[Syslog] Terminology was Re: Document shepherd report of AD concerns
"tom.petch" <cfinss@dial.pipex.com> Fri, 16 May 2008 15:42 UTC
Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ADE0C3A68D2; Fri, 16 May 2008 08:42:44 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 379633A68F5 for <syslog@core3.amsl.com>; Fri, 16 May 2008 08:42:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.544
X-Spam-Level:
X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4hjVX5K2srca for <syslog@core3.amsl.com>; Fri, 16 May 2008 08:42:42 -0700 (PDT)
Received: from mk-outboundfilter-2.mail.uk.tiscali.com (mk-outboundfilter-2.mail.uk.tiscali.com [212.74.114.38]) by core3.amsl.com (Postfix) with ESMTP id 5CFB03A68B2 for <syslog@ietf.org>; Fri, 16 May 2008 08:42:40 -0700 (PDT)
X-Trace: 81705201/mk-outboundfilter-2.mail.uk.tiscali.com/PIPEX/$ACCEPTED/pipex-customers/62.188.143.218
X-SBRS: None
X-RemoteIP: 62.188.143.218
X-IP-MAIL-FROM: cfinss@dial.pipex.com
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: At8EAK5HLUg+vI/a/2dsb2JhbACLWKI6Aw
X-IronPort-AV: E=Sophos;i="4.27,498,1204502400"; d="scan'208";a="81705201"
X-IP-Direction: IN
Received: from 1cust218.tnt14.lnd4.gbr.da.uu.net (HELO allison) ([62.188.143.218]) by smtp.pipex.tiscali.co.uk with SMTP; 16 May 2008 16:42:14 +0100
Message-ID: <030001c8b762$74c05960$0601a8c0@allison>
From: "tom.petch" <cfinss@dial.pipex.com>
To: Pasi.Eronen@nokia.com, ietfdbh@comcast.net, syslog <syslog@ietf.org>
References: <07c101c8b6b5$cd5bcb20$0600a8c0@china.huawei.com> <1696498986EFEC4D9153717DA325CB72A13634@vaebe104.NOE.Nokia.com>
Date: Fri, 16 May 2008 16:37:16 +0200
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Subject: [Syslog] Terminology was Re: Document shepherd report of AD concerns
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "tom.petch" <cfinss@dial.pipex.com>
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org
I think that whatever we say should use consistent terminology. 'Authorization' seems out of place. I am well familiar with it from SNMP and isms, as well as from RFC2828, and think that authentication is enough here, as it is for TLS documents and syslog-protocol. client and transport sender get used interchangeably, which I think impedes understanding. After the initial paranthetic reference to client and server in this section, I think that we should only use transport sender and transport receiver. Tom Petch ----- Original Message ----- From: <Pasi.Eronen@nokia.com> To: <ietfdbh@comcast.net>; <syslog@ietf.org> Sent: Thursday, May 15, 2008 9:35 PM Subject: Re: [Syslog] Document shepherd report of AD concerns > To add to David's email, and Tom's concern that "[we] should only > change what the IESG wants us to to; and that I do not see": > > All the changes in version -12 were done in response to my (and > earlier Sam's) AD review comments. However, based on the recent > discussions, it's clear that the text isn't final yet, and needs > some improvement. > > The intent of 4.2.1/4.2.2 was to specify a minimum level needed for > interoperability, not to prevent deployments for making their own > policy decisions. That minimum level can be pretty small -- and > there's some room for discussing what exactly it should be -- but it > must provide reasonable security for many typical syslog uses (and in > this particular case, having a full-fledged PKI as the only approach > isn't really a credible solution). > > Perhaps we could rephrase the text to make this more clear, and > also explain the motivation for these requirements. Here's a first > shot at that text -- feedback is welcome. > > To prevent disclosure of syslog message contents, the transport > sender (TLS client) has to verify that it is sending the messages > to an authorized transport receiver (TLS server). > > Typically, a client application using TLS achieves this by > performing certification path validation (using previously > configured trust anchors), and comparing the certificate subject > name against the expected server name (or a list of authorized > server names). > > Syslog transport senders MUST support this approach. The minimum > requirements for certification path validation and subject name > comparison are specified later in this section. > > However, syslog is frequently used in environments where assuming > PKI deployment is not realistic. Thus, an alternative that provides > a reasonable level of security, while being simple to deploy, is > desired. This document requires that syslog transport senders MUST > support a mechanism where the authorized transport receivers are > identified by certificate fingerprints. The minimum requirements > for this mechanism are specified in Section 4.2.3. > > However, these requirements are intended to specify only a minimum > level of compliance required for interoperability. Implementations > MAY support additional mechanisms for expressing more complex > policies, validating certificates, and determining whether a > certificate represents an authorized transport receiver. > > There can be extreme situations where it is not feasible to verify > that the transport sender is communicating with an authorized > transport receiver. A syslog implementation MAY provide an option > to skip this verification (i.e., accept any server certificate). > This option MUST NOT be enabled by default. > > Best regards, > Pasi > > > -----Original Message----- > > From: David Harrington > > Sent: 15 May, 2008 21:02 > > To: syslog@ietf.org > > Subject: [Syslog] Document shepherd report of AD concerns > _______________________________________________ Syslog mailing list Syslog@ietf.org https://www.ietf.org/mailman/listinfo/syslog
- [Syslog] Document shepherd report of AD concerns David Harrington
- Re: [Syslog] Document shepherd report of AD conce… Pasi.Eronen
- Re: [Syslog] Document shepherd report of AD conce… Rainer Gerhards
- [Syslog] Terminology was Re: Document shepherd re… tom.petch
- Re: [Syslog] Document shepherd report of AD conce… tom.petch
- Re: [Syslog] Document shepherd report of AD conce… robert.horn
- [Syslog] MUST is for implementers, not users. David Harrington
- Re: [Syslog] Document shepherd report of AD conce… Pasi.Eronen
- Re: [Syslog] Document shepherd report of AD conce… Pasi.Eronen