>>>>> "Rainer" == Rainer Gerhards <[EMAIL PROTECTED]> writes:
Rainer> Hi Sam & WG, I understand the reasoning behind requiring a Rainer> security mechanism. I just want to remind everyone that a Rainer> major drawback in Vancouver was that we had lost some Rainer> backwards-compatibility to existing syslog Rainer> implementations. Rainer> The weeks after Vancouver we worked hard to find a minimum Rainer> consensus on how we could provide the needed backwards Rainer> compatibility. Rainer> When we mandate a security mechanism, we must be very Rainer> careful not to invalidate all these attempts. Agreed. Rainer> Why? Simply Rainer> because any transport-layer requirement (DTSL, SSL, SSH, Rainer> whatever) would NOT be compatible with currently existing Rainer> syslog implementations. So due to this requirement, we can Rainer> not create a backwards-compatible spec (not even in the Rainer> sense that existing receivers can put messages in the Rainer> right bins). Let's be clear about what backward compatibility we're looking for. Do we require that new senders be able to be configured to talk to old receivers? Or do we require that old receivers be able to put any message from a new sender into the right place? In particular what you're seeming to say implies that we cannot define new transports because doing so would be backward incompatible. I don't think that is what we said. If we do define a new transport, presumably both UDP and the secure transport would be mandatory to implement. Rainer> So in my point of view the only option is to Rainer> use structured-data embedded signatures. As they do not Rainer> modify the message format AND work over UDP, they allow Rainer> old receivers to receive messages and put them into the Rainer> right bins while new receivers can enjoy their benefits. This is a valid approach. This means delaying protocol until syslog-sign is ready. Note that Russ, Bill Fenner and I have serious questions about syslog-sign because it does not reuse CMS, OpenPGP or some other format. We would need these questions answered before it could go forward in its current form. You would also need to make syslog-sign mandatory to implement and would need to believe that people wern't going to just ignore that. Rainer> In my point of view, anything further (like required Rainer> confidentiality) conflicts with the Rainer> backwards-compatibility approach and thus with the rest of Rainer> the new charter. I'm going to ask you to do the analysis in terms of what is required from a security standpoint. If that analysis ends up being incompatible with backward compatibility requirements, then we'll have to evaluate tradeoffs. However if there is a solution compatible both ith security and backward compatibility, that's better. --Sam _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog