Another outstanding issue is the question of NULL options in the
ciphersuites with Tim Polk suggesting something along the lines of
OLD:
Implementations MUST support DTLS 1.1 [RFC4347] and MUST support the
mandatory to implement cipher suite, which is
TLS_RSA_WITH_AES_128_CBC_SHA.
NEW:
Implementations MUST support DTLS 1.1 [RFC4347] and MUST at a
minimum support the mandatory to implement cipher suite, which is
TLS_RSA_WITH_AES_128_CBC_SHA. If additional cipher suites are
supported, then implementations MUST NOT negotiate a cipher suite
that employs NULL encryption, integrity, or authentication
algorithms.
The justification is that
"disclosure is one of the primary threats described in Section 4,"
I disagree. The threat of disclosure comes from RFC5425 s2
"Some data in syslog messages is sensitive and may be
useful to an attacker, such as the password of an authorized
administrator or user."
but the fact that someone, somewhere may put a password in a syslog
message I do not see as grounds for requiring everyone else in the world
to encrypt everything. Encryption is a pain, it costs, and we should not
require it
unless it can be justified; these are remote, low-powered network boxes
we are talking about, not enterprise servers.
So while I agree we should require authentication, I see no
justification for encryption.
In passing, there was a request for a reference for the ciphersuite,
which could be covered by adding
'as specified there' after 'cipher suite'.
Tom Petch
_______________________________________________
Syslog mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/syslog
