Your message Subject: RE: IPSEC usage to protect syslog was not delivered to: [EMAIL PROTECTED] because: Error delivering to SDBO5825/MAIL/DMG UK/DEUBA dmgit/FLEMRI.NSF; File does not exist
Reporting-MTA: x-local-hostname; DEUBAINT Final-Recipient: rfc822;[EMAIL PROTECTED] Action: failed Status: 5.0.0 Diagnostic-Code: X-Notes;Error delivering to SDBO5825/MAIL/DMG UK/DEUBA dmgit/FLEMRI.NSF; File does not exist
Hi Steven, While I agree that common approaches are usually good, the concept sometimes breaks down upon implementation. This is especially true if there are not enough similarities between the concepts. As I wrote to you earlier, the services provided by IPsec may not be applicable to the trust model for the deployment of syslog. IPsec only provides strong bi-directional device authentication. It may be desirable to provide single-sided device authentication for the easy deployment of syslog. If that is so, then something like TLS with the message-generator presenting a null certificate may be more appropriate. The message-receiver could present a fully signed certificate to provide assurance to the message- generator that it is indeed the intended recipient. In this way, a syslog server could be turned up with a signed certificate while the syslog message generators may be turned up much more easily without having to generate and sign certificates for each of them. On the other hand, both sides may have authoritatively signed certificates to provide strong bi-directional device authentication if that meets the network security policy. As you note, this has not yet been discussed in the Syslog Working Group. I would encourage this discussion to take place on the mailing list there but I don't think that we need that to spill over to the SNMPv3 or S-BGP lists. When we define our trust model then we should look to see what work has been done. I will also say that the similarities between the goals of the Syslog Working Group and those of the Intrusion Detection Working Group are much more similar. Again, once we discuss our model, then we can see if the Intrusion Alert Protocol will work for the conveyance of syslog messages. Also, as I've mentioned before, using BEEP as a transport may also offer some benefits that we may want to discuss in the syslog mailing list. Thanks, Chris (I've changed my "reply to:" address to be the mailing list for the Syslog Working Group. If you wish to reply directly to me, please address email to [EMAIL PROTECTED] .) At 10:20 AM 8/22/00 +0100, Waters, Stephen wrote: >Having exchanged a few mails in the secure-BGP, SNMPv3 and syslog mailing >lists recently, I would be interested in seeing a 'common' approach where >possible. ---remainder deleted for brevity--- -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.