[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RFC 3195 - Was: RE: More Comments/suggestions on draft
Hi,
On Thu, 26 Jun 2003, Smith, Donald wrote:
> @@ will deliminate my comments;-)
>
>
> -----Original Message-----
> From: George Jones
> To: Neal Ziring
> Cc: opsec@ops.ietf.org
> Sent: 6/24/2003 7:25 PM
> Subject: Re: More Comments/suggestions on draft
>
> On Fri, 20 Jun 2003, Neal Ziring wrote:
>
>
> >
> > 2.11.6 I'm a little worried about the exact statement of
> > this requirements. For example, it might be
> > difficult, with RFC3195 BEEP over SSL, to separate
> > integrity and replay protection. I think the
> > independence of the protection mechanisms can be
> > downgraded from MUST to SHOULD.
>
> Logging needs work (thanks for volunteering :-)).
>
> We want open standards. We want (at least the option for) reliable,
> secure delivery. We also want something that is/can be/will be
> implemented. RFC3195 looks good on all but the last count.
>
> Chris (Lonvick) .... if you're lurking out there/cathing up, care
> to share your thoughts? Neal, Chris did RFC 3164 and other syslog
> related work.
>
I am lurking and trying to catch up. :-) [I'm unavailable all of next
week so don't expect any responses from me then.]
The best implementation of 3195 is here:
http://security.sdsc.edu/software/sdsc-syslog/announcement-release.html
This has been the work of Tom Perrin and SDSC.
Overall, 3195 will need to be revised slightly in light of the protocol
requirements that we're coming up with in the syslog-sign ID. That work
is nailing down the fields such as the HOSTNAME (going to be FQDN) and the
TIMESTAMP (based on RFC-3339 and ISO-8601).
Thanks,
Chris