Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Polk COMMENT
Chris Lonvick <clonvick@cisco.com> Wed, 09 June 2010 02:25 UTC
Return-Path: <clonvick@cisco.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C1613A6851 for <syslog@core3.amsl.com>; Tue, 8 Jun 2010 19:25:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.621
X-Spam-Level:
X-Spam-Status: No, score=-9.621 tagged_above=-999 required=5 tests=[AWL=0.378, BAYES_00=-2.599, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bkcj9oS2uWbU for <syslog@core3.amsl.com>; Tue, 8 Jun 2010 19:25:58 -0700 (PDT)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 09A583A67B2 for <syslog@ietf.org>; Tue, 8 Jun 2010 19:25:58 -0700 (PDT)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAFuYDkyrRN+K/2dsb2JhbACeRHGlLZl8hRYEg0c
X-IronPort-AV: E=Sophos;i="4.53,387,1272844800"; d="scan'208";a="209162915"
Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-5.cisco.com with ESMTP; 09 Jun 2010 02:25:59 +0000
Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-4.cisco.com (8.13.8/8.14.3) with ESMTP id o592Pxcn028706; Wed, 9 Jun 2010 02:25:59 GMT
Date: Tue, 08 Jun 2010 19:25:59 -0700
From: Chris Lonvick <clonvick@cisco.com>
To: Sean Turner <turners@ieca.com>
In-Reply-To: <4C0EABB8.30306@ieca.com>
Message-ID: <Pine.GSO.4.63.1006081909390.17237@sjc-cde-011.cisco.com>
References: <Pine.GSO.4.63.1006070801470.27400@sjc-cde-011.cisco.com> <01d401cb06e9$0227cae0$4001a8c0@gateway.2wire.net> <4C0EABB8.30306@ieca.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: syslog@ietf.org
Subject: Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Polk COMMENT
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2010 02:25:59 -0000
Hi,
inline
On Tue, 8 Jun 2010, Sean Turner wrote:
> t.petch wrote:
>> I see two separate issues here, trust anchor and mandatory encryption, and
<some elided>
> Tom,
>
> Ah see I'm not sure Tim was thinking along these line. I suspect Tim is
> thinking is here's yet another protocol saying we're going to use TLS/DTLS
> and they're not saying anything about the interesting things that can happen
> with TLS/DTLS (e.g., negotiating NULL confidentiality algorithms). If the WG
> isn't always using DTLS for confidentiality, then Section 4 needs to say
> that. Maybe adding something like the following before the note:
>
> However, confidentiality is not always required for syslog over DTLS because
> [insert reason here].
..because section 8.8. (Message Observation) in RFC 5424 says:
vvvv
While there are no strict guidelines pertaining to the MSG format,
most syslog messages are generated in human-readable form with the
assumption that capable administrators should be able to read them
and understand their meaning. The syslog protocol does not have
mechanisms to provide confidentiality for the messages in transit.
In most cases, passing clear-text messages is a benefit to the
operations staff if they are sniffing the packets from the wire. The
operations staff may be able to read the messages and associate them
with other events seen from other packets crossing the wire to track
down and correct problems. Unfortunately, an attacker may also be
able to observe the human-readable contents of syslog messages. The
attacker may then use the knowledge gained from those messages to
compromise a machine or do other damage.
Operators are advised to use a secure transport mapping to avoid this
problem.
^^^^
>
> I think you'll need to add some text that says if confidentiality is
> required, the NULL cipher suites MUST NOT negotiate NULL encryption ciphers.
>
> I'm hoping that we can keep the part about MUST NOT support NULL integrity
> and authentication algorithms in Section 5.3. But, add a new last sentence
> that says something like:
>
> When confidentiality is provided by [insert mechanism here], then NULL
> encryption algorithms MAY be negotiated.
Let's change that to:
When confidentiality is desired but without the overhead of using DTLS
encryption, then it may be provided by provisioning a physically
secured network. In that case the NULL encryption algorithm may be
negotiated.
Does that work?
<some more elided for brevity>
That may take care of 9 and 9A. What about 9B?
>> > ===============================================
>> > Issue 9B -
>> > Sean also suggests:
>> > #6) Section 9. Tim pointed out that because this I-D relies on
>> > self-signed certificates it needs to say something about certificates
>> > (I looked in DTLS/TLS and they don't point to 5280), keeping the
>> > private key private, generating good random #s, and taking care when
>> > installing trust anchors. Most of this is in RFC 5280 so if we add it
>> > to the first line of the security considerations we're good except for
>> > the make a good private key and installing the trust anchor.
>> > Suggested text below:
>> >
>> > OLD:
>> >
>> > The security considerations in [RFC5425], [RFC5246] and [RFC4347]
>> > apply to this document.
>> >
>> > NEW (yes I reordered them so Alfred won't complain later):
>> >
>> > The security considerations in [RFC4347], [RFC5246], [RFC5425], and
>> > [RFC5280] apply to this document.
>> >
>> > and we should add two new paragraphs:
>> >
>> > 9.2 Private Key Generation
>> >
>> > Transport receiver and transport sender implementations
>> > generate their own key pairs. An inadequate random number
>> > generator (RNG) or an inadequate pseudo-random number generator
>> > (PRNG) to generate these keys can result in little or no security.
>> > See [RFC4086] for random number generation guidance.
>> >
>> > 9.3 Trust Anchor Installation and Storage
>> >
>> > Trust anchor installation and storage is critical. Transmission of
>> > a trust anchor, especially self-signed certificates used as trust
>> > anchors, from transport receiver to transport sender for
>> > installation requires an out-of-band step(s). Care must be taken to
>> > ensure the installed trust anchor is in fact the correct trust
>> > anchor. The fingerprint mechanism in Section 5.3.1 can be
>> > used by the transport sender to ensure the transport receiver's
>> > self-signed certificate is properly installed. Trust anchor
>> > information must be securely stored. Changes to trust anchor
>> > information can cause acceptance of certificates that should
>> > be rejected.
>> >
>> >
>> > ACTION: I'm also going to ask for more discussion on this.
Thanks,
Chris
- [Syslog] Issue 9, 9a, and 9b - from a Tim Polk CO… Chris Lonvick
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… t.petch
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… Sean Turner
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… Chris Lonvick
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… robert.horn
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… t.petch