Replying to no-one specifically, I think one significant consideration is being missed.
Basing security on a secure transport may already exist as an implementation but not as an I-D. I expect it to take at least 6 months, more like 12, to produce an IESG ready I-D. By that time, our long-suffering editor of syslog-protocol says he will have had to stand down. I believe that means we will never produce the two I-Ds needed for advancement and that the WG will shut down with nothing done. More hopefully, I do believe that the threats can be met by syslog-sign. Almost every user I talk to about security wants encryption. I have to work very hard to do so, but mostly succeed, in demonstrating to them that what they need is message origin authentication and integrity and it just so happens that that is what most IPS protocols offer, and, even better, it is much cheaper than encryption. I believe syslog falls into this category for most users, and that the aims of syslog-sign will meet most requirements. I hear it criticised for having the wrong algorithms. Fine, we must change that since every security system nowadays should be algorithm agnostic. MD5 got busted, fine we switch to SHA-1. SHA-1 under threat, no problem, roll on SHA-256. This process will go on for ever so we must incorporate it in anything we produce - like syslog-sign. And, given the state of syslog-sign, current editors still willing, I believe we can get those two I-Ds ready inside four monhts. The only realistic alternative would be to incorporate signature blocks in the style of syslog-sign in the structured data of the message being authenticated. Tom Petch _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
