Hi Chris, Jon and all
> > Second, I would like to propose to discuss an alternative
> > "secure syslog", especially for "small" systems.
> I feel sure that we can proceed if others are interested
> in doing so. I would ask everyone to think about this
> before we agree, however. If the proposed alternative
> "syslog-mac" were to be much simpler than syslog-sign,
> would people prefer to implement that rather than doing
> the harder work to implement syslog-sign?
Before we start an discussion on "Do we need syslog-sign
or syslog-mac?", let me try to end it.
We NEED syslog-sign.
It is simple and elegant. It isn't to hard to implement;
it's very much more simple then syslog-reliable. I guess
it is only a few hundreds line of "new" code for a device.
It is also SECURE! Signature make it a lot more secure then
"Mac's" can do. Especially for "normal" systems in real life.
The "only" problem is, it uses computable expensive crypto
algorithms. It has to. So it can not be used in (really) small
systems. In systems, where cost is more important then security.
My proposal isn't to replace it, nor to make syslog-mac "like
syslog-sign, but simpler"!I want to think about a syslog
"variant" that can be used in low cost, small systems.
It features should be:
+ it is more secure then syslog-syslog
+ it does little cpu-power (-cycles)
+ it doesn't need/use code that isn't
available for small systems (e.g. big memory demand)
It will have disadvantage to:
- it's very real secure (just a little)
- it can be harder to implement
(the syslog-sign)
I don't want to replace the DSA code with DES call it another
syslog variant. That will not solve it. We need more "tricks".
Remember, it is for "small systems that ain't implemented yet".
So changing device code is not a problem; as long a normal syslog(d)
relay or collector can handle it. Which basically mean's" don't change
the PRI and HEADER (incl. TAG) part. I'm thinking about redefining,
the "free text" part
E.g. we could (just some thoughts!)
* Add a sequence number in each message
(unique in what -signs call a signature group)
* Add a MAC to each message
* Allow TCP and/or IPsec instead of UDP
(TCP is a very easy trick to make it more secure!
"fast replay's a hardly possible then)
* Allow receiver to sender session set-up
(it prevent DoS kind of attacks
Instead of talking about the need for one or the other, we
should talk about:
= Does syslog-sign fill a gap. YES IT DOES
= Is there space for "yet another syslog-..."
(I think there is)
= How to fill that gap, without replacing others.
(See some ideas above).
--ALbert
sent mail to [EMAIL PROTECTED], to address me personal.
sent mail to [EMAIL PROTECTED], to address me for businesses
