2.6.9 Security Issues in Network Event Logging (syslog) BOF

Current Meeting Report

Secure Syslog BOF

29 March 2000

Chaired by Chris Lonvick

Notes by Eliot Lear

Chris started with agenda bashing. Went on to current state of the protocol. Explained vulnerabilities. syslog has been referenced but not documented.

We went on to discuss the proposed charter.

Issue as to what the first document should be- BCP, Standard, or Info? BCP says that you can get there quick, but it's really for practices. Ran commented that first goal would be to document what we have.

Ran also argued that the charter is too broad. Start by documenting existing practice and protocol. Then do a requirements document.

Barbara responded that it would be unusual to force a requirements document.

Glenn Mansfield commented that the requirements are clear.

Chris disagreed. He wants the working group to review his ideas.

Anne Anderson suggested striking the last paragraph.

Glenn: what about retrieval for post processing purposes?

Chris: outside the scope

Andreas Worsley: what about lots of features aside from wire protocol?

Chris: Rat hole.

Sylvian Gombault: If IDWG had secure syslog they would have used it.

Jeff Schiller: doesn't mind the 3rd paragraph. Too early to make a statement on key management. Glad we didn't specify whether or not we'll use a new port.

??: don't forget integrety in the 2nd document

Jeff: 1st document should be informational.

Jeff: no requirements document for now.

Chris: mailing list exists - will be announced.

Jeff: next step- iteration and IESG.