LogAnalysis
[logs] encrypted syslog - how do you (intend to) use it? May 09 2008 10:58AM
Rainer Gerhards (rgerhards hq adiscon com)
Hi list,

as some may be aware, the IETF is currently trying to standardize TLS
for syslog. The discussion on the draft standard currently centers
around use cases and authentication policies.

I would appreciate some feedback from list members how you currently
deploy syslog over TLS [or other encryption standards like GSSAPI, SSH,
...] (if you do) and/or what your requirements are (for any
encrypted/authenticated logging system).

The big question is how (and if) servers must authenticate to clients
and vice versa. There, the problem is what the real-world needs actually
are. There are some proposed solutions based on PKI and fingerprints
(and lots in between). Each of them has some advantages and
disadvantages. I would like to get a reality check.

I have blogged about all the details here:
http://rgerhards.blogspot.com/2008/05/more-on-syslog-tls-policies-and-ie

tf.html

The IETF mailing list archive can be access here:
http://www.ietf.org/mail-archive/web/syslog/current/index.html

The current IETF draft can be found here:
http://tools.ietf.org/html/draft-ietf-syslog-transport-tls-12

Thanks,
Rainer

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus