[Syslog] MUST is for implementers, not users.
"David Harrington" <ietfdbh@comcast.net> Mon, 19 May 2008 01:00 UTC
Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7E9A328C552; Sun, 18 May 2008 18:00:27 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC9E73A6E07 for <syslog@core3.amsl.com>; Sun, 18 May 2008 18:00:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.601
X-Spam-Level:
X-Spam-Status: No, score=0.601 tagged_above=-999 required=5 tests=[BAYES_50=0.001, J_CHICKENPOX_35=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VEWX66Qz4t75 for <syslog@core3.amsl.com>; Sun, 18 May 2008 18:00:20 -0700 (PDT)
Received: from QMTA06.emeryville.ca.mail.comcast.net (qmta06.emeryville.ca.mail.comcast.net [76.96.30.56]) by core3.amsl.com (Postfix) with ESMTP id 8E3C43A6E05 for <syslog@ietf.org>; Sun, 18 May 2008 18:00:17 -0700 (PDT)
Received: from OMTA11.emeryville.ca.mail.comcast.net ([76.96.30.36]) by QMTA06.emeryville.ca.mail.comcast.net with comcast id TBnG1Z00G0mlR8UA608g00; Mon, 19 May 2008 01:00:18 +0000
Received: from Harrington73653 ([24.128.66.199]) by OMTA11.emeryville.ca.mail.comcast.net with comcast id TD0F1Z0074HwxpC8X00000; Mon, 19 May 2008 01:00:18 +0000
X-Authority-Analysis: v=1.0 c=1 a=3eE4wd4Ds5QA:10 a=33PIcei3YQYA:10 a=tIOeAW5T6Ji6E_wyu48A:9 a=8__EUUAQaO27I3m43AoA:7 a=I2BuDl3euW9JL3UwaxeTmZcT8RoA:4 a=si9q_4b84H0A:10 a=hPjdaMEvmhQA:10 a=84tl6Pyz8z4A:10 a=1pxjJC3EenQA:10 a=lZB815dzVvQA:10 a=50e4U0PicR4A:10
From: David Harrington <ietfdbh@comcast.net>
To: 'syslog' <syslog@ietf.org>
References: <030101c8b762$75f61a40$0601a8c0@allison> <OF52AAC207.4C0FE54D-ON8525744B.005AA24A-8525744B.005D28CC@agfa.com>
Date: Sun, 18 May 2008 21:00:12 -0400
Message-ID: <089901c8b94b$b4478190$0600a8c0@china.huawei.com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <OF52AAC207.4C0FE54D-ON8525744B.005AA24A-8525744B.005D28CC@agfa.com>
Thread-Index: Aci3df8p2OlCH5k3Q3WGGffPakaRRAB05lLw
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Subject: [Syslog] MUST is for implementers, not users.
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org
Hi, speaking as a contributor ... I do not believe we should be trying to standardize policy. Policy is a deployment issue, not an implementation issue. Our goal should be to provide a mandatory-to-implement mechanism that operators can enable if desired to protect their messages. Whether the mechanism is enabled or disabled by default is a decision that operator/purchasers should discuss with the implemeter/vendors. It should not be a requirement of the protocol, or the IESG. There are multiple environments that use syslog. I do not think it is important to solve the security of syslog messages for environments where there is no knowledgeable operator. If the operator of a SOHO device is not clueful enough to cut-and-paste a fingerprint, I doubt they are clueful enough (or motivated enough) to interpret system logs. I think the OpSec WG is a much better place to discuss policies and best current practices for logging, including default security settings. This WG should focus only on the mandatory-to-implement security mechanisms to make it possible for users to address, in a stndardized manner, security issues in system logging. MUST is for implementers, not users. David Harrington dbharrington@comcast.net ietfdbh@comcast.net dharrington@huawei.com > -----Original Message----- > From: robert.horn@agfa.com [mailto:robert.horn@agfa.com] > Sent: Friday, May 16, 2008 12:58 PM > To: tom.petch > Cc: ietfdbh@comcast.net; Pasi.Eronen@nokia.com; syslog; > syslog-bounces@ietf.org > Subject: Re: [Syslog] Document shepherd report of AD concerns > > >[tom.petch] > > <rant> > > Fundamentally, someone else should be doing this, a policies in > > security working > > group, perhaps a spinoff from pkix or tls (which I know ekr > will reject > out of > > hand:-). We are the wrong people, IMO, to be proposing > resolutions to > such > > questions; it should be being done for us by those whose > primary role is > > security, not network management. > > </rant> > > > > I wasn't part of that group, but I am part of the policy > world. It makes > sense for the syslog group to jointly with some policy people > propose that > "this is a reasonable risk analysis for the use cases that drive our > protocol". The purpose of this risk analysis is the > derivation of the > underlying protocol requirements. But then, it is just the protocol > requirements that remain normative. The risk analysis lives on for > reviewers, so that they have context, and for future users so > that they > can assess whether their real world implementation risks are > significantly > different. If the real world is different, it just means > that you need to > re-assess whether syslog-tls will meet your needs, will need > some extra > mitigations, or whatever. This keeps the policy and risk assessment > portion non-normative. So when I review something like this > for policy I > want to see the analysis, but not see it become normative. > > Real normative policy work does not belong in SDOs at all. > It belongs in > legislatures, regulatory groups, and business management. > I've seen far > too many efforts (past and present) where people attempt to > use SDOs to > bypass the public political process. They think that making > it standard > lets them bypass the ugly and difficult problems of dealing with the > parliamentary process. It doesn't work. It just means that > the standards > become inconsistent with laws and regulations. That means that > implementations become inconsistent. The SDO policy thought needs to > reflect instead the consideration "what are the range of potential > policies that will apply" and make sure that the protocol is able to > support the bulk of those policies. The extra from the IESG > seems to be > that there be some reasonable baseline policy that is a > reasonable subset > of the bulk of the policies, and mandate that at least that much be > supported. > > That's where I end up with the basic notion of having the various > certificate stores, some sort of certificate store management, and > protocol enforcement of certificate verification. That > leaves a baseline > mandatory policy assumption that there will be bidirectional > certificate > verification within the protocol. All the rest of policy becomes the > rules around certificate stores and store management. Those > don't belong > in syslog standard beyond the requirement that they exist > somehow. Yes, I > wish there were more agreement on the policies and the > resulting needs for > stores and store management. I can see syslog contributing > it's use cases > and examples to those needs. I don't see it incorporating > them into the > standard, or being the right group to define them. > > I would not divorce the policy work completely. Most of the security > policy work in SDOs has been dealing with human identity > management for > various authentication and authorization purposes. That is a very > different application than syslog. Those use cases do not > map well onto > the automated machine logging application. > > R Horn > _______________________________________________ Syslog mailing list Syslog@ietf.org https://www.ietf.org/mailman/listinfo/syslog
- [Syslog] Document shepherd report of AD concerns David Harrington
- Re: [Syslog] Document shepherd report of AD conce… Pasi.Eronen
- Re: [Syslog] Document shepherd report of AD conce… Rainer Gerhards
- [Syslog] Terminology was Re: Document shepherd re… tom.petch
- Re: [Syslog] Document shepherd report of AD conce… tom.petch
- Re: [Syslog] Document shepherd report of AD conce… robert.horn
- [Syslog] MUST is for implementers, not users. David Harrington
- Re: [Syslog] Document shepherd report of AD conce… Pasi.Eronen
- Re: [Syslog] Document shepherd report of AD conce… Pasi.Eronen