Date: Wed, 31 May 2000 11:11:43 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: security@FreeBSD.org Subject: [The IESG: WG ACTION: Security Issues in Network Ev] Message-ID: <200005311511.LAA33903@khavrinen.lcs.mit.edu>
next in thread | raw e-mail | index | archive | help
------- start of forwarded message (RFC 934 encapsulation) -------
Message-Id: <200005311105.HAA03289@ietf.org>
From: The IESG <iesg-secretary@ietf.org>
Sender: scoya@cnri.reston.va.us
To: IETF-Announce: ;
Subject: WG ACTION: Security Issues in Network Event Logging (syslog)
Date: Wed, 31 May 2000 07:05:06 -0400
A new working group has been formed in the Security Area of the IETF.
For additional information, contact the Area Directors
or the WG Chair.
Security Issues in Network Event Logging (syslog)
- -------------------------------------------------
Current Status: Active Working Group
Chair(s):
Chris Lonvick <clonvick@cisco.com>
Security Area Director(s):
Jeffrey Schiller <jis@mit.edu>
Marcus Leech <mleech@nortelnetworks.com>
Security Area Advisor:
Jeffrey Schiller <jis@mit.edu>
Mailing Lists:
General Discussion:syslog-sec@employees.org
To Subscribe: majordomo@employees.org
In Body: subscribe syslog-sec your_email_address
Archive: http://www.mail-archive.com/syslog-sec@employees.org/
Description of Working Group:
Syslog is a de-facto standard for logging system events. However, the
protocol component of this event logging system has not been formally
documented. While the protocol has been very useful and scalable, it
has some known but undocumented security problems. For instance, the
messages are unauthenticated and there is no mechanism to provide
verified delivery and message integrity.
The goal of this working group is to document and address the security
and integrity problems of the existing Syslog mechanism. In order to
accomplish this task we will document the existing protocol. The
working
group will also explore and develop a standard to address the security
problems.
Beyond documenting the Syslog protocol and its problems, the working
group will work on ways to secure the Syslog protocol. At a minimum
this group will address providing authenticity, integrity and
confidentiality of Syslog messages as they traverse the network. The
belief being that we can provide mechanisms that can be utilized in
existing programs with few modifications to the protocol while
providing significant security enhancements.
Goals and Milestones:
May 00 Post as an Internet Draft the observed behavior of the Syslog
protocol for consideration as an Informational Document.
Jun 00 Submit Syslog protocol document to IESG for consideration as an
INFORMATIONAL RFC.
Jul 00 Post as an Internet Draft the specification for an
authenticated Syslog for consideration as a Standards Track
RFC.
Aug 00 Submit Syslog Authentication Protocol to IESG for consideration
as a PROPOSED STANDARD.
Sep 00 Post an Internet Draft describing enhancements to the Syslog
authentication protocol to add verification of delivery and
other security services.
Oct 00 Submit Syslog Authentication Protocol Enhancement to IESG for
consideration as a PROPOSED STANDARD.
Dec 00 Revise drafts as necessary to advance these Internet-Drafts to
Standards Track RFCs.
------- end -------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005311511.LAA33903>