Re: [Syslog] I-D Action:draft-ietf-syslog-transport-tls-12.txt
"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Mon, 12 May 2008 22:17 UTC
Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C57DA28C28A; Mon, 12 May 2008 15:17:00 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F04E53A67B7 for <syslog@core3.amsl.com>; Mon, 12 May 2008 15:16:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.479
X-Spam-Level:
X-Spam-Status: No, score=-6.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJDKWzYB3jf9 for <syslog@core3.amsl.com>; Mon, 12 May 2008 15:16:57 -0700 (PDT)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id CDD913A6767 for <syslog@ietf.org>; Mon, 12 May 2008 15:16:57 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.27,475,1204531200"; d="scan'208";a="67056691"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-3.cisco.com with ESMTP; 12 May 2008 15:16:56 -0700
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m4CMGuvY001855; Mon, 12 May 2008 15:16:56 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m4CMGtKB012753; Mon, 12 May 2008 22:16:55 GMT
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 12 May 2008 15:16:55 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 12 May 2008 15:17:44 -0700
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE505C95BEA@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA308FC3@grfint2.intern.adiscon.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] I-D Action:draft-ietf-syslog-transport-tls-12.txt
Thread-Index: AcixJ3ChaVnUq5oITfGwAnnHJ7WqPwAfO5owABfCe0AAmYDUoAAETG6A
References: <20080507150001.D3CB428C65B@core3.amsl.com> <OF13490747.F0126D34-ON85257443.00540976-85257443.00574A09@agfa.com> <577465F99B41C842AAFBE9ED71E70ABA308FB3@grfint2.intern.adiscon.com> <AC1CFD94F59A264488DC2BEC3E890DE505C95869@xmb-sjc-225.amer.cisco.com> <577465F99B41C842AAFBE9ED71E70ABA308FC3@grfint2.intern.adiscon.com>
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: Rainer Gerhards <rgerhards@hq.adiscon.com>, robert.horn@agfa.com, syslog@ietf.org
X-OriginalArrivalTime: 12 May 2008 22:16:55.0821 (UTC) FILETIME=[E358ABD0:01C8B47D]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=3310; t=1210630616; x=1211494616; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey@ci sco.com> |Subject:=20RE=3A=20[Syslog]=20I-D=20Action=3Adraft-ietf-sy slog-transport-tls-12.txt |Sender:=20; bh=X7Pmc/EDLvOueQWF/ObFjqEipm2JI5xjWz67CwpGB1Q=; b=a29uOUFHIHHZ4NWHgYJJdl1l5o0d3u3eDW1BU4E/PzG91aEx8V82cHoPkD K3PqtuikGhK/KFSC3CJaHZjWQplE++FQY7XB5g1MZUQjpvJ6g7cKAI7EcRMR VZJ895zHyRicv3AbTk9ydPv5okfoNtgQyoIFeQrO5gm8QxX0mTFAk=;
Authentication-Results: sj-dkim-1; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Subject: Re: [Syslog] I-D Action:draft-ietf-syslog-transport-tls-12.txt
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org
Hi Rainer, Comments below: <snip> > > > http://wiki.rsyslog.com/index.php/TLS_for_syslog_use_cases > > > > > > After close consideration, I think the draft currently fails on > > > addressing the two use cases define above properly. > Partly it fails > > > because it is not possible under the current IESG > requirement to be > > > safe by default. We cannot be fully safe by default without > > > configuration, so whatever we specify will fail for the home user. > > > > > > A compromise may be to provide "good enough" security in > the default > > > policy. I see two ways of doing that: one is to NOT address the > > > Masquerade and Modification threats in the default > policy, just the > > > Disclosure threat. That leads us to unauthenticated > syslog being the > > > default (contrary to what is currently implemented) > [Disclosure is > > > addressed in this scenario as long as the client configs are not > > > compromised, which I find sufficiently enough - someone who can > > > compromise the client config can find other ways to get > hold of the > > > syslog message content]. > > > > > [Joe] If you don't address the relevant threats I'm not > sure you can > > call security "good enough". > > I can do this because, from a practical perspective, what > most people are concerned with is confidentiallity. Let me > ask a question: how can we say HTTPS is secure? After all, > the HTTPS client is almost never authenticated against the > server. From my practical perspective, HTTPS-like security, > easily enabled by default even for the unskilled user is much > better than "full" security that only exists in theory - > because people turn it off. Security is only as good as the > humans using it... > [Joe] We are not talking about HTTPS we are talking about syslog. What applies to one may not necessarily apply to the other (HTTP provides other ways to authenticate the client etc.). In addition HTTPS authenticates the server in most cases. In any case, I don't think you can claim confidentiality if you do not take care of masquerade or man-in-the-middle as either will result in a breach of confidentiality, you are still vulnerable to active attackers. I believe that implementations need to support mutual authentication and authorization with certificates. The recommended mechanisms for this probably still need some discussion, however I think it is important to provide this capability. I think what is more to the point in the current discussion is what is required by default. I would like to suggest that server authentication, certificate path validation and authorization be required by default, because I without this I don't think any security goals are met. I would also suggest that by default clients should present and authenticate with a certificate, however a server does not necessarily need to perform path validation or authorization, it can just record the certificate (or fingerprint) that carries the public key used in the authentication so it can be validated at a later time. This requires configuration on the client, but not necessarily on the server. _______________________________________________ Syslog mailing list Syslog@ietf.org https://www.ietf.org/mailman/listinfo/syslog
- [Syslog] I-D Action:draft-ietf-syslog-transport-t… Internet-Drafts
- [Syslog] FW: I-D Action:draft-ietf-syslog-transpo… Joseph Salowey (jsalowey)
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… David Harrington
- [Syslog] FW: FW: I-D Action:draft-ietf-syslog-tra… Rainer Gerhards
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… robert.horn
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… Rainer Gerhards
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… Moehrke, John (GE Healthcare)
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… Rainer Gerhards
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… David Harrington
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… Rainer Gerhards
- [Syslog] lower requirements? (Re: I-D Action:draf… Martin Schütte
- [Syslog] why fingerprints? (Re: I-D Action:draft-… Martin Schütte
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… Joseph Salowey (jsalowey)
- Re: [Syslog] why fingerprints? (Re: I-DAction:dra… Joseph Salowey (jsalowey)
- Re: [Syslog] lower requirements? (Re: I-DAction:d… Joseph Salowey (jsalowey)
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… Pasi.Eronen@nokia.com
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… Rainer Gerhards
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… Joseph Salowey (jsalowey)
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… Rainer Gerhards
- Re: [Syslog] I-D Action:draft-ietf-syslog-transpo… tom.petch