From owner-freebsd-security  Tue Jul 29 18:14:41 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id SAA26568
          for security-outgoing; Tue, 29 Jul 1997 18:14:41 -0700 (PDT)
Received: from homeport.org (lighthouse.homeport.org [205.136.65.198])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA26562
          for <security@FreeBSD.ORG>; Tue, 29 Jul 1997 18:14:32 -0700 (PDT)
Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id VAA16730; Tue, 29 Jul 1997 21:11:23 -0400 (EDT)
From: Adam Shostack <adam@homeport.org>
Message-Id: <199707300111.VAA16730@homeport.org>
Subject: Re: secure logging (was: Re: security hole in FreeBSD)
In-Reply-To: <Pine.BSF.3.95q.970728151940.3342I-100000@cyrus.watson.org> from Robert Watson at "Jul 28, 97 03:29:43 pm"
To: robert+freebsd@cyrus.watson.org
Date: Tue, 29 Jul 1997 21:11:23 -0400 (EDT)
Cc: security@FreeBSD.ORG, adam@homeport.org, rgrimes@GndRsh.aac.dev.com,
        dholland@eecs.harvard.edu
X-Mailer: ELM [version 2.4ME+ PL27 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


Robert Watson wrote:
| Is there any concensus on the use of DNSsec in the network community, as
| it has not yet been made widely available (or at least, it is available,
| but not largely used.)  The key namespace here could be used however one
| desired, nor necessarily in a DNS-style way.  The entity-name, whatever
| that is, simply suggests which key/algorithm should be used, a server
| could be configured to pull that information from DNSsec, or from an
| internal key-file (or both.)

	I don't trust the DNS right now.  I also don't see a need to
put keys there for local use.  Use ssh to distribute them. :)

| An ACK message has already been stated as desirable -- would a simple
| signature over the last packet (or header + signature) using the shared
| secret, entity public key, or whatever, back on the TCP connection
| suffice?  Maybe something lighter-weight?

	I'm leaning to acks being simpler than involving the last
packet, and towords them involving just a sequence number:

ACK log://somehost.evil.net:234566, HMAC

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume