I agree with Robert that privacy can be achieved by means other than encryption,
but disagree that privacy is a MUST operationally.
As Chris pointed out, we have already said this in RFC5424
"In most cases, passing clear-text messages is a benefit to the
operations staff if they are sniffing the packets from the wire. "
which means I think we should say
"Implementations MUST support DTLS 1.1 [RFC4347] and MUST at a
minimum support the mandatory to implement cipher suite ,
which is
TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246]. If additional cipher suites are
supported, then implementations MUST NOT negotiate a cipher suite
that employs NULL integrity or authentication algorithms.
Where privacy is REQUIRED, then implementations must either negotiate
a cipher suite that employs a non-NULL encryption algorithm or else achieve
privacy by other means, such as a physically secured network.
However, as [RFC5424] section 8 points out
'In most cases, passing clear-text messages is a benefit to the
operations staff if they are sniffing the packets from the wire.'
and so where privacy is not a requirement, then it is advantageous
to use a NULL encryption algorithm.
Tom Petch
----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Cc: <[email protected]>; <[email protected]>
Sent: Wednesday, June 09, 2010 2:10 PM
Subject: Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Polk COMMENT
> > >
> > > I think you'll need to add some text that says if confidentiality is
> > > required, the NULL cipher suites MUST NOT negotiate NULL encryption
> ciphers.
> > >
> > > I'm hoping that we can keep the part about MUST NOT support NULL
> integrity
> > > and authentication algorithms in Section 5.3. But, add a new
> lastsentence
> > > that says something like:
> > >
> > > When confidentiality is provided by [insert mechanism here], then NULL
>
> > > encryption algorithms MAY be negotiated.
> >
> > Let's change that to:
> > When confidentiality is desired but without the overhead of using
> DTLS
> > encryption, then it may be provided by provisioning a physically
> > secured network. In that case the NULL encryption algorithm may be
> > negotiated.
> >
> > Does that work?
> >
>
> Those words could work. It would be better if the phrase "physically
> secured network" were "appropriately secured network". I'm thinking about
> people who are using VLAN and other low level hardware technologies.
> Someone who understands the issues can decide whether their low level
> hardware approach is a suitable equivalent to "physically secured" so this
> is less imprtant. Either wording results in implementations that can be
> configured to meet the need.
>
> Kind Regards,
>
> Robert Horn | Agfa HealthCare
> Research Scientist | HE/Technology Office
> T +1 978 897 4860
>
> Agfa HealthCare Corporation, 100 Challenger Road, Ridgefield Park, NJ,
> 07660-2199, United States
> http://www.agfa.com/healthcare/
> Click on link to read important disclaimer:
> http://www.agfa.com/healthcare/maildisclaimer
>
>
> _______________________________________________
> Syslog mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/syslog
_______________________________________________
Syslog mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/syslog
