>>>>> "Rainer" == Rainer Gerhards <[EMAIL PROTECTED]> writes:
Rainer> Hi Sam & WG, I understand the reasoning behind requiring a
Rainer> security mechanism. I just want to remind everyone that a
Rainer> major drawback in Vancouver was that we had lost some
Rainer> backwards-compatibility to existing syslog
Rainer> implementations.
Rainer> The weeks after Vancouver we worked hard to find a minimum
Rainer> consensus on how we could provide the needed backwards
Rainer> compatibility.
Rainer> When we mandate a security mechanism, we must be very
Rainer> careful not to invalidate all these attempts.
Agreed.
Rainer> Why? Simply
Rainer> because any transport-layer requirement (DTSL, SSL, SSH,
Rainer> whatever) would NOT be compatible with currently existing
Rainer> syslog implementations. So due to this requirement, we can
Rainer> not create a backwards-compatible spec (not even in the
Rainer> sense that existing receivers can put messages in the
Rainer> right bins).
Let's be clear about what backward compatibility we're looking for.
Do we require that new senders be able to be configured to talk to old
receivers? Or do we require that old receivers be able to put any
message from a new sender into the right place?
In particular what you're seeming to say implies that we cannot define
new transports because doing so would be backward incompatible. I
don't think that is what we said.
If we do define a new transport, presumably both UDP and the secure
transport would be mandatory to implement.
Rainer> So in my point of view the only option is to
Rainer> use structured-data embedded signatures. As they do not
Rainer> modify the message format AND work over UDP, they allow
Rainer> old receivers to receive messages and put them into the
Rainer> right bins while new receivers can enjoy their benefits.
This is a valid approach. This means delaying protocol until
syslog-sign is ready. Note that Russ, Bill Fenner and I have serious
questions about syslog-sign because it does not reuse CMS, OpenPGP or
some other format. We would need these questions answered before it
could go forward in its current form.
You would also need to make syslog-sign mandatory to implement and
would need to believe that people wern't going to just ignore that.
Rainer> In my point of view, anything further (like required
Rainer> confidentiality) conflicts with the
Rainer> backwards-compatibility approach and thus with the rest of
Rainer> the new charter.
I'm going to ask you to do the analysis in terms of what is required
from a security standpoint. If that analysis ends up being
incompatible with backward compatibility requirements, then we'll have
to evaluate tradeoffs. However if there is a solution compatible both
ith security and backward compatibility, that's better.
--Sam
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
