On Thu, 2006-01-26 at 18:10 +0100, Tom Petch wrote: > I disagree. I think this list of threats is excessive. > > As I have said before, I regard integrity and message origin authentication as > the needs, with modification and spoofing as the threats. I do not see > observation as a problem and although others have said it is, noone has given > an > example of a syslog message that is so significant that it must be kept > secret. > Doubtless someone will produce some but I doubt I will ever be convinced that > it > is as important as the first two threats I mention.
Application Layer firewall logs may contain sensitive information such as passwords, especially when running at a high log level. Lots of people are using syslog-ng with stunnel for similar reasons now. So maybe we should consider both schemes: authenticating the origin of each message _AND_ standardizing encrypted transport. I vote for encrypted transport but there might be enough support for the first one as well. -- Bazsi _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
