Chris,
I have not heard back from anyone about how SSL is currently being
implemented for syslog. From that, I might conclude that message
confidentiality is not a priority for the community.
(Responses to that
would be welcome.)
I thought that these postings pointed out what is
Hi Rainer,
I'm still not seeing too many responses about how TLS is authenticated.
Only Baszi has said that full X.509 certificates should be used - similar
to how they are used in stunnel. Is this acceptable to the WG? Should
the WG also consider using PSKs as proposed in RFC 4279?
Hi Rainer,
I'm still not seeing too many responses about how TLS is
authenticated.
I guess you do not see them because most often it is used anonymous...
As of my experience, people are concerend about message observation.
Authentication is not their prime concern (my previous post
On Wed, 2006-01-18 at 06:24 -0800, Chris Lonvick wrote:
Hi Rainer,
I'm still not seeing too many responses about how TLS is authenticated.
Only Baszi has said that full X.509 certificates should be used - similar
to how they are used in stunnel. Is this acceptable to the WG? Should
the
- Original Message -
From: Anton Okmianski (aokmians) [EMAIL PROTECTED]
To: Sam Hartman [EMAIL PROTECTED]
Cc: Chris Lonvick (clonvick) [EMAIL PROTECTED]; Tom Petch
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, January 17, 2006 10:54 PM
Subject: RE: [Syslog] Re: Threat model
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chris
Lonvick (clonvick)
Sent: Tuesday, January 17, 2006 3:21 PM
To: Tom Petch
Cc: [EMAIL PROTECTED]; Sam Hartman
Subject: Re: [Syslog] Re: Threat model and charter
Hi Tom,
On Fri, 13 Jan 2006, Tom Petch wrote
May I recommend TLS PSK or TLS in anonymous DH mode in preference to
inventing your own transport that does not use PKI?
Also, before doing something based on shared secrets carefully
consider the requirements of RFC 4107.
___
Syslog mailing list
Replying to no-one specifically, I think one significant consideration is being
missed.
Basing security on a secure transport may already exist as an implementation but
not as an I-D. I expect it to take at least 6 months, more like 12, to produce
an IESG ready I-D. By that time, our
Hi Sam,
I also have a concern that we may try to craft an answer that provides
good security but that won't actually be deployed. As an analogy, snmp
has similar characteristics to syslog. usm has good security properties
but has not been widely deployed. isms is trying to redress that and
I think that you are leaping too soon into implementation space. That is
why the threat model is requested first. Off the top of my head here are
some components of the threat model. I organize these in terms of Asset,
Threat, Mitigation. There are certainly more threats because I know I
have
Hi,
I was thinking that if we have to do authentication then we could try to
get consensus on a simple authentication mechanism - a shared secret.
Essentially, each sender would have to be configured with a shared secret
before it could use TLS. The receivers and relays would also have that
On Wed, 2006-01-11 at 06:19 -0800, Chris Lonvick wrote:
Hi,
If we can get consensus that an in-packet authentication mechanism like
this is sufficient to meet our threat model, then we can decide if the
shared secret is sufficient (the REQUIRED mechanism), and/or if we want to
RECOMMEND a
Hi,
I forgot to address the use of SSH for authentication. The isms WG is
trying to use SSH to provide security for SNMPv3. This can be done by
having the devices authenticate by having a username and credential
(password, public key, etc.). Again, this sounds to me like it's getting
: [Syslog] Re: Threat model and charter
On Wed, 2006-01-11 at 06:29 -0800, Chris Lonvick wrote:
Hi,
I forgot to address the use of SSH for authentication. The
isms WG is
trying to use SSH to provide security for SNMPv3. This can
be done by
having the devices authenticate by having
I'm concerned that your analysis seems to be based on what is easy to
implement.
Well, I have to admit that in the world of syslog people vote with their
feet. If it is not easy to implement (better said: deploy), the majority
will not deploy it. Maybe I have a false impression, but I think I
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
I'm concerned that your analysis seems to be based on what is
easy to implement.
Rainer Well, I have to admit that in the world of syslog people
Rainer vote with their feet. If it is not easy to implement
Rainer (better
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
Rainer I now understand. But wouldn't it then make sense to
Rainer create a separate document for it? I have the feeling that
Rainer would focus us better than when the discussion is split
Rainer among different
On Wed, 2006-01-11 at 13:09 -0500, Sam Hartman wrote:
Rainer == Rainer Gerhards [EMAIL PROTECTED] writes:
You can certainly do this.
It's even a reasonable solution if:
1) The people who need integrity are willing to deploy some sort of
credential to the senders. (This is more or less
18 matches
Mail list logo