I agree with Balazs suggestion and his reasoning. Rainer
> -----Original Message----- > From: Balazs Scheidler [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 10, 2006 10:52 AM > To: Rainer Gerhards > Cc: [EMAIL PROTECTED] > Subject: RE: [Syslog] Charter comments from IESG Review > > On Mon, 2006-01-09 at 09:08 +0100, Rainer Gerhards wrote: > > > Of course, a threat model should also be developed, but > please keep in > > mind that anything other than signatures breaks what this > WG has fought > > for since Vancouver. > > > > syslog-protocol should be finished (I hope we are there > soon) as well as > > syslog-transport-udp. Then, these both should be taken to a rest and > > syslog-sign be modified in the sense of -transport and > being worked on. > > I think this can probably done quickly, because -sign is > almost complete > > and just needs to be modified to take advantage of -protocol. > > > > To be honest, though, I have to admit that I expect many of > the upcoming > > implementations to violate syslog-protocol by just implementing > > -protocol and -transport-udp, but not -sign. But that's probably not > > something to care about... > > I know that some other mails discussed the same topic and a > misunderstanding has already been resolved about whether to support > transport-udp or not. > > I would say that addressing the security concerns at the > transport level > is way easier management and implementation wise than implementing > syslog-sign. And in addition they address a different problem: > > 1) transport level implements security mechanisms on a per hop-by-hop > basis, the message itself is not authenticated, each of the relay > stations can modify the message > > 2) syslog-sign implements per-message, end-to-end > authenticity where the > relay hosts cannot modify messages as they are individually signed by > their origin. > > So I'd go with using TLS/DTLS on the transport first and then possibly > adapting syslog-sign when the transport issues are resolved. > > -- > Bazsi > > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
