Hi Working Group,

I'll pass this along to those people who have already implemented syslog/TLS(SSL). Please be specific about why you did this.

Thanks,
Chris

On Tue, 10 Jan 2006, Sam Hartman wrote:

Hi.

Can you explain what actions on a part of an attacker are prevented in
terms of attacks on message integrity without authenticating the
source of the message?

In general, the security community is very suspicious of mechanisms
that provide integrity without authentication.  If you are going to
propose such a mechanism then you need to explain why it is
appropriate in your environment.

In effect, in terms of integrity, it sounds like you say that it is
important for a sender to know that the message has been transported
to the receiver unmodified.  However since the receiver does not know
who is sending it the message, the receiver cannot know anything about
the integrity of the message.

It may be a bit more complicated than that.  If the message contains
confidential information that an attacker could not have generated
then the receiver may actually know that the message is unmodified
without knowing who generated it.

However it seems like your proposal does not protect against a number
of attacks.  In particular, an attacker can generate messages
appearing to come from any source and containing content of the
attacker's choosing.  This combined with the ability to suppress
messages sounds like enough to get around any message integrity you
might have.


Also, I'd reword the charter bullet regarding the secure transport.
You want a bullet claiming that you will write a document describing a
secure transport.  Actually requiring the secure transport be
implemented happens in the protocol document.  As a result, you cannot
submit syslog-protocol to the IESG until this transport document is
written.  It might be possible for the protocol document not to
discuss mandatory transports at all and for there to be a later
applicability statement for syslog requiring protocol, the secure
transport and UDP.  RFC 2026 does allow that structure but I don't
know of any WG who has actually done things that way.

--Sam


_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog

Reply via email to