Nicolas Williams writes: > > Yes, I'm well aware of that effort. I think it's misguided for > > exactly the same reasons. > > Have you said so on the WG list?
They were quite far along when I found out, plus I don't have the time to fight every fight. If they're sure it's right, I'll defer, but I still think it's misguided. > > If someone feels like implementing syslogng on Solaris and (in > > particular) the extensions that allow structured XML messages to be > > generated, well, go ahead. I think it's really an unwise decision > > because the usage case is unclear and seems to overlap greatly with > > the intended purpose of more stable, robust, and already-deployed > > mechanisms (such as SNMP Inform) to deliver event notification. > > But these protocols too have their security problems. All of them do. Solving those problems once rather than multiple times would be sort of nice, though. > Sure, I know, > there's the ISMS WG -- but I see nothing in their charter about record > signatures, only transport security and authentication. I'm not sure what they're up to, but it looks like SNMP+SSH. I was actually referring to just SNMPv3 security. > > But if someone's going to take this on and own it, and show how this > > isn't merely an attractive nuisance for developers, I guess I'll wait > > to see that. > > If the SYSLOG WG produces standards-track RFCs along these lines and > others adopt these proposed standards, will we be able to resist > adopting them too? To me that depends on just what the problems are > with their approach. It depends on whether there is in fact a solid problem out there that this solves. I'm unconvinced on that. Giving message integrity to syslog seems a bit wobbly to me, but I guess I can see why someone might want that. Providing structure, though, just makes no sense. Given the effort required to make usable MIBs, I expect that the effort required to produce usable (i.e., programmatic and stable) log extensions to duplicate that level of effort. Failing to produce those sorts of schema leaves you with just a handful of code numbers plus free-form text wrapped prettily in XML. That's essentially equivalent to what we already have with venerable BSD syslog. > For the record, I've not read these I-Ds... Worth a read. They're not all that long, if you can wade through XML and BEEP. -- James Carlson, KISS Network <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
