On Mon, 2006-01-09 at 09:08 +0100, Rainer Gerhards wrote:
Of course, a threat model should also be developed, but please keep in
mind that anything other than signatures breaks what this WG has fought
for since Vancouver.
syslog-protocol should be finished (I hope we are there soon) as well
I agree with Balazs suggestion and his reasoning.
Rainer
-Original Message-
From: Balazs Scheidler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 10, 2006 10:52 AM
To: Rainer Gerhards
Cc: [EMAIL PROTECTED]
Subject: RE: [Syslog] Charter comments from IESG Review
On Mon, 2006
On Tue, 2006-01-10 at 22:02 +1100, Darren Reed wrote:
On Mon, 2006-01-09 at 09:08 +0100, Rainer Gerhards wrote:
I would say that addressing the security concerns at the transport level
is way easier management and implementation wise than implementing
syslog-sign.
I disagree with the
Hi Sam WG,
I understand the reasoning behind requiring a security mechanism. I just
want to remind everyone that a major drawback in Vancouver was that we
had lost some backwards-compatibility to existing syslog
implementations.
The weeks after Vancouver we worked hard to find a minimum
Tom,
If so, yes, both S/MIME and OpenPGP support this model.
However I'll
point oun that it is not a requirement that syslog work
that way; for
example RFC 3195 certainly has connections.
I'll look at those, thanks. I agree syslog could be, perhaps
should be for
meaningful
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
Rainer Hi Sam WG, I understand the reasoning behind requiring a
Rainer security mechanism. I just want to remind everyone that a
Rainer major drawback in Vancouver was that we had lost some
Rainer backwards-compatibility to
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
Rainer Tom,
If so, yes, both S/MIME and OpenPGP support this model.
However I'll point oun that it is not a requirement that
syslog work that way; for example RFC 3195 certainly has
connections.
I'll look
-Original Message-
From: Sam Hartman [mailto:[EMAIL PROTECTED]
Sent: Monday, January 09, 2006 1:08 PM
To: Rainer Gerhards
Cc: Tom Petch; [EMAIL PROTECTED]
Subject: Re: [Syslog] Charter comments from IESG Review
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
Rainer
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
Rainer Sorry, yes, I was totally wrong in my wording. What I
Rainer intended to say was that the keys are exchanged on a
Rainer medium different then the current session (e.g. key
Rainer servers).
This is not typically how
Sam,
Rainer Why? Simply
Rainer because any transport-layer requirement (DTSL, SSL, SSH,
Rainer whatever) would NOT be compatible with currently existing
Rainer syslog implementations. So due to this requirement, we can
Rainer not create a backwards-compatible spec (not
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
Rainer This looks like I misunderstood your intension. I thought
Rainer that unsecured UDP should no longer be supported.
That was not my intent.
Rainer So what
Rainer you actually said is that we can go ahead with the
Petch
- Original Message -
From: Sam Hartman [EMAIL PROTECTED]
To: Rainer Gerhards [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, January 09, 2006 2:35 PM
Subject: Re: [Syslog] Charter comments from IESG Review
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
Rainer
Tom == Tom Petch [EMAIL PROTECTED] writes:
Tom without committing us to either a -sign or a secure transport
Tom approach (and yes, we did start the transport wars, some time
Tom ago, with SSH v TLS:-(
I really think that you need to identify your deliverables in the
charter.
- Original Message -
From: Sam Hartman [EMAIL PROTECTED]
To: Tom Petch [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, January 06, 2006 10:27 PM
Subject: Re: [Syslog] Charter comments from IESG Review
Tom == Tom Petch [EMAIL PROTECTED] writes:
Tom Sam I struggle to think
Hi Sam,
On Thu, 5 Jan 2006, Sam Hartman wrote:
Hi. The IESg reviewed the proposed syslog charter at today's telechat
and decided that it requires revision. The main concern seems to be
the lack of a mandatory to implement security mechanism. I indicated
this might be the case in the
Chris == Chris Lonvick [EMAIL PROTECTED] writes:
Chris Is Section 8 in draft-ietf-syslog-protocol-16.txt
Chris sufficient? Alternatively, Section 6 in RFC 3164 is fairly
Chris comprehensive.
Both of these look good. My main question with them is whether you
believe it is a
Sam
I struggle to think what a security system would look like when the protocol is
purely simplex, apart from a MAC to give integrity with some shared secret
transmitted totally out of band.
Are there any examples of simplex security elsewhere in the IETF?
Tom Petch
- Original Message
Tom == Tom Petch [EMAIL PROTECTED] writes:
Tom Sam I struggle to think what a security system would look
Tom like when the protocol is purely simplex, apart from a MAC to
Tom give integrity with some shared secret transmitted totally
Tom out of band.
By this do you mean without
18 matches
Mail list logo