Hi. The IESg reviewed the proposed syslog charter at today's telechat
and decided that it requires revision. The main concern seems to be
the lack of a mandatory to implement security mechanism. I indicated
this might be the case in the Vancouver meeting.
so, you definitely need to have some sort of mandatory to implement
security mechanism. I'm not quite sure what needs to be said about
this in the charter.
But the working group will need to:
1) Identify a threat model for syslog
2) Define mechanisms to address these threats.
So, questions for the threat model include things like whether
confidentiality is important or whether integrity of mesages is
sufficient.
Depending on the threat model here are some possible solutions:
1) Require some transport like syslog over TLS|DTLS be implemented.
2) Require that all senders implement signatures stored in structured
data as an option.
I don't think you need to commit to one of these options now.
However, you do need to reflect the security issues in the charter.
--Sam
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
