Re: [Syslog] syslog/tls policies and use cases
"Rainer Gerhards" <rgerhards@hq.adiscon.com> Wed, 14 May 2008 18:49 UTC
Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 177CC3A6842; Wed, 14 May 2008 11:49:25 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CAFC83A6811; Wed, 14 May 2008 11:49:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.323
X-Spam-Level:
X-Spam-Status: No, score=-2.323 tagged_above=-999 required=5 tests=[AWL=-0.277, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aE3TxEtj3+Iq; Wed, 14 May 2008 11:49:21 -0700 (PDT)
Received: from mail.hq.adiscon.com (p50989a7c.dip0.t-ipconnect.de [80.152.154.124]) by core3.amsl.com (Postfix) with ESMTP id 1C26C3A6781; Wed, 14 May 2008 11:49:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.hq.adiscon.com (Postfix) with ESMTP id 534509C793; Wed, 14 May 2008 22:05:17 +0200 (CEST)
Received: from mail.hq.adiscon.com ([127.0.0.1]) by localhost (mail.grf.adiscon.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06201-07; Wed, 14 May 2008 22:05:12 +0200 (CEST)
Received: from grfint2.intern.adiscon.com (grfint2 [172.19.0.6]) by mail.hq.adiscon.com (Postfix) with ESMTP id D0D5D9C782; Wed, 14 May 2008 22:05:12 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 14 May 2008 20:48:25 +0200
Message-ID: <577465F99B41C842AAFBE9ED71E70ABA308FEE@grfint2.intern.adiscon.com>
In-Reply-To: <OF7C9111FB.819044A8-ON85257449.00658DFB-85257449.0065B3FA@agfa.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] syslog/tls policies and use cases
Thread-Index: Aci18kSZ3ouQWWI4Rb2k744CxsivGgAACtfw
References: <577465F99B41C842AAFBE9ED71E70ABA308FE7@grfint2.intern.adiscon.com> <OF7C9111FB.819044A8-ON85257449.00658DFB-85257449.0065B3FA@agfa.com>
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: robert.horn@agfa.com
X-Virus-Scanned: by amavisd-new-2.3.3 (20050822) (Debian) at adiscon.com
Cc: syslog@ietf.org, syslog-bounces@ietf.org
Subject: Re: [Syslog] syslog/tls policies and use cases
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org
> > > So I go buy a Linksys or Netgear router or other consumer gear. > > > I slip the CD into the drive and run software to install the > > > management GUI on my PC. > > > That software is used to perform an initial configuration of the > > > device, such as enabling DHCP, setting WEP keys, and so on. > > > This same software can presumably generate a key and "copy the > > > fingerprint" to the device, right? > > > Clueless operator needs not be involved. The Internet is secure. > > > > > > right? > > > > Mostly ;) What the clueless user still needs to do is > > > > 1) copy the server's fingerprint to the client > > 2) configure the server to accept the client's fingerprint > > > [Robert] > Another minor correction. The dumb gear sends its certificate to the > server, and gets its certificate from the server. (I would > suggest by a > reasonably secure means, such as https.) You then use the > fingerprints to > make sure that the right certificates were copied. > > R Horn [Rainer] But that, of course, requires that we specify a protocol for certificate/fingerprint exchange. The current draft does not provide this. And, to be honest, I find that is way too much "just" to get TLS protected syslog... If we do not specify a protocol for certificate copying, I can not envison how the low end device will copy certificates to e.g. syslog-ng, MonitorWare, Kiwi, rsyslog, msyslog, WinSyslog, ... They all have quite different concepts. So my conlusion is that the operator must do it - at least for the forseable future... Even if the copy *could* happen (and it can't), you still need a GUI frontend for the syslog to display and accept it. Such a GUI is uncommon for *nix syslogds. Rainer > > > Rainer > > > > > > David Harrington > > > dbharrington@comcast.net > > > ietfdbh@comcast.net > > > dharrington@huawei.com > > > > > > > > > > > > _______________________________________________ > > > Syslog mailing list > > > Syslog@ietf.org > > > https://www.ietf.org/mailman/listinfo/syslog > > _______________________________________________ > > Syslog mailing list > > Syslog@ietf.org > > https://www.ietf.org/mailman/listinfo/syslog > > _______________________________________________ Syslog mailing list Syslog@ietf.org https://www.ietf.org/mailman/listinfo/syslog
- Re: [Syslog] syslog/tls policies and use cases David Harrington
- Re: [Syslog] syslog/tls policies and use cases Rainer Gerhards
- Re: [Syslog] syslog/tls policies and use cases robert.horn
- Re: [Syslog] syslog/tls policies and use cases Rainer Gerhards
- Re: [Syslog] syslog/tls policies and use cases robert.horn
- Re: [Syslog] syslog/tls policies and use cases tom.petch