[Syslog] Authentication, certificates, trust anchor, cipher suite and deployability for syslog/tls

[Miao Fuyou <miaofy at huawei.com>]

Hi all,

Sorry for not dicussion syslog/tls document for some time. This is to trying
to start the discusion to progress the draft. Basically the open issue is
still about certificate and authentication.  It is also closely relevant to
trust anchor, cipher suite and deployability. I try to classify the
different security environment and give a simple analysis with the
information from AD, chairs and Joe.

Security sensitive environment:
The server and the client are both configured with certiifcates. The trust
anchors must be configured for both server and client, so the client and
server can validate the certificate to a common trust anchor. It is not easy
to deploy because there are a lot of work for certificate and trust anchor
configuration.
This configuration could defense all the threats identifed.

Environment where active attack is concern:
The server is configured with certificate, but the client is not to be
required to be configured with a certificate. The client can generate a
selt-signed certificate by itself. However, the client must be configured
with trust anchor, so it can validate the server certificate is trustable. 
This configuration is still difficult for deployment because there are a lot
of configuration work to be done.
This confguration could defense active attack, but is vulnerable to client
spoof.

Security insensitive environment:
Both the client and server are not required to be configured with
certificate and trust anchor. They generate self-signed certificates. 
It is very easy for deployment because almost there is no configuration
required. 
Note this configuration is vulnerable to active attack.

Which configuration should be mandatory? I seems we need not a mandatory
configuration from the PoV of implementation, right? However, we do need to
mandate the implementation (both client and server) to support certificate
configuration, trust anchor configuration, and self-signed certificate. 

We will need to specify a cipher suite (probably RSA-AES-CBC) for
inter-operatability, but probably we don't need to specify different cipher
suites for 3 various ssenarios because all the scenarios above requires
certificate for key pair generation. 

Regards,
Miao



_______________________________________________
Syslog mailing list
Syslog at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog