Sam, The following paragraphs are on how well different authentications address the security threats for syslog. Masquerade, modification and disclosure are identified in the draft as primary threats and message stream modification as secondary threat.
Mutual Authentication: Masquerade: fully addressed Modification: fully addressed Disclosure: fully addressed Message Stream Modification: fully addressed Server Authenticaiton Only: Masquerade: partly addressed, the client is left without being authenticated Modification: fully addressed Disclosure: fully addressed Message Stream Modification: fully addressed No Authentication: Masquerade: not addessed Modification: not well addressed because of MITM Disclosure: not well addressed because of MITM Message Stream Modification: not well addressed because of MITM Thanks, Miao > -----Original Message----- > From: Sam Hartman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 31, 2007 5:37 PM > To: Miao Fuyou > Cc: [EMAIL PROTECTED] > Subject: Re: [Syslog] AD Review for draft-ietf-syslog-transport-tls > > > I'll get back to you on the generic certificates issue. For > now, I recommend you read RFC 4107. Also note that each > device needs a unique MAC address so the manufacturing > process tends to have a step for making a device unique. > > > > So, it sounds like all forms of authentication are optional > in this spec. > > You need a clear table describing what attacks are protected > against given each authentication choice. > > > Wording that table so that man-in-the-middle issues are dealt > with correctly and it is still informative will be tricky. > > --Sam > > _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog