IETF Logo Mail Archive

Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Polk COMMENT

"t.petch" <ietfc@btconnect.com> Tue, 15 June 2010 11:22 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B65BD3A68AC for <syslog@core3.amsl.com>; Tue, 15 Jun 2010 04:22:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.663
X-Spam-Level:
X-Spam-Status: No, score=-0.663 tagged_above=-999 required=5 tests=[AWL=-0.664, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XrjeOdPNsKsj for <syslog@core3.amsl.com>; Tue, 15 Jun 2010 04:22:56 -0700 (PDT)
Received: from c2beaomr03.btconnect.com (c2beaomr03.btconnect.com [213.123.26.181]) by core3.amsl.com (Postfix) with ESMTP id 92BD028C12B for <syslog@ietf.org>; Tue, 15 Jun 2010 04:22:56 -0700 (PDT)
Received: from pc6 (host81-153-11-165.range81-153.btcentralplus.com [81.153.11.165]) by c2beaomr03.btconnect.com with SMTP id MBT80233; Tue, 15 Jun 2010 12:22:52 +0100 (BST)
X-Mirapoint-IP-Reputation: reputation=Neutral-1, source=Queried, refid=0001.0A0B0301.4C176287.0084, actions=tag
Message-ID: <006d01cb0c74$3a893000$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: clonvick@cisco.com, robert.horn@agfa.com
References: <OFDB7E9CDC.212EC9BE-ON8525773D.0041417A-8525773D.0043305D@agfa.com>
Date: Tue, 15 Jun 2010 12:18:40 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Junkmail-Status: score=10/50, host=c2beaomr03.btconnect.com
X-Junkmail-SD-Raw: score=unknown, refid=str=0001.0A0B0204.4C176293.023B, ss=1, fgs=0, ip=0.0.0.0, so=2009-07-20 21:54:04, dmn=5.7.1/2009-08-27, mode=single engine
X-Junkmail-IWF: false
Cc: syslog@ietf.org
Subject: Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Polk COMMENT
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2010 11:22:58 -0000

I agree with Robert that privacy can be achieved by means other than encryption,
but disagree that privacy is a MUST operationally.

As Chris pointed out, we have already said this in RFC5424
"In most cases, passing clear-text messages is a benefit to the
    operations staff if they are sniffing the packets from the wire.  "
which means I think we should say

"Implementations MUST support DTLS 1.1 [RFC4347] and MUST at a
     minimum support the mandatory to implement cipher suite ,
    which is
     TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246].  If additional cipher suites are
     supported, then implementations MUST NOT negotiate a cipher suite
     that employs NULL integrity or authentication  algorithms.

   Where privacy is REQUIRED, then implementations must either negotiate
  a cipher suite that employs a non-NULL encryption algorithm or else achieve
  privacy  by other means, such as a physically secured network.

However, as [RFC5424] section 8 points out
'In most cases, passing clear-text messages is a benefit to the
    operations staff if they are sniffing the packets from the wire.'
and so where privacy is not a requirement, then it is advantageous
to use a NULL encryption algorithm.

Tom Petch

----- Original Message -----
From: <robert.horn@agfa.com>
To: <clonvick@cisco.com>
Cc: <syslog@ietf.org>; <syslog-bounces@ietf.org>
Sent: Wednesday, June 09, 2010 2:10 PM
Subject: Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Polk COMMENT


> > >
> > > I think you'll need to add some text that says if confidentiality is
> > > required, the NULL cipher suites MUST NOT negotiate NULL encryption
> ciphers.
> > >
> > > I'm hoping that we can keep the part about MUST NOT support NULL
> integrity
> > > and authentication algorithms in Section 5.3.  But, add a new
> lastsentence
> > > that says something like:
> > >
> > > When confidentiality is provided by [insert mechanism here], then NULL
>
> > > encryption algorithms MAY be negotiated.
> >
> > Let's change that to:
> >     When confidentiality is desired but without the overhead of using
> DTLS
> >     encryption, then it may be provided by provisioning a physically
> >     secured network.  In that case the NULL encryption algorithm may be
> >     negotiated.
> >
> > Does that work?
> >
>
> Those words could work.  It would be better if the phrase "physically
> secured network" were "appropriately secured network".  I'm thinking about
> people who are using VLAN and other low level hardware technologies.
> Someone who understands the issues can decide whether their low level
> hardware approach is a suitable equivalent to "physically secured" so this
> is less imprtant.   Either wording results in implementations that can be
> configured to meet the need.
>
> Kind Regards,
>
> Robert Horn | Agfa HealthCare
> Research Scientist | HE/Technology Office
> T  +1 978 897 4860
>
> Agfa HealthCare Corporation, 100 Challenger Road, Ridgefield Park, NJ,
> 07660-2199, United States
> http://www.agfa.com/healthcare/
> Click on link to read important disclaimer:
> http://www.agfa.com/healthcare/maildisclaimer
>
>
> _______________________________________________
> Syslog mailing list
> Syslog@ietf.org
> https://www.ietf.org/mailman/listinfo/syslog

v2.23.0 | Report a Bug | By Email