Hi Sam,
On Thu, 5 Jan 2006, Sam Hartman wrote:
Hi. The IESg reviewed the proposed syslog charter at today's telechat
and decided that it requires revision. The main concern seems to be
the lack of a mandatory to implement security mechanism. I indicated
this might be the case in the Vancouver meeting.
so, you definitely need to have some sort of mandatory to implement
security mechanism. I'm not quite sure what needs to be said about
this in the charter.
But the working group will need to:
1) Identify a threat model for syslog
Is Section 8 in draft-ietf-syslog-protocol-16.txt sufficient?
Alternatively, Section 6 in RFC 3164 is fairly comprehensive.
2) Define mechanisms to address these threats.
So, questions for the threat model include things like whether
confidentiality is important or whether integrity of mesages is
sufficient.
Depending on the threat model here are some possible solutions:
1) Require some transport like syslog over TLS|DTLS be implemented.
RFC 3195 requires the use of RFC 3080 which requires TLS.
2) Require that all senders implement signatures stored in structured
data as an option.
That's likely addressed through syslog-sign.
I don't think you need to commit to one of these options now.
However, you do need to reflect the security issues in the charter.
The questions for you:
- Do we need to produce a threat model in a new document?
- Can we state that the threats will be addresses in syslog-sign and
3195bis? I will also note that there is a group of implementors who have
already done syslog/tls. I suspect they would like to codify this in a
standard and that may also address the threats.
Thanks,
Chris
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
