48 PM 10/28/00 -0400, Alex Brown wrote:
>file:/home/abrown/ietf/syslog-sec/abrown-draft/draft-syslog-auth.htm
>-- 
>Alex Brown <[EMAIL PROTECTED]> http://www.msg.com/~abrown +1 617 504 8761<x-html>
><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
---remainder deleted for brevity---

Alex,

I have some problems with this draft.  Let's discuss them on the
list.

- Please do not send html - only use text when sending to this list.

- The title has still not changed.  This is not going to be restricted 
   to embedded devices.  The definition of this authentication scheme
   will be carried forward to be used in the reliable delivery
   mechanism.  This is outlined in the Charter of the WG.

- I don't know what to make of the 3rd paragraph of section 4.1:
    "The syslog client and host implementors must agree on leading string 
     fields in the transmitted and received message,..."
   It would seem to me that any implementor would be able to choose a
   set of fields that would conflict with any other selected set of 
   fields from any other implementor.  This must be resolved to state
   the fields and their order.  Beyond this, you only minimally specify 
   what they are.  It appears to be information that may already be 
   contained in the Application-message.  I don't see the point of
   duplicating this information.

- You don't specify any actions to take if the Application-message is
   near 1024 bytes and the inclusion of the remaining fields make the
   entire message longer than 1024 bytes.

- You appear to be proposing two solutions:  "Running hash session ID
   initialization" and "Simplified unsequenced hash chain".  I really
   don't think that we want two solutions but I'll open that discussion
   up to the WG.  Comments from anyone?
(I did not delve into the proposals but it appears that "Simplified
 unsequenced hash chain" is the same as what you proposed in your last
 draft.)

- In the section "Verify known forwarders", what happens if the message
   enclosed in quotes is near 1024bytes and the forwarder attempts to
   add its own Attributes and MAC value?

Thanks,
Chris
-individual replies should go to [EMAIL PROTECTED]

Reply via email to