Re: [Syslog] Document shepherd report of AD concerns
robert.horn@agfa.com Fri, 16 May 2008 16:57 UTC
Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 855C93A680C; Fri, 16 May 2008 09:57:57 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 95FC63A680C; Fri, 16 May 2008 09:57:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PRndrDI2EVnf; Fri, 16 May 2008 09:57:55 -0700 (PDT)
Received: from mornm01-out.agfa.com (mornm01-out.agfa.com [134.54.1.75]) by core3.amsl.com (Postfix) with ESMTP id 9C5EA3A67A1; Fri, 16 May 2008 09:57:53 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.27,498,1204498800"; d="scan'208";a="45718421"
Received: from morswa037.agfa.be (HELO morswa037.be.local) ([10.232.220.21]) by mornm01-out.agfa.com with ESMTP; 16 May 2008 18:57:46 +0200
In-Reply-To: <030101c8b762$75f61a40$0601a8c0@allison>
To: "tom.petch" <cfinss@dial.pipex.com>
MIME-Version: 1.0
Message-ID: <OF52AAC207.4C0FE54D-ON8525744B.005AA24A-8525744B.005D28CC@agfa.com>
From: robert.horn@agfa.com
Date: Fri, 16 May 2008 12:57:31 -0400
Cc: syslog <syslog@ietf.org>, syslog-bounces@ietf.org
Subject: Re: [Syslog] Document shepherd report of AD concerns
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org
>[tom.petch] > <rant> > Fundamentally, someone else should be doing this, a policies in > security working > group, perhaps a spinoff from pkix or tls (which I know ekr will reject out of > hand:-). We are the wrong people, IMO, to be proposing resolutions to such > questions; it should be being done for us by those whose primary role is > security, not network management. > </rant> > I wasn't part of that group, but I am part of the policy world. It makes sense for the syslog group to jointly with some policy people propose that "this is a reasonable risk analysis for the use cases that drive our protocol". The purpose of this risk analysis is the derivation of the underlying protocol requirements. But then, it is just the protocol requirements that remain normative. The risk analysis lives on for reviewers, so that they have context, and for future users so that they can assess whether their real world implementation risks are significantly different. If the real world is different, it just means that you need to re-assess whether syslog-tls will meet your needs, will need some extra mitigations, or whatever. This keeps the policy and risk assessment portion non-normative. So when I review something like this for policy I want to see the analysis, but not see it become normative. Real normative policy work does not belong in SDOs at all. It belongs in legislatures, regulatory groups, and business management. I've seen far too many efforts (past and present) where people attempt to use SDOs to bypass the public political process. They think that making it standard lets them bypass the ugly and difficult problems of dealing with the parliamentary process. It doesn't work. It just means that the standards become inconsistent with laws and regulations. That means that implementations become inconsistent. The SDO policy thought needs to reflect instead the consideration "what are the range of potential policies that will apply" and make sure that the protocol is able to support the bulk of those policies. The extra from the IESG seems to be that there be some reasonable baseline policy that is a reasonable subset of the bulk of the policies, and mandate that at least that much be supported. That's where I end up with the basic notion of having the various certificate stores, some sort of certificate store management, and protocol enforcement of certificate verification. That leaves a baseline mandatory policy assumption that there will be bidirectional certificate verification within the protocol. All the rest of policy becomes the rules around certificate stores and store management. Those don't belong in syslog standard beyond the requirement that they exist somehow. Yes, I wish there were more agreement on the policies and the resulting needs for stores and store management. I can see syslog contributing it's use cases and examples to those needs. I don't see it incorporating them into the standard, or being the right group to define them. I would not divorce the policy work completely. Most of the security policy work in SDOs has been dealing with human identity management for various authentication and authorization purposes. That is a very different application than syslog. Those use cases do not map well onto the automated machine logging application. R Horn _______________________________________________ Syslog mailing list Syslog@ietf.org https://www.ietf.org/mailman/listinfo/syslog
- [Syslog] Document shepherd report of AD concerns David Harrington
- Re: [Syslog] Document shepherd report of AD conce… Pasi.Eronen
- Re: [Syslog] Document shepherd report of AD conce… Rainer Gerhards
- [Syslog] Terminology was Re: Document shepherd re… tom.petch
- Re: [Syslog] Document shepherd report of AD conce… tom.petch
- Re: [Syslog] Document shepherd report of AD conce… robert.horn
- [Syslog] MUST is for implementers, not users. David Harrington
- Re: [Syslog] Document shepherd report of AD conce… Pasi.Eronen
- Re: [Syslog] Document shepherd report of AD conce… Pasi.Eronen