Hi Folks,
We need to back up a moment and formalize our thoughts on the threats that we
are going to address to "secure" syslog messages. We need to have this
discussion to ensure that any mechanism we decide to provide will address the
threats. The summary of our discussion will likely be included in
syslog-transport-(secure) to show our objective and how the mechanism
meets it.
From the prior discussions, it looks like the primary threats to current syslog
messages are:
- message observation
- message tampering, injection, replay
- message loss
If these are the threats (please respond to the list if you don't agree),
then we can deploy the following mechanisms to thwart them:
- message encryption at the transport layer will prevent observation
- transport layer encryption with a sufficient message authentication
check (mac) mechanism will allow a receiver to detect attemps of
tampering, injection and replay
- transport layer encryption will provide seqenced delivery of messages
in transit
Is this sufficient for our needs?
Does the possibility of message loss due to network unavailability need to be
addressed at this time? This will be addressed in syslog-sign, but do we need
an additional mechanism (such as the required use of the eventID SD-ID) to
ensure that messages generated but not delivered are detected by the receiver?
If we can agree that these are the threats, and mechanisms that will thwart
them, then we can finalize our discussion on a transport layer service and add
that to our charter.
Please respond to the list with your thoughts. We need responses to this to
make sure that we're on the right track with this discussion. Please keep Sam
cc'd on this thread.
Thanks,
Chris
_______________________________________________
Syslog mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/syslog
