[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Internal WG Review: Recharter of Security Issues in Network Event Logging (syslog)

To: "'Wijnen, Bert \(Bert\)'" <bwijnen@lucent.com>, "'Mreview \(E-mail\)'" <mreview@ops.ietf.org>
Subject: RE: Internal WG Review: Recharter of Security Issues in Network Event Logging (syslog)
From: "David B Harrington" <dbharrington@comcast.net>
Date: Sat, 7 Jan 2006 13:59:52 -0600
In-reply-to: <7D5D48D2CAA3D84C813F5B154F43B15508FC8926@nl0006exch001u.nl.lucent.com>
Reply-to: <dbharrington@comcast.net>

Hi Bert,

I've been monitoring, and occasionally commenting to, this WG.
They've had a major correction in direction.
I believe they are headed in a good direction.
The charter is specific about the goals to be achieved, after
negotiation.
There is little commonality in existing implementations.
Implementers have stepped up and agreed to implement.
The goal reduces the promise of backwards compatibility to achieve
better standardization.
They also modularized things, separating transport, protocol, and
specific achievable features.
I believe this WG has some good objectives to overcome the stalling
factor that arose.


David Harrington
dbharrington@comcast.net

 

> -----Original Message-----
> From: owner-mreview@ops.ietf.org 
> [mailto:owner-mreview@ops.ietf.org] On Behalf Of Wijnen, Bert (Bert)
> Sent: Wednesday, January 04, 2006 6:42 AM
> To: Mreview (E-mail)
> Subject: RE: Internal WG Review: Recharter of Security Issues 
> in Network Event Logging (syslog) 
> 
> Just got the full text of the proposed charter
> Bert
> ----
> Syslog is a de-facto standard for logging system events.  
> However, the 
> protocol component of this event logging system has not been
formally 
> documented.  While the protocol has been very useful and 
> scalable, it has 
> some known security problems which were documented in RFC 3164.
> 
> The goal of this working group is to address the security and 
> integrity 
> problems, and to standardize the syslog protocol, transport, 
> and a select 
> set of mechanisms in a manner that considers the ease of 
> migration between 
> and the co-existence of existing versions and the standard.
> 
> Reviews have shown that there are very few similarities between the 
> message formats generated by heterogeneous systems.  In fact, 
> the only 
> consistent commonality between messages is that all of them 
> contain the 
> <PRI> at the start.  Additional testing has shown that as long as
the 
> <PRI> is present in a syslog message, all tested receivers 
> will accept any 
> generated message as a valid syslog message.  In designing a
standard 
> syslog message format, this Working Group will retain the 
> <PRI> at the 
> start of the message and will introduce protocol versioning.  
> Along these 
> same lines, many different charsets have been used in syslog
messages 
> observed in the wild but no indication of the charset has 
> been given in 
> any message.  The Working Group also feels that multiple 
> charsets will not 
> be beneficial to the community; much code would be needed to 
> distinguish 
> and interpret different charsets.  For compatibility with existing 
> implementations, the Working Group will allow that messages 
> may still be 
> sent that do not indicate the charset used.  However, the 
> Working Group 
> will recommend that messages contain a way to identify the 
> charset used 
> for the message, and will also recommend a single default charset.
> 
> syslog has traditionally been transported over UDP and this 
> WG has already 
> defined RFC 3195 for the reliable transport for the syslog 
> messages.  The 
> WG will separate the UDP transport from the protocol so that 
> others may 
> define additional transports in the future.
> 
> 
> - A document will be produced that describes a standardized syslog
> protocol.  A mechanism will also be defined in this document
> that will provide a means to convey structured data.
> 
> - A document will be produced that describes a standardized UDP
> transport for syslog.
> 
> - A document will be produced to describe the MIB for syslog
entities.
> 
> - A document will be produced that describes a standardized
mechanism
> to sign syslog messages to provide integrity checking and source
> authentication.
> 
> 
> Milestones:
> 
> Mar 2006   Submit Syslog Protocol to IESG for consideration 
> as a PROPOSED
>             STANDARD
> Mar 2006   Submit Syslog UDP Transport Mapping to IESG for 
> consideration
>             as a PROPOSED STANDARD.
> Jul 2006   Submit Syslog Device MIB to IESG for consideration as a
>             PROPOSED STANDARD
> Jul 2006   Submit Syslog Authentication Protocol to IESG for 
> consideration
>             as a PROPOSED STANDARD.
> 
>

References:
- RE: Internal WG Review: Recharter of Security Issues in Network E vent Logging (syslog)
  - From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>

Prev by Date: RE: IESG agenda document: draft-ietf-tsvwg-mlpp-that-works-02.txt
Next by Date: FW: LS from ETSI TISPAN WG8 to IETF O&M area
Previous by thread: RE: Internal WG Review: Recharter of Security Issues in Network E vent Logging (syslog)
Next by thread: FW: Internal WG Review: Recharter of Security Issues in Network E vent Logging (syslog)
Index(es):
- Date
- Thread