From owner-freebsd-security  Sun Jul 11  3:15:50 1999
Delivered-To: freebsd-security@freebsd.org
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24])
	by hub.freebsd.org (Postfix) with ESMTP id E1CAA14F09
	for <security@FreeBSD.ORG>; Sun, 11 Jul 1999 03:15:43 -0700 (PDT)
	(envelope-from avalon@cheops.anu.edu.au)
Received: (from avalon@localhost)
	by cheops.anu.edu.au (8.9.1/8.9.1) id UAA02040;
	Sun, 11 Jul 1999 20:15:49 +1000 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <199907111015.UAA02040@cheops.anu.edu.au>
Subject: Re: Syslog alternatives?
To: robert+freebsd@cyrus.watson.org
Date: Sun, 11 Jul 1999 20:15:48 +1000 (EST)
Cc: sgk@cpmc.net, avalon@coombs.anu.edu.au, alla@sovlink.ru,
	security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.96.990709053246.24202H-100000@fledge.watson.org> from "Robert Watson" at Jul 9, 99 05:42:26 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Robert Watson, sie said:
[...]
> Wasn't the one I was thinking of, but it certainly qualifies :-).  Does it
> actually authenticate the log data, or only the connection?

It authenticates the connection (SSL), it can also authenticate the data
exchanged (protection against connection corruption).

It does not authenticate what gets saved to disk - that takes a human.

> I had in mind
> a protected process or kernel integrity protection service perhaps
> involving key management for signing of log records, plus rotation of key
> material, etc.  I'll have to dig up the secure logging paper.

And how do you authenticate what the kernel says ?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message