Hi Bert,
We appreciate your review of the document.
As for syslog-over-ssh: We had been incontact with the ISMS and Netconf
WGs and we did see that they had chosen SSH as a secure transport. We did
discuss this within our own Working Group. The consensus was:
- there are current implementations of syslog-over-ssl
- ssh uses the concept that there is an interactive user which works well
for ISMS and Netconf. However, syslog does not have a concept of a user
but is more associated with the idea that this is an automated function of
the device which works better with tls authentication mechanisms.
With that said, I believe that there is interest from some members of the
WG to pursue syslog-over-ssh and in fact, a starting point has been made
with draft-gerhards-syslog-transport-ssh-00.txt
We are under a tight timeline and since the topic has been discussed and
agreed to in the past, we will complete the syslog-over-tls work.
Thanks,
Chris
On Tue, 10 Oct 2006, Wijnen, Bert (Bert) wrote:
-----Original Message-----
From: Wijnen, Bert (Bert)
Sent: Monday, October 09, 2006 16:29
To: [EMAIL PROTECTED]
Subject: RE: Request for Reviewers - draft-ietf-syslog-protocol-17.txt
David Harrington (co-chair of the Syslog WG) specifically asked me
for a review of documents in WG Last Call.
I am not subscribed to the SYSLOG WG mailing list, so pls copy
me explicitly on any reactions that you want me to see.
I am not a security expert, and this WG is in the Security Area, so
I am assuming that the security aspects are well reviewed by the
respected WG members or colleagues in the SEC area.
I also have a common/generic question:
The ISMS and NETCONF WGs have defined as manadatory to implement
SNMP-over-SSH and NETCONF-over-SSH.
I think it would be really really good/best if the SYSLOG WG would
also define a mandatory to implement SYSLOG-over-SSH, so that
operators can use one and the same security infrastructure for
the operational management and monitoring of their systems.
In other words, I find it a pitty that the WG charted work-item:
- A document will be produced that requires a secure transport
for the delivery of syslog messages.
Did not result in a mapping over SSH.
Bert
----- draft-ietf-syslog-transport-tls-03.txt
I am not sure I understand what this means (sect 4, last para):
The security service is also applicable to BSD Syslog defined in
RFC3164 [7]. But, it is not ensured that the protocol specification
defined in this document is applicable to BSD Syslog.
I thought the porimary goal was to secure messages from
draft-ietf-syslog-protocol-17 but I don;t see that mentioned in sect 4.
Bert
----------- original review message:
http://www.ietf.org/internet-drafts/draft-ietf-syslog-protocol-17.txt
Transmission of syslog messages over UDP
http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-udp-07
.txt
TLS Transport Mapping for SYSLOG
http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-03
.txt
Syslog Management Information Base
http://www.ietf.org/internet-drafts/draft-ietf-syslog-device-mib-09.tx
t
Signed syslog Messages
http://www.ietf.org/internet-drafts/draft-ietf-syslog-sign-18.txt
(We expect this document to be updated this week.)
David Harrington
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
