> -----Original Message----- > From: Sam Hartman [mailto:[email protected]] > Sent: Wednesday, October 28, 2009 3:22 PM > To: Eliot Lear > Cc: David Harrington; 'tom.petch'; 'Joseph Salowey (jsalowey)'; > [email protected]; 'Wes Hardaker'; 'Juergen Schoenwaelder'; 'Huang Min'; > Rainer Gerhards; 'Sharon Chisholm'; [email protected]; 'Glenn M. Keeni'; > 'Miao Fuyou'; 'Anton Okmyanskiy (aokmians)'; [email protected]; > [email protected]; 'Woundy, Richard'; 'Sumanth > Channabasappa'; [email protected]; [email protected]; > 'Richard Graveman'; 'Ong, Lyndon'; 'Andi Kosich'; 'Sam Hartman'; > 'Margaret Wasserman'; 'Jeffrey Hutzelman' > Subject: Re: [Syslog] FW: I-D Action:draft-ietf-syslog-dtls-00.txt > Why isn't usability sufficient for a MUST in this case? Here's the > argument. Unless turning on security is as easy as not doing so, then > there is a sigfificant cost to security and we will not get the > benefits we should. As a result, especially because there are > significant passive attacks protected against by using DTLS, the > security of the protocol will be significantly improved by requiring > implementations provide a easy-to-enable security solution. > > Generating a self-signed cert on a Mac or Linux box is *not* easy > compared to running syslogd. > > Sam, with his painless-security.com hat on.
I agree to the argument, but from the technical perspective it is hard to do this in a typical linux syslogd. The problem is that all "user interface" you can expect to have is a config file and a text editor. Blindly generating certificates if they are not specified in the config file is not appropriate, I think. So the user needs to run an external tool in any case. I fully agree that openssl is not what we have on our mind when thinking about ease of use. But any more graphical front end will most probably not be delivered by default by the distro's package managers. They, for good reason, try to keep the syslogd footprint to as small as possible. In the end result, a specific syslogd might support a GUI for certificate generation, but the user will probably need to run through the process of compiling that functionality from source, what is also a showstopper for many users. On the other hand, a small shell script working as a "front end" to openssl (or whatever) will probably be included in the distro's syslogd (or syslogd-dtls) package. For this reason, I would prefer to see a RECOMMENDED, but I definitely would not object a MUST. However, we need to be aware that there are many parties involved in making this MUST actually happen, so it will not be much stronger than a RECOMMENDED in practice. Rainer _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
