Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Polk COMMENT
robert.horn@agfa.com Wed, 09 June 2010 12:14 UTC
Return-Path: <prvs=769c0e9c9=robert.horn@agfa.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA2793A685A; Wed, 9 Jun 2010 05:14:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UvXzO5si4Lvx; Wed, 9 Jun 2010 05:14:03 -0700 (PDT)
Received: from mornm01-out.agfa.com (mornm01-out.agfa.com [134.54.1.75]) by core3.amsl.com (Postfix) with ESMTP id 39B4F3A696E; Wed, 9 Jun 2010 05:13:59 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.53,391,1272837600"; d="scan'208";a="102493214"
Received: from morswa037.agfa.be (HELO morswa037.be.local) ([10.232.220.21]) by mornm01-out.agfa.com with ESMTP; 09 Jun 2010 14:13:55 +0200
In-Reply-To: <Pine.GSO.4.63.1006081909390.17237@sjc-cde-011.cisco.com>
To: clonvick@cisco.com
MIME-Version: 1.0
Message-ID: <OFDB7E9CDC.212EC9BE-ON8525773D.0041417A-8525773D.0043305D@agfa.com>
From: robert.horn@agfa.com
Date: Wed, 09 Jun 2010 08:10:25 -0400
Content-Type: text/plain; charset="US-ASCII"
Cc: syslog@ietf.org, syslog-bounces@ietf.org
Subject: Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Polk COMMENT
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2010 12:14:04 -0000
> > > > I think you'll need to add some text that says if confidentiality is > > required, the NULL cipher suites MUST NOT negotiate NULL encryption ciphers. > > > > I'm hoping that we can keep the part about MUST NOT support NULL integrity > > and authentication algorithms in Section 5.3. But, add a new lastsentence > > that says something like: > > > > When confidentiality is provided by [insert mechanism here], then NULL > > encryption algorithms MAY be negotiated. > > Let's change that to: > When confidentiality is desired but without the overhead of using DTLS > encryption, then it may be provided by provisioning a physically > secured network. In that case the NULL encryption algorithm may be > negotiated. > > Does that work? > Those words could work. It would be better if the phrase "physically secured network" were "appropriately secured network". I'm thinking about people who are using VLAN and other low level hardware technologies. Someone who understands the issues can decide whether their low level hardware approach is a suitable equivalent to "physically secured" so this is less imprtant. Either wording results in implementations that can be configured to meet the need. Kind Regards, Robert Horn | Agfa HealthCare Research Scientist | HE/Technology Office T +1 978 897 4860 Agfa HealthCare Corporation, 100 Challenger Road, Ridgefield Park, NJ, 07660-2199, United States http://www.agfa.com/healthcare/ Click on link to read important disclaimer: http://www.agfa.com/healthcare/maildisclaimer
- [Syslog] Issue 9, 9a, and 9b - from a Tim Polk CO… Chris Lonvick
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… t.petch
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… Sean Turner
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… Chris Lonvick
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… robert.horn
- Re: [Syslog] Issue 9, 9a, and 9b - from a Tim Pol… t.petch