Re: [savi] SAVI FCFS & Logging
Jean-Michel Combes <jeanmichel.combes@gmail.com> Thu, 31 March 2011 00:16 UTC
Return-Path: <jeanmichel.combes@gmail.com>
X-Original-To: savi@core3.amsl.com
Delivered-To: savi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A567728C1B7 for <savi@core3.amsl.com>; Wed, 30 Mar 2011 17:16:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.217
X-Spam-Level:
X-Spam-Status: No, score=-103.217 tagged_above=-999 required=5 tests=[AWL=0.382, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cXH0-zw-6bT2 for <savi@core3.amsl.com>; Wed, 30 Mar 2011 17:16:26 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 7405528C0FD for <savi@ietf.org>; Wed, 30 Mar 2011 17:16:26 -0700 (PDT)
Received: by wyb29 with SMTP id 29so1760458wyb.31 for <savi@ietf.org>; Wed, 30 Mar 2011 17:18:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=jr+ytZT+XlirfskQZwjRpjPdmVczfhwUJte75MrweK4=; b=ueqqXw4yG10Z/BLlXfXdDpyrLsbHE6vS4vXy02N5/PHIOlQliZwrIrgkQ6XEk0aM71 6soyTI1Va7ryQrZdwcZJ3osXvMjVGl0//9NHGbzCSDnZ5s8xvw5gAvczPHnFj0fI0oy7 LdYEObTnX4vYVc+AozBISd89JOXFBjXj5Wzok=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=EXertSYk1UsWPGJpUgYGDgm8h+Mnhayrql3muridgI8XUxcvDZueq4glPpMMNMLTCy sSQbc+q6UZcQq86VP//ulyWd4I067a4xmvHWj+nkY86Tv3mCKAVvI8FqaJkAl4796hEK y8Up52EL8+pCvV2FJHfDsUCAaqbDwQCad8RSQ=
MIME-Version: 1.0
Received: by 10.216.245.11 with SMTP id n11mr1308787wer.108.1301530684598; Wed, 30 Mar 2011 17:18:04 -0700 (PDT)
Received: by 10.216.153.200 with HTTP; Wed, 30 Mar 2011 17:18:04 -0700 (PDT)
In-Reply-To: <4D7268E9.8000202@joelhalpern.com>
References: <4D71CDE6.1000707@joelhalpern.com> <4D71FF5A.8040800@it.uc3m.es> <4D7268E9.8000202@joelhalpern.com>
Date: Thu, 31 Mar 2011 02:18:04 +0200
Message-ID: <AANLkTi=79g_vshPChSQaQ=AEfY=tjtsLK4qWc8UKv-kQ@mail.gmail.com>
From: Jean-Michel Combes <jeanmichel.combes@gmail.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: draft-ietf-savi-fcfs@tools.ietf.org, SAVI Mailing List <savi@ietf.org>
Subject: Re: [savi] SAVI FCFS & Logging
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2011 00:16:27 -0000
Hi, I am in favor of the addition of such a text: logging could clearly help. Now, I would like to have feedback from the WG and especially from people implementing SAVI to know if logging could be easily implementing (i.e. with no expensive extra-cost): that would determine whether make that normative or not. Best regards. JMC. 2011/3/5 Joel M. Halpern <jmh@joelhalpern.com>: > I asked the SAVI FCFS the question below. In response they quite reasonably > asked that I provide text. Following the note excerpt is the suggestion on > placement and text. THe text could include a reference to the savi threats > document. I was not sure if that would be helpful, so I left it out. Also, > as logging is basically an internal activity, I have written this suggestion > as non-normative text. > >> El 05/03/11 6:45, Joel M. Halpern escribió: >>> >>> Looking at the traceability issues we raise in the threats document, >>> and looking at the uses I see people wanting to make of SAVI for >>> SLAAC, should we put some descriptive (not normative) text into SAVI >>> FCFS that talks about loggin? >>> >>> I wanted to check with you folks directly before raising this on the >>> list. >>> >>> Thank you, >>> Joel > > I would suggest adding a section between 2.4 and 2.5 (i.e., it would be 2.5, > and the current 2.5 SAVI enforcement perimeter would become 2.6.) > --------- > 2.x SAVI Logging > > While the primary goal of SAVI is simply to prevent improper use of IP > addresses, a secondary goal is to assist in traceability for determining who > an imp-roper actor is. For example, if a remote site reports that a DoS (or > component of a DDoS) is coming from the SAVI site, SAVI enforcement can be a > useful component in a response. > > In order to support these and other similar activities, it is a good idea if > SAVI devices perform logging of the creation, modification, or removal of > address bindings. Any protocol support, such as SYSLOG support for sending > those logs to a common server, would be a topic for a future separate > document. > ----- > If instead we want to make that normative, we could put a SHOULD in and put > this in section 3.2.6 instead. > > In addition, it would seem useful to add a short paragraph in the security > considerations section. (If Denial of service attacks and Residual threats > were 4.1 and 4.2, then I would would att this as 4.3 Security Logging) > ------------- > In order to improve the integration of SAVI into an overall security > environment, and enable response to additional indirect security issues > which SAVI can help ameliorate, it is helpful if SAVI systems log the > creation, modification, and deletion of binding entries. > --------- > I realize this basically duplicates the 2.x text. I think it deserves > mention in the security considerations, because it is a security > consideration. But I don't think that should be the first occurrence. > If the duplication is bothersome, then just use the 2.x text. > > Thank you, > Joel > _______________________________________________ > savi mailing list > savi@ietf.org > https://www.ietf.org/mailman/listinfo/savi >
- Re: [savi] SAVI FCFS & Logging Joel M. Halpern
- Re: [savi] SAVI FCFS & Logging Jean-Michel Combes
- Re: [savi] SAVI FCFS & Logging Eric Levy-Abegnoli
- Re: [savi] SAVI FCFS & Logging Jean-Michel Combes