At 01:57 AM 11/21/00 -0500, John Kelsey wrote:
>I am coming to know the feeling. Just thinking through
>forwarding and storage security issues raises all kinds of
>interesting questions, like how to handle storage security
>on old-style receivers, and how to keep messages that are
>forwarded for a huge number of hops from growing to some
>unreasonable size.
Welcome to protocol design. ;-)
>...
>>Are you proposing to have a hash included within each message
>>as well as a signing block? That makes sense, but it wasn't
>>entirely clear from what you wrote here.
>
>No. The whole point of this is to leave the messages
>unaltered, so that old-style receivers can store or forward
>them without any problems. That means we want to put the
>signatures in additional syslog messages (and that those
>messages have to go where the others do).
>
>You can think of each message as effectively carrying a hash
>with it, since the receiver can always compute the hash on
>a message that's arrived. I visualize this whole scheme as
>mainly being useful for offline analysis of the stored log
>data.
Ahh..
>...
>>Both encryption and compression make the message unreadable
>>to packet sniffers. I don't think that we want to change
>>that behaviour.
>
>Do you mean we want to make sure messages can be read by
>packet sniffers (for debugging, I guess), or that we don't
>want messages to be readable by packet sniffers?
>(Compression by itself won't add any real security against
>packet sniffers.)
I'd like to keep it so that sniffers can see the messages as they
go by. That has helped in debugging.
Thanks,
Chris
