Security Issues in Network Event Logging (syslog)
This Working Group did not meet
NOTE: This charter is a snapshot of the 51st IETF Meeting in London, England. It may now be out-of-date. Last Modified: 31-Jul-01
Chris Lonvick <clonvick@cisco.com>
Jeffrey Schiller <jis@mit.edu>
Marcus Leech <mleech@nortelnetworks.com>
Jeffrey Schiller <jis@mit.edu>
General Discussion:syslog-sec@employees.org
To Subscribe: majordomo@employees.org
In Body: subscribe syslog-sec your_email_address
Archive: http://www.mail-archive.com/syslog-sec@employees.org/
Syslog is a de-facto standard for logging system events. However, the protocol component of this event logging system has not been formally documented. While the protocol has been very useful and scalable, it has some known but undocumented security problems. For instance, the messages are unauthenticated and there is no mechanism to provide verified delivery and message integrity.
The goal of this working group is to document and address the security and integrity problems of the existing Syslog mechanism. In order to accomplish this task we will document the existing protocol. The working group will also explore and develop a standard to address the security problems.
Beyond documenting the Syslog protocol and its problems, the working group will work on ways to secure the Syslog protocol. At a minimum this group will address providing authenticity, integrity and confidentiality of Syslog messages as they traverse the network. The belief being that we can provide mechanisms that can be utilized in existing programs with few modifications to the protocol while providing significant security enhancements.
Done |
|
Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as an Informational Document. |
Done |
|
Submit Syslog protocol document to IESG for consideration as an INFORMATIONAL RFC. |
Done |
|
Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC. |
Aug 00 |
|
Submit Syslog Authentication Protocol to IESG for consideration as a PROPOSED STANDARD. |
Done |
|
Post an Internet Draft describing enhancements to the Syslog authentication protocol to add verification of delivery and other security services. |
Done |
|
Submit Syslog Authentication Protocol Enhancement to IESG for consideration as a PROPOSED STANDARD. |
Dec 00 |
|
Revise drafts as necessary to advance these Internet-Drafts to Standards Track RFCs. |