FWIW: I agree with Baszi in all points. Rainer
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Balazs Scheidler > Sent: Tuesday, January 31, 2006 2:35 PM > To: Tom Petch > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: [Syslog] Threat model requirements discussion > > On Tue, 2006-01-31 at 11:28 +0100, Tom Petch wrote: > > > So I want to see a simpler solution - eg keyed hash - first > and a more complex > > one which includes encryption as phase two (2007?). > > > > And yes, my views are coloured by SNMP which I have worked > with for many years, > > where, as I have said before, users tell me they must have > encryption but it > > usually turns out they have not yet learnt about the > concept of differing > > threats. > > My points: > * syslog is way different than SNMP traps, it really does contain > sensitive information (not just link up/down). > * adding TLS is very simple from the implementation point of view: > adding a new transport layer to the software stack does not really > change the software (can be done without changing the software at all > via a wrapper like stunnel), message signatures is a big > change in _all_ > senders > * adding TLS is very simple from the protocol specification point of > view: define a way to wrap messages to an "envelope" (e.g. NL > termination, or byte counter) and wrap messages into TLS > * adding message signatures is difficult both implementation and > specification wise, syslog-sign is far from being simple > > I'd say that the specification and implementation something like > syslog-sign is at least 3-5 times as big work as doing the same with a > drop-in package like TLS. > > But I guess this is a yes/no argument so we have to come up with a > decision. I would propose an agenda like: > > 1) syslog-protocol > 2) syslog-protocol over TLS > 3) message integrity/authenticity checking in syslog-protocol > > Or maybe even start work on 2) and 3) in parallel. > > -- > Bazsi > > > _______________________________________________ > Syslog mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
