Hi Joe, [big snip] > [Joe] We are not talking about HTTPS we are talking about syslog. What > applies to one may not necessarily apply to the other (HTTP provides > other ways to authenticate the client etc.). In addition HTTPS > authenticates the server in most cases. In any case, I don't think you > can claim confidentiality if you do not take care of masquerade or > man-in-the-middle as either will result in a breach of confidentiality, > you are still vulnerable to active attackers. > > I believe that implementations need to support mutual authentication > and > authorization with certificates. The recommended mechanisms for this > probably still need some discussion, however I think it is important to > provide this capability. I think what is more to the point in the > current discussion is what is required by default.
That is what I was talking about. I do not say that I do not like full blown security. What I say is that I prefer weaker security even for the unskilled user in favor of no security. As I wrote, my suggestions were for the default case. > I would like to > suggest that server authentication, certificate path validation and > authorization be required by default, because I without this I don't > think any security goals are met. I would also suggest that by default > clients should present and authenticate with a certificate, however a > server does not necessarily need to perform path validation or > authorization, it can just record the certificate (or fingerprint) that > carries the public key used in the authentication so it can be > validated > at a later time. > > This requires configuration on the client, but not necessarily on the > server. The server needs to be configured with the client identities. Anyhow... I think we have exchanged enough arguments for now. We are right now obviously looking from different angles (skilled users via home users), which makes it hard to come to a conclusion. At least I will now continue to implement the current draft. I can always add different authentication modes later, so it doesn't hurt to implement a basic set. Plus, the draft allows for anonymous authentication. I'll make it very easy to turn this on, what probably solves the home user problem I see. I'll post notes if I come along anything noteworthy during implementation. Rainer _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
