On Mon, 2006-01-09 at 09:08 +0100, Rainer Gerhards wrote: > Of course, a threat model should also be developed, but please keep in > mind that anything other than signatures breaks what this WG has fought > for since Vancouver. > > syslog-protocol should be finished (I hope we are there soon) as well as > syslog-transport-udp. Then, these both should be taken to a rest and > syslog-sign be modified in the sense of -transport and being worked on. > I think this can probably done quickly, because -sign is almost complete > and just needs to be modified to take advantage of -protocol. > > To be honest, though, I have to admit that I expect many of the upcoming > implementations to violate syslog-protocol by just implementing > -protocol and -transport-udp, but not -sign. But that's probably not > something to care about...
I know that some other mails discussed the same topic and a misunderstanding has already been resolved about whether to support transport-udp or not. I would say that addressing the security concerns at the transport level is way easier management and implementation wise than implementing syslog-sign. And in addition they address a different problem: 1) transport level implements security mechanisms on a per hop-by-hop basis, the message itself is not authenticated, each of the relay stations can modify the message 2) syslog-sign implements per-message, end-to-end authenticity where the relay hosts cannot modify messages as they are individually signed by their origin. So I'd go with using TLS/DTLS on the transport first and then possibly adapting syslog-sign when the transport issues are resolved. -- Bazsi _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
