Hi. Can you explain what actions on a part of an attacker are prevented in terms of attacks on message integrity without authenticating the source of the message?
In general, the security community is very suspicious of mechanisms that provide integrity without authentication. If you are going to propose such a mechanism then you need to explain why it is appropriate in your environment. In effect, in terms of integrity, it sounds like you say that it is important for a sender to know that the message has been transported to the receiver unmodified. However since the receiver does not know who is sending it the message, the receiver cannot know anything about the integrity of the message. It may be a bit more complicated than that. If the message contains confidential information that an attacker could not have generated then the receiver may actually know that the message is unmodified without knowing who generated it. However it seems like your proposal does not protect against a number of attacks. In particular, an attacker can generate messages appearing to come from any source and containing content of the attacker's choosing. This combined with the ability to suppress messages sounds like enough to get around any message integrity you might have. Also, I'd reword the charter bullet regarding the secure transport. You want a bullet claiming that you will write a document describing a secure transport. Actually requiring the secure transport be implemented happens in the protocol document. As a result, you cannot submit syslog-protocol to the IESG until this transport document is written. It might be possible for the protocol document not to discuss mandatory transports at all and for there to be a later applicability statement for syslog requiring protocol, the secure transport and UDP. RFC 2026 does allow that structure but I don't know of any WG who has actually done things that way. --Sam _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog